Opened 9 years ago

Closed 8 years ago

#3630 defect closed duplicate (duplicate)

Possible error with key authentication of twisted conch

Reported by: sakalsiz Owned by:
Priority: normal Milestone: Twisted-9.0
Component: conch Keywords:
Cc: Branch: branches/alternate-dsa-key-3630
branch-diff, diff-cov, branch-cov, buildbot
Author: therve

Description (last modified by Jean-Paul Calderone)

I have a python script that executes a python code on a remote host using SSH. It was working perfectly with Twisted 2.5. The method of returning private and public has changed in userauth.SSHUserAuthClient (Twisted 8.1).

I was using (Twisted 2.5)


def getPublicKey(self):
  return keys.getPublicKeyString(self.keyfile+'.pub')

def getPrivateKey(self):
  return defer.succeed(keys.getPrivateKeyObject(self.keyfile))

Now I am using (Twisted 8.1)


def getPublicKey(self):
  return keys.Key.fromFile(self.keyfile+'.pub')

def getPrivateKey(self):
  return defer.succeed(keys.Key.fromFile(self.keyfile))

and it doesn't work any more. I have attached the simplified script. Here is the scenario I am using and the exception I got. Any help is greatly appreciated.

Scenario


I am creating a DSA key using ssh-keygen (in Debian and Ubuntu) with an empty password

$ ssh-keygen -t dsa

and copy it to my localhost

$ ssh-copy-id -i ~/.ssh/id_dsa localhost

then run the attached script, which tries to execute a python script remotely using SSH and get the following error

Traceback (most recent call last):
  File "/usr/lib/python2.5/site-packages/twisted/internet/selectreactor.py", line 146, in _doReadOrWrite
    why = getattr(selectable, method)()
  File "/usr/lib/python2.5/site-packages/twisted/internet/tcp.py", line 362, in doRead
    return self.protocol.dataReceived(data)
  File "/usr/lib/python2.5/site-packages/twisted/conch/ssh/transport.py", line 314, in dataReceived
    self.dispatchMessage(messageNum, packet[1:])
  File "/usr/lib/python2.5/site-packages/twisted/conch/ssh/transport.py", line 336, in dispatchMessage
    messageNum, payload)
--- <exception caught here> ---
  File "/usr/lib/python2.5/site-packages/twisted/python/log.py", line 51, in callWithLogger
    return callWithContext({"system": lp}, func, *args, **kw)
  File "/usr/lib/python2.5/site-packages/twisted/python/log.py", line 36, in callWithContext
    return context.call({ILogContext: newCtx}, func, *args, **kw)
  File "/usr/lib/python2.5/site-packages/twisted/python/context.py", line 59, in callWithContext
    return self.currentContext().callWithContext(ctx, func, *args, **kw)
  File "/usr/lib/python2.5/site-packages/twisted/python/context.py", line 37, in callWithContext
    return func(*args,**kw)
  File "/usr/lib/python2.5/site-packages/twisted/conch/ssh/service.py", line 44, in packetReceived
    return f(packet)
  File "/usr/lib/python2.5/site-packages/twisted/conch/ssh/userauth.py", line 262, in ssh_USERAUTH_FAILURE
    if method not in self.authenticatedWith and self.tryAuth(method):
  File "/usr/lib/python2.5/site-packages/twisted/conch/ssh/userauth.py", line 234, in tryAuth
    return f()
  File "/usr/lib/python2.5/site-packages/twisted/conch/ssh/userauth.py", line 338, in auth_publickey
    keyType = getNS(publicKey)[0]
  File "/usr/lib/python2.5/site-packages/twisted/conch/ssh/common.py", line 51, in getNS
    l, = struct.unpack('!L',s[c:c+4])
exceptions.TypeError: 'Key' object is unsubscriptable

Attachments (1)

mysshconnection.py (7.5 KB) - added by sakalsiz 9 years ago.
Sample script trying to execute a remote process using SSH

Download all attachments as: .zip

Change History (13)

Changed 9 years ago by sakalsiz

Attachment: mysshconnection.py added

Sample script trying to execute a remote process using SSH

comment:1 Changed 9 years ago by Jean-Paul Calderone

Description: modified (diff)

comment:2 Changed 9 years ago by z3p

Twisted 8.1 doesn't support returning Key objects from getPublicKey. If you want to be able to do that, you should look at the userauth-2682-6 branch (for bug #2682) which updates userauth.py to accept Key objects.

comment:3 in reply to:  2 ; Changed 9 years ago by sakalsiz

Replying to z3p:

Isn't there a way to make ssh connections using a key authentication with current snapshots or releases.

comment:4 in reply to:  2 Changed 9 years ago by sakalsiz

I also tried the userauth-2682-6 branch, it still doesn't work. Raises the following exception

Traceback (most recent call last):
  File "/usr/lib/python2.5/site-packages/twisted/internet/selectreactor.py", line 146, in _doReadOrWrite
    why = getattr(selectable, method)()
  File "/usr/lib/python2.5/site-packages/twisted/internet/tcp.py", line 362, in doRead
    return self.protocol.dataReceived(data)
  File "/usr/lib/python2.5/site-packages/twisted/conch/ssh/transport.py", line 314, in dataReceived
    self.dispatchMessage(messageNum, packet[1:])
  File "/usr/lib/python2.5/site-packages/twisted/conch/ssh/transport.py", line 336, in dispatchMessage
    messageNum, payload)
--- <exception caught here> ---
  File "/usr/lib/python2.5/site-packages/twisted/python/log.py", line 51, in callWithLogger
    return callWithContext({"system": lp}, func, *args, **kw)
  File "/usr/lib/python2.5/site-packages/twisted/python/log.py", line 36, in callWithContext
    return context.call({ILogContext: newCtx}, func, *args, **kw)
  File "/usr/lib/python2.5/site-packages/twisted/python/context.py", line 59, in callWithContext
    return self.currentContext().callWithContext(ctx, func, *args, **kw)
  File "/usr/lib/python2.5/site-packages/twisted/python/context.py", line 37, in callWithContext
    return func(*args,**kw)
  File "/usr/lib/python2.5/site-packages/twisted/conch/ssh/service.py", line 44, in packetReceived
    return f(packet)
  File "/usr/lib/python2.5/site-packages/twisted/conch/ssh/userauth.py", line 531, in ssh_USERAUTH_PK_OK
    return func(packet)
  File "/usr/lib/python2.5/site-packages/twisted/conch/ssh/userauth.py", line 545, in ssh_USERAUTH_PK_OK_publickey
    d  = self.signData(publicKey, b)
  File "/usr/lib/python2.5/site-packages/twisted/conch/ssh/userauth.py", line 726, in signData
    key = self.getPrivateKey()
  File "mysshconnection.py", line 142, in getPrivateKey
    return defer.succeed(keys.Key.fromFile(self.keyfile))
  File "/usr/lib/python2.5/site-packages/twisted/conch/ssh/keys.py", line 60, in fromFile
    return Class.fromString(file(filename, 'rb').read(), type, passphrase)
  File "/usr/lib/python2.5/site-packages/twisted/conch/ssh/keys.py", line 88, in fromString
    return method(data, passphrase)
  File "/usr/lib/python2.5/site-packages/twisted/conch/ssh/keys.py", line 232, in _fromString_PRIVATE_OPENSSH
    p, q, g, y, x = decodedKey[1: 6]
exceptions.ValueError: need more than 1 value to unpack

I changed the line at keys.py:231

p, q, g, y, x = decodedKey[1: 6]

with the following

p, q, g, y, x = decodedKey[0][1: 6]

then worked.

comment:5 in reply to:  3 ; Changed 9 years ago by z3p

Replying to sakalsiz:

Replying to z3p:

Isn't there a way to make ssh connections using a key authentication with current snapshots or releases.

Yes; you can use the basically the same code that worked in Twisted 2.5. To avoid the warnings, just replace the code you have with what the warning tells you to use.

comment:6 in reply to:  5 ; Changed 9 years ago by sakalsiz

Replying to z3p:

Replying to sakalsiz:

Replying to z3p:

Isn't there a way to make ssh connections using a key authentication with current snapshots or releases.

Yes; you can use the basically the same code that worked in Twisted 2.5. To avoid the warnings, just replace the code you have with what the warning tells you to use.

I already tried both, but none of them works. That's why I opened this ticket.

comment:7 in reply to:  6 ; Changed 9 years ago by z3p

Replying to sakalsiz:

I already tried both, but none of them works. That's why I opened this ticket.

Try:

def getPublicKey(self):
  return keys.Key.fromFile(self.keyfile+'.pub').blob()
def getPrivateKey(self):
  return defer.succeed(keys.Key.fromFile(self.keyfile).keyObject)

comment:8 in reply to:  7 Changed 9 years ago by sakalsiz

Replying to z3p:

Replying to sakalsiz:

I already tried both, but none of them works. That's why I opened this ticket.

Try:

def getPublicKey(self):
  return keys.Key.fromFile(self.keyfile+'.pub').blob()
def getPrivateKey(self):
  return defer.succeed(keys.Key.fromFile(self.keyfile).keyObject)

Still doesn't work, requires the patch above I proposed. It also gives warnings.

comment:9 Changed 8 years ago by therve

Milestone: Twisted-8.2+1
Owner: changed from z3p to therve

I can reproduce the problem.

comment:10 Changed 8 years ago by therve

Author: therve
Branch: branches/alternate-dsa-key-3630

(In [27038]) Branching to 'alternate-dsa-key-3630'

comment:11 Changed 8 years ago by therve

Resolution: duplicate
Status: newclosed

This is a duplicate of #3391 in the end.

comment:12 Changed 7 years ago by <automation>

Owner: therve deleted
Note: See TracTickets for help on using tickets.