[Bug 1808194] Re: paramiko can't parse the default key format generated by ssh-keygen

Benjamin Drung 1808194 at bugs.launchpad.net
Tue Apr 12 16:49:24 UTC 2022 

I tested your test case on Ubuntu 21.10 (impish) and it works there:

$ ssh-keygen -f fail.rsa -t rsa -N ''
Generating public/private rsa key pair.
Your identification has been saved in fail.rsa
Your public key has been saved in fail.rsa.pub
The key fingerprint is:
SHA256:LHuK1nhYceeuCBDz3Uja1X8gnaSpfmDd6GQi9tHU3+Y bdrung at deep-thought
The key's randomart image is:
+---[RSA 3072]----+
|            .    |
|         . * .   |
|  o   . . * =    |
|   + =.=.=.= o . |
|  . o BoSo* o o o|
|   . ..B B.  . o |
|    .=. +.o     E|
|    +oo+ ..      |
|   ...o ..       |
+----[SHA256]-----+
$ python3 -c 'from paramiko.rsakey import RSAKey; RSAKey.from_private_key_file("fail.rsa")'
$

So the support was added since then.

** Changed in: paramiko (Ubuntu)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to paramiko in Ubuntu.
https://bugs.launchpad.net/bugs/1808194

Title:
  paramiko can't parse the default key format generated by ssh-keygen

Status in paramiko package in Ubuntu:
  Fix Released

Bug description:
  The default key format used by OpenSSH changed in version 7.8[0] to
  the openssh format (rather than the previous "pem" format).  (disco is
  the first Ubuntu version to include an OpenSSH version later than 7.8;
  it's currently at 7.9p1.)

  paramiko doesn't have full support for the openssh key format[1] (it
  will only accept it for Ed25519 keys, currently), which means anything
  using paramiko with keys generated on disco and later will stop
  working.

  A simple reproducer:

  ```
  $ ssh-keygen -f fail.rsa -t rsa -N ''
  ...
  $ python3 -c 'from paramiko.rsakey import RSAKey; RSAKey.from_private_key_file("fail.rsa")'
  Traceback (most recent call last):
    File "<string>", line 1, in <module>
    File "/usr/lib/python3/dist-packages/paramiko/pkey.py", line 206, in from_private_key_file
      key = cls(filename=filename, password=password)
    File "/usr/lib/python3/dist-packages/paramiko/rsakey.py", line 48, in __init__
      self._from_private_key_file(filename, password)
    File "/usr/lib/python3/dist-packages/paramiko/rsakey.py", line 169, in _from_private_key_file
      data = self._read_private_key_file('RSA', filename, password)
    File "/usr/lib/python3/dist-packages/paramiko/pkey.py", line 279, in _read_private_key_file
      data = self._read_private_key(tag, f, password)
    File "/usr/lib/python3/dist-packages/paramiko/pkey.py", line 289, in _read_private_key
      raise SSHException('not a valid ' + tag + ' private key file')
  paramiko.ssh_exception.SSHException: not a valid RSA private key file

  $ ssh-keygen -f pass.rsa -t rsa -N '' -m pem
  ...
  $ python3 -c 'from paramiko.rsakey import RSAKey; RSAKey.from_private_key_file("pass.rsa")'
  $ echo $?
  0
  ```

  [0] https://www.openssh.com/txt/release-7.8
  [1] https://github.com/paramiko/paramiko/issues/602

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/paramiko/+bug/1808194/+subscriptions

More information about the foundations-bugs mailing list