sas
SSH authentication with gitfn_clone (SAS function)
I'm looking to set up a batch process using a github deploy key.
Registering a key using any of the following:
ssh-keygenssh-keygen -t rsa -b 4096ssh-keygen -t rsa -b 4096 -E sha512
And running the following code:
%let dirOut = %sysfunc(pathname(work))/package;
data _null_;
rc=GITFN_CLONE(
"[email protected]:allanbowe/sasjscore.git",
"&dirOut",
"git",
"",
"/home/sasjssrv/.ssh/id_rsa.pub",
"/home/sasjssrv/.ssh/id_rsa"
);
put rc=;
run;
Results in:
ERROR: Return code from GIT is (23). ERROR: You're using an RSA key with SHA-1, which is no longer allowed. Please use a newer client or a different key type. Please see https://github.blog/2021-09-01-improving-git-protocol-security-github/ for more information.
The following algorithms:
ssh-keygen -t ecdsa -b 521ssh-keygen -t ed25519ssh-keygen -t ed25519 -C "[email protected]"ssh-keygen -t rsa -b 2048 -E sha512
Return -3 from gitfn_clone() with the following message:
ERROR: Failed to authenticate with the remote repository.
A regular git clone works fine with ALL of the keys:
git clone [email protected]:allanbowe/sasjscore.git
Cloning into 'sasjscore'...
warning: You appear to have cloned an empty repository.
I also tried with git_clone() (after noticing gitfn_clone() was deprecated) but, same result.
Any ideas?
55 %put %sysfunc(GIT_VERSION()) &=sysvlong &=sysscp;
0.27 SYSVLONG=9.04.01M7P080520 SYSSCP=LIN X64
Running Centos 7 as described here.
Solution
The issue is the use of an older version of GIT in 9.4m7. This should be fixed in 9.4m8, and is already fixed in Viya 4.
Thanks to the support of several internal SAS employees (you know who you are!) I can document TWO steps to address.
The first - to fix in m7 - just apply the following two hotfixes:
Then, regenerate using an appropriate cypher, eg: ssh-keygen -t ecdsa -b 521 and add that public key to github.
The second approach, which I didn't get round to trying as it would have meant creating a new github account, was to use OpenAuth Access Tokens. More information on that here and here.
Many thanks, Danny / Alexey / David!
EDIT - further to @joe's comment, I provide the logs from the hotfixes (/opt/sas9/SASHome/InstallMisc/InstallLogs):
base_lax_9.4_M7_HFI9R087_en_Install_preexec.log:
Installation Date 17/10/22 15:36 / User ID sasinstaller / IP Address 44.44.44.44 / Host CentOS-79-64-minimal
Skipped Files
There were no files to be processed.
Added Files
/opt/sas9/SASHome/SASFoundation/9.4/sasexe/libssh2.so.1.0.1
/opt/sas9/SASHome/SASFoundation/9.4/sasexe/libssh2.so
Backup Files
/opt/sas9/SASHome/SASFoundation/9.4/installs/base_lax_9.4_M7_HFI9R087/SASHome/en/SASFoundation/9.4/sasexe/libssh2.so.1
Changed Files
/opt/sas9/SASHome/SASFoundation/9.4/sasexe/libssh2.so.1
Removed Files
There were no files to be processed.
base_lax_9.4_M7_HFI9R087_en_Install_postexec.log:
Installation Date 17/10/22 15:37 / User ID sasinstaller / IP Address 44.44.44.44 / Host CentOS-79-64-minimal
Added Files
/opt/sas9/SASHome/SASFoundation/9.4/sasexe/libssh2.so.1.0.1
/opt/sas9/SASHome/SASFoundation/9.4/sasexe/libssh2.so
Backup Files
/opt/sas9/SASHome/SASFoundation/9.4/installs/base_lax_9.4_M7_HFI9R087/SASHome/en/SASFoundation/9.4/sasexe/libssh2.so.1
Changed Files
/opt/sas9/SASHome/SASFoundation/9.4/sasexe/libssh2.so.1
/opt/sas9/SASHome/SASFoundation/9.4/sasv9.cfg
Removed Files
There were no files to be processed.
base_lax_9.4_M7_HFI9R088_en_Install_preexec.log :
Installation Date 17/10/22 15:36 / User ID sasinstaller / IP Address 44.44.44.44 / Host CentOS-79-64-minimal
Skipped Files
There were no files to be processed.
Added Files
There were no files to be processed.
Backup Files
/opt/sas9/SASHome/SASFoundation/9.4/installs/base_lax_9.4_M7_HFI9R088/SASHome/en/SASFoundation/9.4/sasexe/uwugitfn
/opt/sas9/SASHome/SASFoundation/9.4/installs/base_lax_9.4_M7_HFI9R088/SASHome/en/SASFoundation/9.4/sasexe/uwugit_f
/opt/sas9/SASHome/SASFoundation/9.4/installs/base_lax_9.4_M7_HFI9R088/SASHome/en/SASFoundation/9.4/sasexe/uwugit_v
/opt/sas9/SASHome/SASFoundation/9.4/installs/base_lax_9.4_M7_HFI9R088/SASHome/en/SASFoundation/9.4/sasexe/uwugit_i
/opt/sas9/SASHome/SASFoundation/9.4/installs/base_lax_9.4_M7_HFI9R088/SASHome/en/SASFoundation/9.4/sasexe/uwugit_c
/opt/sas9/SASHome/SASFoundation/9.4/installs/base_lax_9.4_M7_HFI9R088/SASHome/en/SASFoundation/9.4/sasexe/uwugit_s
/opt/sas9/SASHome/SASFoundation/9.4/installs/base_lax_9.4_M7_HFI9R088/SASHome/en/SASFoundation/9.4/sasexe/uwugit_b
/opt/sas9/SASHome/SASFoundation/9.4/installs/base_lax_9.4_M7_HFI9R088/SASHome/en/SASFoundation/9.4/sasexe/uwugit_r
/opt/sas9/SASHome/SASFoundation/9.4/installs/base_lax_9.4_M7_HFI9R088/SASHome/en/SASFoundation/9.4/sasexe/uwugit_d
/opt/sas9/SASHome/SASFoundation/9.4/installs/base_lax_9.4_M7_HFI9R088/SASHome/en/SASFoundation/9.4/sasexe/uwugit_p
Changed Files
/opt/sas9/SASHome/SASFoundation/9.4/sasexe/uwugitfn
/opt/sas9/SASHome/SASFoundation/9.4/sasexe/uwugit_f
/opt/sas9/SASHome/SASFoundation/9.4/sasexe/uwugit_v
/opt/sas9/SASHome/SASFoundation/9.4/sasexe/uwugit_i
/opt/sas9/SASHome/SASFoundation/9.4/sasexe/uwugit_c
/opt/sas9/SASHome/SASFoundation/9.4/sasexe/uwugit_s
/opt/sas9/SASHome/SASFoundation/9.4/sasexe/uwugit_b
/opt/sas9/SASHome/SASFoundation/9.4/sasexe/uwugit_r
/opt/sas9/SASHome/SASFoundation/9.4/sasexe/uwugit_d
/opt/sas9/SASHome/SASFoundation/9.4/sasexe/uwugit_p
Removed Files
There were no files to be processed.
And /opt/sas9/SASHome/InstallMisc/InstallLogs/base_lax_9.4_M7_HFI9R088_en_Install_postexec.log:
Installation Date 17/10/22 15:37 / User ID sasinstaller / IP Address 44.44.44.44 / Host CentOS-79-64-minimal
Added Files
There were no files to be processed.
Backup Files
/opt/sas9/SASHome/SASFoundation/9.4/installs/base_lax_9.4_M7_HFI9R088/SASHome/en/SASFoundation/9.4/sasexe/uwugitfn
/opt/sas9/SASHome/SASFoundation/9.4/installs/base_lax_9.4_M7_HFI9R088/SASHome/en/SASFoundation/9.4/sasexe/uwugit_f
/opt/sas9/SASHome/SASFoundation/9.4/installs/base_lax_9.4_M7_HFI9R088/SASHome/en/SASFoundation/9.4/sasexe/uwugit_v
/opt/sas9/SASHome/SASFoundation/9.4/installs/base_lax_9.4_M7_HFI9R088/SASHome/en/SASFoundation/9.4/sasexe/uwugit_i
/opt/sas9/SASHome/SASFoundation/9.4/installs/base_lax_9.4_M7_HFI9R088/SASHome/en/SASFoundation/9.4/sasexe/uwugit_c
/opt/sas9/SASHome/SASFoundation/9.4/installs/base_lax_9.4_M7_HFI9R088/SASHome/en/SASFoundation/9.4/sasexe/uwugit_s
/opt/sas9/SASHome/SASFoundation/9.4/installs/base_lax_9.4_M7_HFI9R088/SASHome/en/SASFoundation/9.4/sasexe/uwugit_b
/opt/sas9/SASHome/SASFoundation/9.4/installs/base_lax_9.4_M7_HFI9R088/SASHome/en/SASFoundation/9.4/sasexe/uwugit_r
/opt/sas9/SASHome/SASFoundation/9.4/installs/base_lax_9.4_M7_HFI9R088/SASHome/en/SASFoundation/9.4/sasexe/uwugit_d
/opt/sas9/SASHome/SASFoundation/9.4/installs/base_lax_9.4_M7_HFI9R088/SASHome/en/SASFoundation/9.4/sasexe/uwugit_p
Changed Files
/opt/sas9/SASHome/SASFoundation/9.4/sasexe/uwugitfn
/opt/sas9/SASHome/SASFoundation/9.4/sasexe/uwugit_f
/opt/sas9/SASHome/SASFoundation/9.4/sasexe/uwugit_v
/opt/sas9/SASHome/SASFoundation/9.4/sasexe/uwugit_i
/opt/sas9/SASHome/SASFoundation/9.4/sasexe/uwugit_c
/opt/sas9/SASHome/SASFoundation/9.4/sasexe/uwugit_s
/opt/sas9/SASHome/SASFoundation/9.4/sasexe/uwugit_b
/opt/sas9/SASHome/SASFoundation/9.4/sasexe/uwugit_r
/opt/sas9/SASHome/SASFoundation/9.4/sasexe/uwugit_d
/opt/sas9/SASHome/SASFoundation/9.4/sasexe/uwugit_p
/opt/sas9/SASHome/SASFoundation/9.4/sasv9.cfg
Removed Files
There were no files to be processed.
After searching a bit harder I found this (showing only the extract due to log size) in file IT_2022-10-17-16.17.52.log:
2022-10-17 16:22:43 Controller - Marshalling deployment.xml to /opt/sas9/SASHome/SASFoundation/9.4/installs/base_lax_9.4_M7_HFI9R005/Metadata/en/deployment.xml
2022-10-17 16:22:43 InstallationTask - All constrainBy tests met: true
2022-10-17 16:22:43 EntryData - backed up /opt/sas9/SASHome/SASFoundation/9.4/sasexe/libgit2.so to /opt/sas9/SASHome/SASFoundation/9.4/installs/base_lax_9.4_M7_HFI9R005/SASHome/en/SASFoundation/9.4/sasexe/libgit2.so
2022-10-17 16:22:43 InstallationTask - sasexe/libgit2.so (0 bytes) has been successfully Backed up
2022-10-17 16:22:43 InstallationTask - sasexe/libgit2.so (1180370 bytes) has been successfully Changed
2022-10-17 16:22:43 ExtractTask - Created uninstall zip metadata at /opt/sas9/SASHome/SASFoundation/9.4/installs/base_lax_9.4_M7_HFI9R005/Metadata/en/en_sasexe.xml
So - it would seem, the answer is yes!
EDIT 2 - further feedback (thanks, Sundaresh) has shown that the -m PEM option can avoid the git (23) error, eg:
ssh-keygen -t ecdsa -b 256 -m PEM -C "[email protected]"
- Make histogram in SAS from aggregated data
- Create table that splits records on specific dates using SAS
- Pattern matching in any position of a variable value
- How to loop to get column name?
- In SAS, is there a way to run multiple proc freqs with different formats in a macro?
- Sum values only over replicated dates
- Set the value of a variable based on the previous value of another variable
- remove trailing spaces inside SAS macro
- Dedup based on the value of a variable
- Uniform a variable value by other variables
- Replace values in a dataset with values in another dataset but only when a variable takes a specific value
- Add a flag based on another dataset
- Update an Index variable based of the values it takes
- Retain only the first value of a variable
- Assign as value of a variable the output of a proc summary
- Remove a specific suffix in variable names
- Update actual records of a variable based on the date before
- Can anyone help me write a R data frame as a SAS data set?
- SAS Modified Program Date/Time
- Sum by IDs and variables
- How to sort data using Data step in SAS
- SAS Proc transpose wide to long multiple variables
- How to use folders with spaces in SAS x "copy ..."?
- Flag observations with same ID/Date but different result
- How is the SAS proc sql create table (where=()) option different to a where clause in the sql query and when should it be used?
- Order of the relative operator in SAS?
- Trying to create a macro which checks for a macro variable existence and creates it if doesn't exist
- Detect word in character variable text string and create variable based upon presence of that word SAS
- How to write Do loop in SAS to use the proc power?
- Run string as query through macro - error parameters must precede keyword