[Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

Glyph Lefkowitz glyph at twistedmatrix.com
Tue Dec 20 18:13:31 MST 2016 

Here's buildbot's key:

buildbot.twistedmatrix.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBcw4pr6WdgDMw7PbkvsuEdCqKQTtpLYPGoe7qkuQucuexYBiCkO/BeoB0wANX2cVmxUP0llpYJQL4w3cAR0csA=

I think you should be able to validate that even if you can't auth :)

-g


> On Dec 20, 2016, at 4:54 PM, Craig Rodrigues <rodrigc at crodrigues.org> wrote:
> 
> I'm not sure. I was able to use conch to log into a box where the ecdsa key looked like this in my ~/.ssh/known_hosts
> 
> 192.168.1.2 ecdsa-sha2-nistp256 XXXXXXXXXX
> 
> --
> 
> Craig
> 
> 
> 
> 
> On Tue, Dec 20, 2016 at 4:10 PM, Glyph Lefkowitz <glyph at twistedmatrix.com <mailto:glyph at twistedmatrix.com>> wrote:
> It works:
> 
> $ conch twistedmatrix.com <http://twistedmatrix.com/> echo hooray
> hooray
>       $ conch --version
> Twisted version: 16.6.0dev0
> $ 
> 
> That's using an RSA host key though.  It seems that the hosts I have using ECDSA keys (buildbot.twistedmatrix.com <http://buildbot.twistedmatrix.com/>, for example) still don't work with conch.  Is that expected at this point?
> 
> -glyph
> 
>> On Dec 20, 2016, at 2:32 PM, Craig Rodrigues <rodrigc at crodrigues.org <mailto:rodrigc at crodrigues.org>> wrote:
>> 
>> On Friday, December 2, 2016, Glyph Lefkowitz <glyph at twistedmatrix.com <mailto:glyph at twistedmatrix.com>> wrote:
>> I think there might be a regression in 16.6.0.
>> 
>> For every version up to 16.6.0, I can do 'conch twistedmatrix.com <http://twistedmatrix.com/>' in a shell and it works fine.
>> 
>> I believe that I have fixed this in trunk.
>> Can you try this with conch in trunk?
>> 
>> This works for me in trunk:
>> 
>> 1.  Start with an empty ~/.ssh/known_hosts file , or one with an ecdsa key for myhost.com <http://myhost.com/>
>> 2.  ssh myhost.com <http://myhost.com/>
>> 3.  log out of myhost.com <http://myhost.com/>
>> 3.  see that ~/.ssh/known_hosts contains an ecdsa host key for myhost.com <http://myhost.com/>
>> 4.  conch myhost.com <http://myhost.com/>
>> 5.  successfully log into myhost.com <http://myhost.com/> with conch
>> 
>> Before the latest fixes, I would get a bad host key error in step 5.
>> 
>> Many thanks to the0id and acabhishek942 for providing the ecdsa fixes to conch.
>> 
>> --
>> Craig
>>  
>> _______________________________________________
>> Twisted-Python mailing list
>> Twisted-Python at twistedmatrix.com <mailto:Twisted-Python at twistedmatrix.com>
>> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python <http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python>
> 
> 
> _______________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com <mailto:Twisted-Python at twistedmatrix.com>
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python <http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python>
> 
> 
> _______________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20161220/21ca472b/attachment-0002.html>

More information about the Twisted-Python mailing list