BalenaRequestError when trying to add SSH key

robin · September 26, 2019, 11:04pm

I have a freshly deployed openBalena server running on an Ubuntu 18.04 digital ocean VM.
It 's using an LE certificate.

I have also installed the latest balena CLI on my Mac OS X 10.14.5 machine.
I’m running node v12.1.0

I can succesfully log in on the openBalena server with balena CLI.
However, when I try to add my SSH key, it fails with the following output:

❯ balena keys
[debug] original argv0=“/usr/local/lib/balena-cli/bin/node” argv=[/usr/local/lib/balena-cli/bin/node,/usr/local/lib/balena-cli/bin/run,keys] length=3
BalenaRequestError: Request error: Internal Server Error
at /usr/local/lib/balena-cli/node_modules/balena-request/build/request.js:197:17
at tryCatcher (/usr/local/lib/balena-cli/node_modules/bluebird/js/release/util.js:16:23)
at Promise._settlePromiseFromHandler (/usr/local/lib/balena-cli/node_modules/bluebird/js/release/promise.js:517:31)
at Promise._settlePromise (/usr/local/lib/balena-cli/node_modules/bluebird/js/release/promise.js:574:18)
at Promise._settlePromise0 (/usr/local/lib/balena-cli/node_modules/bluebird/js/release/promise.js:619:10)
at Promise._settlePromises (/usr/local/lib/balena-cli/node_modules/bluebird/js/release/promise.js:699:18)
at _drainQueueStep (/usr/local/lib/balena-cli/node_modules/bluebird/js/release/async.js:138:12)
at _drainQueue (/usr/local/lib/balena-cli/node_modules/bluebird/js/release/async.js:131:9)
at Async._drainQueues (/usr/local/lib/balena-cli/node_modules/bluebird/js/release/async.js:147:5)
at Immediate.Async.drainQueues [as _onImmediate] (/usr/local/lib/balena-cli/node_modules/bluebird/js/release/async.js:17:14)
at runCallback (timers.js:705:18)
at tryOnImmediate (timers.js:676:5)
at processImmediate (timers.js:658:5)
at process.topLevelDomainCallback (domain.js:126:23)

❯ balena key add Robin ~/.ssh/id_rsa.pub
[debug] original argv0=“/usr/local/lib/balena-cli/bin/node” argv=[/usr/local/lib/balena-cli/bin/node,/usr/local/lib/balena-cli/bin/run,key,add,Robin,/Users/robin/.ssh/id_rsa.pub] length=6
BalenaRequestError: Request error: Internal Server Error
at /usr/local/lib/balena-cli/node_modules/balena-request/build/request.js:197:17
at tryCatcher (/usr/local/lib/balena-cli/node_modules/bluebird/js/release/util.js:16:23)
at Promise._settlePromiseFromHandler (/usr/local/lib/balena-cli/node_modules/bluebird/js/release/promise.js:517:31)
at Promise._settlePromise (/usr/local/lib/balena-cli/node_modules/bluebird/js/release/promise.js:574:18)
at Promise._settlePromise0 (/usr/local/lib/balena-cli/node_modules/bluebird/js/release/promise.js:619:10)
at Promise._settlePromises (/usr/local/lib/balena-cli/node_modules/bluebird/js/release/promise.js:699:18)
at _drainQueueStep (/usr/local/lib/balena-cli/node_modules/bluebird/js/release/async.js:138:12)
at _drainQueue (/usr/local/lib/balena-cli/node_modules/bluebird/js/release/async.js:131:9)
at Async._drainQueues (/usr/local/lib/balena-cli/node_modules/bluebird/js/release/async.js:147:5)
at Immediate.Async.drainQueues [as _onImmediate] (/usr/local/lib/balena-cli/node_modules/bluebird/js/release/async.js:17:14)
at runCallback (timers.js:705:18)
at tryOnImmediate (timers.js:676:5)
at processImmediate (timers.js:658:5)
at process.topLevelDomainCallback (domain.js:126:23)

Has anyone faced this before?
Any tips on how to troubleshoot this further?

richbayliss · September 27, 2019, 2:47pm

Hi @robin

openBalena doesn’t support adding SSH keys via the CLI this way, nor does it support SSH through the CLI either (which is why I presume you are adding it)

It is possible to add your SSH key in the device config.json file as per this link: https://github.com/balena-os/meta-balena#sshkeys

robin · September 27, 2019, 3:23pm

@richbayliss Thank you for your reply.

I have gone through the FAQ and this is not mentioned under the relevant entry.
It would be tremendously useful to create a comprehensive table with differences…

Is adding env variables supported using balena CLI to openBalena?
That command seems to execute correctly, but the env variables are not added…

thundron · September 27, 2019, 6:54pm

Hi,
It is possible, you can refer to this forum post for the command and a bit of troubleshooting following as well.
Tell us how it goes and if you encounter any issues!

robin · September 30, 2019, 7:20am

It seems setting environment variable, both at the device and application level work splendidly.
In my case, however, there appears to be an issue with listing the application envs.
I can set them, and I can see them being applied to all devices in the application.
However, when I try to query the server for it, I get “No environment variables found”.

❯ balena envs --application fort-napoleon [09:18:25]
[debug] original argv0=“/usr/local/lib/balena-cli/bin/node” argv=[/usr/local/lib/balena-cli/bin/node,/usr/local/lib/balena-cli/bin/run,envs,–application,fort-napoleon] length=5
[debug] new argv=[/usr/local/lib/balena-cli/bin/node,/usr/local/lib/balena-cli/bin/run,envs,–application,fort-napoleon] length=5
No environment variables found

dfunckt · September 30, 2019, 12:26pm

Why do you need to add an SSH key? Keys are only used for authentication when doing git push on balenaCloud, which openBalena doesn’t support as a deployment method anyway.

That said, we recently added SSH keys into the openBalena API because they’re going to be used for SSHing into devices, but we haven’t published an openBalena version with these changes yet. (Nor should you manually update the API component, as it will most likely break your DB as it stands right now.)

Regarding env and config vars, the forum thread Lorenzo linked above should help, particularly this one that shows a workaround: Support for device environment variables

robin · October 1, 2019, 8:40pm

I wanted to use SSH keys to able to login on the host os when connected to the local LAN to devices with a production image deployed.
I managed to accomplish this by adding it to config.json before configuring the image to be flashed on the devices…

roman-mazur · October 2, 2019, 8:40am

@robin Just wanted to let you know that in the upcoming balenaOS version (2.44) we added the functionality of installing SSH keys added to the backend, so they can be used to SSH to the device automatically.
The API endpoint used to fetch SSH keys is available in openBalena, so you should get a more convenient way of installing the SSH keys with the new OS version

bversluijs · October 3, 2019, 10:34am

Hi @roman-mazur,

Can you please explain what this function does and what it is for?
It sounds like something we could really use!

roman-mazur · October 3, 2019, 2:13pm

When you ssh into the device, it will check the user name, and if this user public key is not present on the device, it will try fetching it from the backend passing the username in the API call parameters. The backend can return SSH keys imported for that user.
The backend endpoint implementation can be found here:

github.com

balena-io/open-balena-api/blob/v0.34.0/src/routes/auth.ts#L6


import { RequestHandler } from 'express';


import { resinApi } from '../platform';
import { handleHttpErrors } from '../platform/errors';


export const getUserPublicKeys: RequestHandler = (req, res) => {
	const { username } = req.params;


	if (username == null) {
		return res.send(400);
	}


	return resinApi
		.get({
			resource: 'user__has__public_key',
			options: {

Hope this helps. Cheers.