Digital Ocean connection problem on SSH keys with passphrase

Wappler Version : 5.0
Operating System : MacOS 12.4 Macbook Pro M1
Server Model: Digital Ocean - node.js
Database Type: MariaDB
Hosting Type: Remote

Expected behavior

1. Create a cloud provider with the resource manager.
2. Create a new server.
3. Add a new target (using the new server).
4. Deploy node.js app to the new server.
5. Enjoy

I am doing this with a copy of an existing project which is all up and running locally but wanted to now test on a staging server (so the client can see progress and have a play).
BTW the original version of the project worked fine with local development, staging and production servers etc.

Actual behavior

1. Create a cloud provider in the new resource manager - all good.
2. Create a new server - worked but didn’t initially get all the server info (such as IP) and the spinner didn’t stop and the icon on the right (a plus) didn’t change to a “tick”. But a refresh in Wappler got the correct details. However, if I try to expand the server (to get details I get the same infinite spinner).
   I did wait for more than 5 minutes for the spinner to stop, and confirmed that the server had been created and started in DO before refreshing.
3. Adding a new target and Wappler cannot communicate with the server. When I click the test button I get the following response:

Testing Docker Connection ...
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc., v0.8.2)
  compose: Docker Compose (Docker Inc., v2.6.1)
  extension: Manages Docker extensions (Docker Inc., v0.2.7)
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc., 0.6.0)
  scan: Docker Scan (Docker Inc., v0.17.0)

Server:
ERROR: Cannot connect to the Docker daemon at tcp://46.101.82.230:2375. Is the docker daemon running?
errors pretty printing info
Error Occurred Testing Docker Connection!

I have tried restarting Wappler and the DigitalOcean droplet but get the same response.

Also in the output section of Wappler most of the options are grey (except the “play” button):

And I get the following red text:

Error: Cannot parse privateKey: Encrypted private OpenSSH key detected, but no passphrase given at Client.connect (/Applications/Wappler.app/Contents/Resources/app/node_modules/docker-modem/node_modules/ssh2/lib/client.js:261:15) at Agent.createConnection (/Applications/Wappler.app/Contents/Resources/app/node_modules/docker-modem/lib/ssh.js:24:8) at Agent.createSocket (node:_http_agent:341:26) at Agent.addRequest (node:_http_agent:292:10) at new ClientRequest (node:_http_client:305:16) at Object.request (node:http:96:10) at h.request (/Applications/Wappler.app/Contents/Resources/app/node_modules/docker-modem/lib/http.js:51:52) at Modem.buildRequest (/Applications/Wappler.app/Contents/Resources/app/node_modules/docker-modem/lib/modem.js:238:68) at Modem.dial (/Applications/Wappler.app/Contents/Resources/app/node_modules/docker-modem/lib/modem.js:221:8) at Docker.listContainers (/Applications/Wappler.app/Contents/Resources/app/node_modules/dockerode/lib/docker.js:433:16) at w2editor_ftp_manager.getDockerStackStatus (file:///Applications/Wappler.app/Contents/Resources/app/Shared/DMXzone/dmxAppCreator/UI/w2editor_ftp_manager.js:8:60068) at w2editor_ftp_manager.dockerStart (file:///Applications/Wappler.app/Contents/Resources/app/Shared/DMXzone/dmxAppCreator/UI/w2editor_ftp_manager.js:8:70524) at w2editor_ftp_manager.<anonymous> (file:///Applications/Wappler.app/Contents/Resources/app/Shared/DMXzone/dmxAppCreator/UI/w2editor_ftp_manager.js:8:2972) at w2editor_ftp_manager.trigger (file:///Applications/Wappler.app/Contents/Resources/app/Shared/DMXzone/dmxAppCreator/UI/w2ui/w2ui.min.js:7:36380) at w2editor_ftp_manager.click (file:///Applications/Wappler.app/Contents/Resources/app/Shared/DMXzone/dmxAppCreator/UI/w2ui/w2ui.min.js:7:447882) at w2editor_ftp_manager.<anonymous> (file:///Applications/Wappler.app/Contents/Resources/app/Shared/DMXzone/dmxAppCreator/UI/w2ui/w2ui.min.js:7:449533) at HTMLDivElement.dispatch (/Applications/Wappler.app/Contents/Resources/app/node_modules/jquery/dist/jquery.js:5430:27) at HTMLDivElement.elemData.handle (/Applications/Wappler.app/Contents/Resources/app/node_modules/jquery/dist/jquery.js:5234:28) at HTMLDivElement.sentryWrapped (/Applications/Wappler.app/Contents/Resources/app/node_modules/@sentry/browser/dist/helpers.js:75:23)

And yes, I have a passphrase (which I hardly ever have to enter) and SSH works as I can open a terminal (as I do in the video below).

4. Can’t deploy docker on the new server
5. Can’t enjoy my coffee

How to reproduce

Follow steps 1 to 3 above.

I tried again by deleting the server and cloud provider, confirming the server had been destroyed in the DigitalOcean console and restarting Wappler then doing it all again.
Below is a video of the process (from 1min to 4min is me waiting for anything to happen so can probably be skipped as I didn’t do anything)-

Oh I see that the test connection is using the old way with docker machines, so we will have to improve that for the cloud servers. So just don’t use it for now.

Just save your target settings and try a deployment to this server.

You can also check if the server has all the docker software installed by doing a “system check” from the context menu of the server.

I have tried the system check but it doesn’t actually do it, just sits at “Running System Check …”

If I create a new target in project settings, save it then change to the new target there is no option to launch etc. Just the “play button” in the screenshot below:

And if I click the "play button I get the error:

Error: Cannot parse privateKey: Encrypted private OpenSSH key detected, but no passphrase given at Client.connect (/Applications/Wappler.app/Contents/Resources/app/node_modules/docker-modem/node_modules/ssh2/lib/client.js:261:15) at Agent.createConnection (/Applications/Wappler.app/Contents/Resources/app/node_modules/docker-modem/lib/ssh.js:24:8) at Agent.createSocket (node:_http_agent:341:26) at Agent.addRequest (node:_http_agent:292:10) at new ClientRequest (node:_http_client:305:16) at Object.request (node:http:96:10) at h.request (/Applications/Wappler.app/Contents/Resources/app/node_modules/docker-modem/lib/http.js:51:52) at Modem.buildRequest (/Applications/Wappler.app/Contents/Resources/app/node_modules/docker-modem/lib/modem.js:238:68) at Modem.dial (/Applications/Wappler.app/Contents/Resources/app/node_modules/docker-modem/lib/modem.js:221:8) at Docker.listContainers (/Applications/Wappler.app/Contents/Resources/app/node_modules/dockerode/lib/docker.js:433:16) at w2editor_ftp_manager.getDockerStackStatus (file:///Applications/Wappler.app/Contents/Resources/app/Shared/DMXzone/dmxAppCreator/UI/w2editor_ftp_manager.js:8:60068) at w2editor_ftp_manager.dockerStart (file:///Applications/Wappler.app/Contents/Resources/app/Shared/DMXzone/dmxAppCreator/UI/w2editor_ftp_manager.js:8:70524) at w2editor_ftp_manager.<anonymous> (file:///Applications/Wappler.app/Contents/Resources/app/Shared/DMXzone/dmxAppCreator/UI/w2editor_ftp_manager.js:8:2972) at w2editor_ftp_manager.trigger (file:///Applications/Wappler.app/Contents/Resources/app/Shared/DMXzone/dmxAppCreator/UI/w2ui/w2ui.min.js:7:36380) at w2editor_ftp_manager.click (file:///Applications/Wappler.app/Contents/Resources/app/Shared/DMXzone/dmxAppCreator/UI/w2ui/w2ui.min.js:7:447882) at w2editor_ftp_manager.<anonymous> (file:///Applications/Wappler.app/Contents/Resources/app/Shared/DMXzone/dmxAppCreator/UI/w2ui/w2ui.min.js:7:449533) at HTMLDivElement.dispatch (/Applications/Wappler.app/Contents/Resources/app/node_modules/jquery/dist/jquery.js:5430:27) at HTMLDivElement.elemData.handle (/Applications/Wappler.app/Contents/Resources/app/node_modules/jquery/dist/jquery.js:5234:28) at HTMLDivElement.sentryWrapped (/Applications/Wappler.app/Contents/Resources/app/node_modules/@sentry/browser/dist/helpers.js:75:23)

Although it is all red in the output window

ah does your own SSH key require a passphrase to use?

I don’t think we support that yet.

Yes, I created it years ago and wish I had not added the passkey but now stuck with it.

So is support for that on the to do list?

Yes we will implement passphrase support indeed.

Just as a follow-up in case anyone else sees this, I created the staging droplet the “old-fashioned” way via the targets settings and did not use (ignored) the new resource manager.
All works as it did before

1. Don’t store SSH key passphrase in the app’s Git repository, please
2. Consider maybe creating a Wappler-only SSH key, because I’m a bit scared of the way you’re going to implement SSH key support (from what I’ve seen in the implementation of ENV variables, my security recommendations were largely ignored)
3. Add support for SSH agent. Linux/MacOS already have a SSH agent, so when you type the password for the first time it keeps stored in memory:
   https://www.npmjs.com/package/ssh2#agent-related

Thanks all good points indeed! I was just researching what is the best secure way to store the SSH key passphrase indeed

and it will be probably just in memory indeed.

the SSH Agent stuff is nice, but not well supported in Windows (you have to install it all yourself)
But will look at it as well.

I’m more relieved

Just to complement my last post, it would be interesting to be able to select the SSH key to use (<select>). I actually have a few different ones in my ~/.ssh/ folder

Yes will be addition special support for ssh key passphrases.

Not sure about supporting multiple keys yet. As docker ssh support is limited and uses just the id_rsa

Good news the SSH Agent integration pretty much solved all the passphrase problems and offered a nice way to automatically use SSH Keys with passphrase while letting the SSH Agent store those passphrase securely in the system keychain or whatever is chosen.

As for the multiple SSH Keys @Apple - we usually specify which SSH Key to use for the whole provider - and its public key is then registered with the provider. Is that fine? A single key per provider? Or do you need a separate keys per server?

Great news about the SSH agent integration!

As for the multiple SSH keys, at the moment I don’t have any specific needs

On a side-note, note the possibility a server can be deployed with multiple SSH keys at the same time, so instead of a selectbox it could be a checkbox list, allowing the user to select a default one as well.

For example, I have an id_rsa and an id_ed25519. Eventually, the aim is for my new servers to be deployed with id_ed25519 which is a more modern key

This has been fixed in Wappler 5.0.1

This topic was automatically closed after 46 hours. New replies are no longer allowed.