SSHLibrary icon indicating copy to clipboard operation
SSHLibrary copied to clipboard

Published 20 hours ago verified publisher icon robotframework

key-based authentication doesn't work with Paramiko >= 2.8.0

Open PapaPaule opened this issue 3 years ago • 5 comments

I cannot get the keyword "Login with Public Key" working with Paramiko >= 2.8.0. If switching back to Paramiko==2.7.1 it works perfectly.

PapaPaule avatar Jan 18 '22 14:01 PapaPaule

Hello! Unfortunately, I was unable to replicate the proposed issue. As you can see in the photo (see attached photo below), by using Paramiko 2.9.2, I was able to authenticate with the identity file.

Please let me know if you found any problems in my attempt to replicate the issue or if I misunderstood the problem. Thank you kindly for your involvement.

image

URunDEAD avatar Jan 26 '22 10:01 URunDEAD

Hi,

I think I'm having the same problem. I came back to some old code I was using last year, I'm sure that I used to be able to log in with the Login command, password set to None and the 'look_for_keys' option set to true. This is failing with the following information:

Traceback (most recent call last):
  File "/usr/local/lib/python3.8/dist-packages/SSHLibrary/pythonclient.py", line 183, in _login
    self.client.connect(self.config.host, self.config.port, username,
  File "/usr/local/lib/python3.8/dist-packages/paramiko/client.py", line 435, in connect
    self._auth(
  File "/usr/local/lib/python3.8/dist-packages/paramiko/client.py", line 766, in _auth
    raise saved_exception
  File "/usr/local/lib/python3.8/dist-packages/paramiko/client.py", line 753, in _auth
    self._transport.auth_password(username, password)
  File "/usr/local/lib/python3.8/dist-packages/paramiko/transport.py", line 1563, in auth_password
    return self.auth_handler.wait_for_response(my_event)
  File "/usr/local/lib/python3.8/dist-packages/paramiko/auth_handler.py", line 258, in wait_for_response
    raise e
paramiko.ssh_exception.AuthenticationException: Authentication failed.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.8/dist-packages/SSHLibrary/pythonclient.py", line 197, in _login
    transport.auth_password(username, password)
  File "/usr/local/lib/python3.8/dist-packages/paramiko/transport.py", line 1563, in auth_password
    return self.auth_handler.wait_for_response(my_event)
  File "/usr/local/lib/python3.8/dist-packages/paramiko/auth_handler.py", line 258, in wait_for_response
    raise e
paramiko.ssh_exception.AuthenticationException: Authentication failed.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.8/dist-packages/SSHLibrary/abstractclient.py", line 208, in login
    self._login(username, password, allow_agent, look_for_keys, proxy_cmd, read_config,
  File "/usr/local/lib/python3.8/dist-packages/SSHLibrary/pythonclient.py", line 199, in _login
    raise SSHClientException
SSHLibrary.abstractclient.SSHClientException

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.8/dist-packages/SSHLibrary/library.py", line 1087, in _login
    login_output = login_method(username, *args)
  File "/usr/local/lib/python3.8/dist-packages/SSHLibrary/abstractclient.py", line 212, in login
    raise SSHClientException("Authentication failed for user '%s'."
SSHLibrary.abstractclient.SSHClientException: Authentication failed for user 'root'.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python3.8/dist-packages/SSHLibrary/library.py", line 1007, in login
    return self._login(self.current.login, username, password, is_truthy(allow_agent),
  File "/usr/local/lib/python3.8/dist-packages/SSHLibrary/library.py", line 1093, in _login
    raise RuntimeError(e)
RuntimeError: Authentication failed for user 'root'.

The Login With Public Key keyword and manually specifying the key also fails, giving this:

Unknown exception: 'NoneType' object has no attribute 'public_blob'
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/dist-packages/paramiko/transport.py", line 2163, in run
    handler(self.auth_handler, m)
  File "/usr/local/lib/python3.8/dist-packages/paramiko/auth_handler.py", line 365, in _parse_service_accept
    key_type, bits = self._get_key_type_and_bits(self.private_key)
  File "/usr/local/lib/python3.8/dist-packages/paramiko/auth_handler.py", line 216, in _get_key_type_and_bits
    if key.public_blob:
AttributeError: 'NoneType' object has no attribute 'public_blob'

Traceback (most recent call last):
  File "/usr/local/lib/python3.8/dist-packages/SSHLibrary/pythonclient.py", line 229, in _login_with_public_key
    self.client.connect(self.config.host, self.config.port, username,
  File "/usr/local/lib/python3.8/dist-packages/paramiko/client.py", line 435, in connect
    self._auth(
  File "/usr/local/lib/python3.8/dist-packages/paramiko/client.py", line 766, in _auth
    raise saved_exception
  File "/usr/local/lib/python3.8/dist-packages/paramiko/client.py", line 753, in _auth
    self._transport.auth_password(username, password)
  File "/usr/local/lib/python3.8/dist-packages/paramiko/transport.py", line 1563, in auth_password
    return self.auth_handler.wait_for_response(my_event)
  File "/usr/local/lib/python3.8/dist-packages/paramiko/auth_handler.py", line 258, in wait_for_response
    raise e
paramiko.ssh_exception.AuthenticationException: Authentication failed.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.8/dist-packages/SSHLibrary/pythonclient.py", line 245, in _login_with_public_key
    transport.auth_publickey(username,None)
  File "/usr/local/lib/python3.8/dist-packages/paramiko/transport.py", line 1634, in auth_publickey
    return self.auth_handler.wait_for_response(my_event)
  File "/usr/local/lib/python3.8/dist-packages/paramiko/auth_handler.py", line 244, in wait_for_response
    raise e
  File "/usr/local/lib/python3.8/dist-packages/paramiko/transport.py", line 2163, in run
    handler(self.auth_handler, m)
  File "/usr/local/lib/python3.8/dist-packages/paramiko/auth_handler.py", line 365, in _parse_service_accept
    key_type, bits = self._get_key_type_and_bits(self.private_key)
  File "/usr/local/lib/python3.8/dist-packages/paramiko/auth_handler.py", line 216, in _get_key_type_and_bits
    if key.public_blob:
AttributeError: 'NoneType' object has no attribute 'public_blob'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.8/dist-packages/SSHLibrary/abstractclient.py", line 284, in login_with_public_key
    self._login_with_public_key(username, keyfile, password,
  File "/usr/local/lib/python3.8/dist-packages/SSHLibrary/pythonclient.py", line 247, in _login_with_public_key
    raise SSHClientException
SSHLibrary.abstractclient.SSHClientException

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.8/dist-packages/SSHLibrary/library.py", line 1087, in _login
    login_output = login_method(username, *args)
  File "/usr/local/lib/python3.8/dist-packages/SSHLibrary/abstractclient.py", line 290, in login_with_public_key
    raise SSHClientException("Login with public key failed for user "
SSHLibrary.abstractclient.SSHClientException: Login with public key failed for user 'root'.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python3.8/dist-packages/SSHLibrary/library.py", line 1077, in login_with_public_key
    return self._login(self.current.login_with_public_key, username,
  File "/usr/local/lib/python3.8/dist-packages/SSHLibrary/library.py", line 1093, in _login
    raise RuntimeError(e)
RuntimeError: Login with public key failed for user 'root'.

StephenGentle avatar Feb 24 '22 05:02 StephenGentle

Going by what @PapaPaule said, I tried going back to Paramiko 2.7.1 and it works perfectly with that version.

StephenGentle avatar Feb 24 '22 05:02 StephenGentle

One possible cause for keys not working with 2.9.0+ while working with 2.7.1 is change to support server-sig-algs. https://www.paramiko.org/changelog.html for 2.9.0:

This change is slightly backwards incompatible, insofar as action is required if your target systems do not support either RSA2 or the server-sig-algs protocol extension.

IIRC for some reason 2.8 does not work either, but cannot tell from changelog why.

So maybe the remote server does not support server-sig-algs, i.e. uses legacy ssh-rsa. Workaround could be to

  • Regenerate keys as ecdsa.
  • Update remote ssh server to support server-sig-algs.
  • Pin to paramiko 2.7.x.
  • Specify disabled_algorithms={'keys': ['rsa-sha2-256', 'rsa-sha2-512']} (not sure how)

terokinnunen avatar Feb 24 '22 18:02 terokinnunen

  • Specify disabled_algorithms={'keys': ['rsa-sha2-256', 'rsa-sha2-512']} (not sure how)

no it's pubkeys for the workaround

conn.connect('host', username='user', pkey=pkey, disabled_algorithms={'pubkeys': ['rsa-sha2-256', 'rsa-sha2-512']})

Matze1224 avatar Jan 31 '23 12:01 Matze1224