Product manager Jason Clarke (12-year veteran at PaperCut) here. I was recently tearing what’s left of my hair out while trying to access a Linux VM in a Google Cloud Compute environment.
The last time I needed access to this VM I simply opened IAP Desktop, double-clicked on the VM, and was presented with a terminal session in short order.
Not so today, reader, not so today.
I was stymied by this less-than-helpful error message:
Googling this Google error message was not fruitful.
It was not until an eagle-eyed coworker pasted a snippet of IAP Desktop’s code:
catch (CryptographicException e) when (e.HResult == NTE_EXISTS)
{
//
// This should not happen because of the previous Exists()
// check, but:
//
// - There might be a race condition (rare)
// - The specific algorithm might be disabled on the machine
// (also rare).
//
throw new CryptographicException(
"Failed to create or access cryptographic key. If the error " +
$"persists, try using an algorithm other than {algorithm}.", e);
}
And there it is, the algorithm might be disabled on the machine.
It is supposedly rare.
Well, RSA is kind-of a weak algorithm (please no culture wars, keep it to vi vs vm vs emacs please). It indeed has been disabled.
Poking around in IAP Desktop under Tools -> Options -> SSH there is a nice little drop-down that allows you to change from RSA (3072 bit) to multiple strength ECDSA NIST P-xxx keys.
I selected a new Key type, clicked OK, and was on my way again.
I thought some of our readers might come across this one.
I’m also going to remind some of my developer friends about writing error messages that enable people (users, okay, USERS) to self-solve problems.
