20

I have a rails application with Rails 7 and Ruby 3 support, which is working well in my development machine with Ubuntu 22.04, ruby 3.0.2p107 and Rails 7.0.2.3.

Now I'm trying to set up Capistrano (version 3.17.0) in order to deploy the rails app to a server with Ubuntu 22.04. However, I'm unable to do so due to the following error:

SSHKit::Runner::ExecuteError: Exception while executing as username@server: rsa#set_key= is incompatible with OpenSSL 3.0

It seems that Capistrano is no compatible with OpenSSL 3.0, which is the default OpenSSL library in Ubuntu 22.04. I guess it's a bug, but I did not find any post reporting it. I did not find any workaround either.

I tried to fix the issue by installing OpenSSL 1.1.1 but the rails app still uses OpenSSL 3. Perhaps a solution could be to reinstall ruby 3 with OpenSSL 1.1.1 using the --with-openssl-dir option.

Any suggestion?

Aldo
  • 704
  • 6
  • 7

4 Answers4

27

The reported error was due to the rails net-ssh gem not supporting OpenSSL 3.0.

Fortnunately, a new version of the net-ssh gem was released yesterday providing OpenSSL 3.0 support and hence fixing the issue.

Basically, adding

gem 'net-ssh', '7.0.0.beta1'

and running bundle install fixed the issue.

Aldo
  • 704
  • 6
  • 7
  • 3
    Bless you, what a find. How did you figure this out? – Jonathan May 27 '22 at 11:28
  • 1
    /.rvm/gems/ruby-3.1.2/gems/net-ssh-7.0.1/lib/net/ssh/buffer.rb:266:in `set_key': rsa#set_key= is incompatible with OpenSSL 3.0 (OpenSSL::PKey::PKeyError) Well I'm still getting the error with 7.0.1 – user9114945 Jun 30 '22 at 15:37
  • 1
    Confirmed that 7.0.1 does *not* fix the issue. I had to do `gem install net-ssh -v 7.0.0.beta1` in order to overcome this issue – Chris Jul 23 '22 at 13:18
  • It is surprising to hear 7.0.0.beta1 resolves an issue that 7.0.1 does not. Here's the diff between those versions https://github.com/net-ssh/net-ssh/compare/v7.0.0.beta1...v7.0.1 . Additionally, the community considers the issue unresolved as of now: https://github.com/net-ssh/net-ssh/issues/874 and https://github.com/net-ssh/net-ssh/pull/875 – kkurian Aug 11 '22 at 16:29
  • 1
    Also confirming that net-ssh version 7.01 doesn't fix the issue and looking for a solution if anyone has suggestions – Grant Sayer Jan 17 '23 at 08:02
1

My temporary solution is reinstall Ruby with openssl@1.1 and it worked.

rbenv uninstall 3.1.2
brew install openssl@1.1
RUBY_CONFIGURE_OPTS='--with-openssl-dir=/usr/local/opt/openssl@1.1' rbenv install 3.1.2

To check openssl version:

ruby -ropenssl -e 'puts OpenSSL::OPENSSL_VERSION'
Yuto Yasunaga
  • 69
  • 1
  • 9
0

capistrano was using my RSA key from ~/.ssh/id_rsa.

I switched to using the pem file provided by AWS:

  • Generate the public key from the pem file ssh-keygen -y -f in.pem > out.pub
  • Edit ~/.ssh/authorized_keys on the server to add the public key from out.pub
  • cap production deploy :)
Dorian
  • 7,749
  • 4
  • 38
  • 57
-2

I tired to add gem 'net-ssh', '7.0.0.beta1' but I'm still running into the same error.

jmarsh24
  • 1
  • 1
  • As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Sep 10 '22 at 10:04