InvalidKeyId error when interacting with Triton Object Storage (Manta) from shell

Elizabeth -

For users that interact with Triton Object Storage (formerly Manta) from the bash shell, and run into an InvalidKeyId error such as the example shown below:

MacBook-Pro:~ $ manta /$MANTA_USER/stor

{"code":"InvalidKeyId","message":"the KeyId token you provided is invalid"}MacBook-Pro:~ $

But you are able to run an mls against your Triton Object Storage (Manta) directories without error, you may be hitting an issue with the fingerprint format being returned from ssh-keygen set in your MANTA_KEY_ID variable.

 

Workaround

1. Verify the Signature keyID being used by running: 

minfo -v ~~/stor 2>&1 | grep Signature | json -Ha client_req.headers.authorization 

(you should see something similar to this):

"Signature keyId=\"/testuser/keys/a4:81:39:c8:76:90:34:49:1d:gh:59:ae:64:m9:l0:ff\"

2. If you have your MANTA_KEY_ID variable set as shown below, run the ssh-keygen command in a terminal to see what it returns:

export MANTA_KEY_ID=$(ssh-keygen -l -f $HOME/.ssh/id_rsa.pub | awk '{print $2}') 

3. If it returns with a fingerprint in the newer SHA256 format, such as:

SHA256:hYkMF9UFijUhTbuEPf/2nzx9sdfj27830AU3450sldf2

... then you'll need to update the command such that it returns with the MD5 hash format, and set that to your MANTA_KEY_ID variable, as shown below:

export MANTA_KEY_ID=$(ssh-keygen -E md5 -lf $HOME/.ssh/id_rsa.pub | sed 's/MD5://' | awk '{print $2}')

 


If you continue to have issues, or you are not sure if you are hitting this issue, please open a support ticket.

 

 

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.