SSH-ed25519 incompatabilities causing ssh not working with bun

[ProgressifyDev]

What version of Bun is running?

1.0.11+f7f6233ea

What platform is your computer?

Darwin 21.6.0 x86_64 i386

What steps can reproduce the bug?

Basically, I am using ssh2 to connect and process information from SFTP.

const conn = new Client();
      conn
        .on("ready", () => {
          Logger.log("Connection is ready.");
          conn.sftp(async (err, sftp) => {
       ....
        })
        .on("error", (err) => reject(err))
        .connect({
          ...credentials,
          readyTimeout: 60000,
        });

When I try to connect using bun --watch index.ts , it gives me this error

Error: Cannot parse privateKey: Unsupported OpenSSH private key type: ssh-ed25519

Running it on nodejs v16.20.1 works flawlessly

Reading documentation regarding Bun, ssh2 and node, leads me to believe it has something to do with the engine itself.

From SSH2 and this issue

  [node.js](http://nodejs.org/) -- v10.16.0 or newer

    node v12.0.0 or newer for Ed25519 key support

What is the expected behavior?

Successful connection with sftp

What do you see instead?

Error: Cannot parse privateKey: Unsupported OpenSSH private key type: ssh-ed25519

Additional information

May be related to these two

#6418
#6417

[elmpp]

Any workaround here @ProgressifyDev ?

This is one of the most frustrating bugs I've ever encountered - whole project dependent on bun yet I can't spin up a ssh server

Tried everything

[ProgressifyDev]

I just bit the bullet and used a node container to handle the rest of the flow. Bun was just used to handle websocket feedback and take the initial REST requests, then a node docker container handles the processing. Both are tied together using BullMQ....

Shame really, I chose Bun for the processing speed.

[ProgressifyDev]

May be fixed with #7256 but I have yet to verify it, I just came back to check if this issue was somehow resolved

[elmpp]

May be fixed with #7256 but I have yet to verify it, I just came back to check if this issue was somehow resolved

It looks like that hasn't fixed it. This line within the SSH2 library still resolves to false

@ProgressifyDev

[chicken-suop]

What a pity this doesn't work

[iedon]

In bun 1.1.34, this still doesn't work.

[JanHolger]

A dirty workaround until it's fixed is to use the patch-package postinstall script to patch out the verify call

1. bun add patch-package

2. Create patches/ssh2+1.16.0.patch

+++ b/node_modules/ssh2/lib/protocol/constants.js
@@ -20,8 +20,8 @@ const eddsaSupported = (() => {
     let verified;
     try {
       sig = crypto.sign(null, data, key);
-      verified = crypto.verify(null, data, key, sig);
+      verified = true // crypto.verify(null, data, key, sig);
     } catch {}
     return (Buffer.isBuffer(sig) && sig.length === 64 && verified === true);
   }
 

3. Add postinstall Script in package.json

{
  ...
  "scripts": {
    "postinstall": "patch-package"
  },
  ...
}

4. Clear node_modules and run bun install again

Hope this helps but use it on your own risk

[Jarred-Sumner]

We have implemented X25519 support in Bun v1.2.1

Are you still running into this in Bun v1.2.1?

[JanHolger]

Yes, just tested it today with 1.2.1 since I've seen it in the changelogs and was kind of hyped until it still did not work. In general it seems to work, just the verify that ssh2 is doing is returning false for some reason. When removing that check using the patch it works totally fine.

[iedon]

As mentioned by JanHolger,

X25519 functions well in bun(1.2.1~) now, but with a tiny issue.

I can confirm that

crypto.verify(null, data, key, sig);

in package ssh2/lib/protocol/constants.js still doesn't work in bun 1.2.2.

However, after manually nopping that verify and then everything works well.

-      verified = crypto.verify(null, data, key, sig);
+      verified = true // crypto.verify(null, data, key, sig);