[Bug 1808194] [NEW] paramiko can't parse the default key format generated by ssh-keygen
Dan Watkins
daniel.watkins at canonical.com
Wed Dec 12 17:04:19 UTC 2018
Public bug reported:
The default key format used by OpenSSH changed in version 7.8[0] to the
openssh format (rather than the previous "pem" format). (disco is the
first Ubuntu version to include an OpenSSH version later than 7.8; it's
currently at 7.9p1.)
paramiko doesn't have full support for the openssh key format[1] (it
will only accept it for Ed25519 keys, currently), which means anything
using paramiko with keys generated on disco and later will stop working.
A simple reproducer:
```
$ ssh-keygen -f fail.rsa -t rsa -N ''
...
$ python3 -c 'from paramiko.rsakey import RSAKey; RSAKey.from_private_key_file("fail.rsa")'
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/usr/lib/python3/dist-packages/paramiko/pkey.py", line 206, in from_private_key_file
key = cls(filename=filename, password=password)
File "/usr/lib/python3/dist-packages/paramiko/rsakey.py", line 48, in __init__
self._from_private_key_file(filename, password)
File "/usr/lib/python3/dist-packages/paramiko/rsakey.py", line 169, in _from_private_key_file
data = self._read_private_key_file('RSA', filename, password)
File "/usr/lib/python3/dist-packages/paramiko/pkey.py", line 279, in _read_private_key_file
data = self._read_private_key(tag, f, password)
File "/usr/lib/python3/dist-packages/paramiko/pkey.py", line 289, in _read_private_key
raise SSHException('not a valid ' + tag + ' private key file')
paramiko.ssh_exception.SSHException: not a valid RSA private key file
$ ssh-keygen -f pass.rsa -t rsa -N '' -m pem
...
$ python3 -c 'from paramiko.rsakey import RSAKey; RSAKey.from_private_key_file("pass.rsa")'
$ echo $?
0
```
[0] https://www.openssh.com/txt/release-7.8
[1] https://github.com/paramiko/paramiko/issues/602
** Affects: paramiko (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to paramiko in Ubuntu.
https://bugs.launchpad.net/bugs/1808194
Title:
paramiko can't parse the default key format generated by ssh-keygen
Status in paramiko package in Ubuntu:
New
Bug description:
The default key format used by OpenSSH changed in version 7.8[0] to
the openssh format (rather than the previous "pem" format). (disco is
the first Ubuntu version to include an OpenSSH version later than 7.8;
it's currently at 7.9p1.)
paramiko doesn't have full support for the openssh key format[1] (it
will only accept it for Ed25519 keys, currently), which means anything
using paramiko with keys generated on disco and later will stop
working.
A simple reproducer:
```
$ ssh-keygen -f fail.rsa -t rsa -N ''
...
$ python3 -c 'from paramiko.rsakey import RSAKey; RSAKey.from_private_key_file("fail.rsa")'
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/usr/lib/python3/dist-packages/paramiko/pkey.py", line 206, in from_private_key_file
key = cls(filename=filename, password=password)
File "/usr/lib/python3/dist-packages/paramiko/rsakey.py", line 48, in __init__
self._from_private_key_file(filename, password)
File "/usr/lib/python3/dist-packages/paramiko/rsakey.py", line 169, in _from_private_key_file
data = self._read_private_key_file('RSA', filename, password)
File "/usr/lib/python3/dist-packages/paramiko/pkey.py", line 279, in _read_private_key_file
data = self._read_private_key(tag, f, password)
File "/usr/lib/python3/dist-packages/paramiko/pkey.py", line 289, in _read_private_key
raise SSHException('not a valid ' + tag + ' private key file')
paramiko.ssh_exception.SSHException: not a valid RSA private key file
$ ssh-keygen -f pass.rsa -t rsa -N '' -m pem
...
$ python3 -c 'from paramiko.rsakey import RSAKey; RSAKey.from_private_key_file("pass.rsa")'
$ echo $?
0
```
[0] https://www.openssh.com/txt/release-7.8
[1] https://github.com/paramiko/paramiko/issues/602
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/paramiko/+bug/1808194/+subscriptions
More information about the foundations-bugs
mailing list