chacha20 | ChaCha20 stream cipher in C | Encryption library

It depends on what you used for the $keyFile in your script.

A default name should be part of the /home/pi/.ssh/id_xxx names considered during an SSH session.
But a non-default name would need to be specified in an ~/.ssh/config: double-check if you have one.

Also, in your script, to be sure, don't use ~/.ssh, but /home/$USER/.ssh consistently, to avoid any mistake when the shell substitutes ~.

Your server/device seems to require some dummy keyboard interactive authentication:

What is called salt in the Python code is actually the nonce (or IV), see the Cryptography documentation for ChaCha20Poly1305). The difference between nonce and salt is explained e.g. here. In the following I use the term nonce.

In the NodeJS code, the separation of ciphertext and tag is performed in a way that is far too complicated, but (coincidentally) results in the correct result. The IV does not play a role in the separation. The tag is the last 16 bytes, the actual ciphertext is the remaining data before the tag.

Also, currently no authentication takes place, which is insecure. To enable authentication, the tag must be set with setAuthTag() before the final() call. If the authentication fails, an exception is thrown.

The following example shows a possible NodeJS implementation for decryption. The ciphertext was generated with the posted Python code:

TL;DR Your config file "github" entry should look like this:

So, between nginx and the world you can choose to let dockers ingress loadbalance to your nginx instances, or use an external loadbalancer. If you had a fixed set of nodes that an external loadbalancer was pointing to then

I solved my problem.
In keycloak docker compose file need to add reverse proxy location in KEYCLOAK_FRONTEND_URL
Like KEYCLOAK_FRONTEND_URL: "https://myhost.com/auth"

I have been able to solve this and will explain how.

My issue was my password was not being accepted even after resetting the password in the droplet.

"Password not accepted in the console" info can be found here https://docs.digitalocean.com/products/droplets/resources/troubleshooting-ssh/authentication/

I followed the Boot into the Recovery process linked here: https://docs.digitalocean.com/products/droplets/resources/recovery-iso/#boot-into-the-recovery-iso

• Power down or stop droplet
• Select boot from recovery ISO
• Turned on the droplet again
• clicked the console

At this stage I was present with a list of options.

1. Mount your Disk Image [Not Mounted]
2. Check Filesystem
3. Reset Droplet Root Password
4. Configure Keyboard
5. Attempt to 'chroot' into installed system
6. Interactive Shell [/bin/bash] Choose (1-6) and press Enter to continue.

• I selected option 1, then 3, followed by 6.

• After this I powered off the droplet and selected boot from hard drive.

• Accessing the console I was able to login and enter the password which was accepted and the ghost install began and completed successfully.

I hope this helps anyone who is experiencing the same issue.

There are a few things you are doing wrong

1. You should not login from within the gerrit container as it will use the gerrit user and ssh key. There is no gerrit user in gerrit in such a way
2. You should create a new user, are you using LDAP?
3. Next, log in to gerrit using that users credentials and add the public ssh key from the user in the user profile. Depending on your server url: https://myserver.net/settings/#SSHKeys
4. Now you should be able to connect

If the private key format differs, that means, as I mentioned here that:

• one platform is using openssh prior to 7.8, with an old PEM 64-chars per line format.
• one is using a more recent OpenSSH format, 70-chars per line.

You can force a recent openSSH to generate the old format with: