I am trying to use the SFTP Operator/Hook with a SSH private key instead of a password.
My connection has the following extra arguments: {"key_file": "/home/airflow/key_files/some_key", "no_host_key_check": "true"}. My SSH Private key looks like the following:
-----BEGIN OPENSSH PRIVATE KEY-----
...
-----END OPENSSH PRIVATE KEY-----
Now when I try to create a hook I get the following error:
>>> from airflow.contrib.hooks.sftp_hook import SFTPHook
>>> s = SFTPHook(ftp_conn_id='my_sftp_connection')
[2020-07-08 13:40:25,449] {base_hook.py:84} INFO - Using connection to: id: my_sftp_connection. Host: my_sftp.com, Port: 22, Schema: None, Login: user, Password: None, extra: {'key_file': '/home/airflow/key_files/some_key', 'no_host_key_check': 'true'}
[2020-07-08 13:40:25,452] {base_hook.py:84} INFO - Using connection to: id: my_sftp_connection. Host: my_sftp.com, Port: 22, Schema: None, Login: user, Password: None, extra: {'key_file': '/home/airflow/key_files/some_key', 'no_host_key_check': 'true'}
>>> s.list_directory('/')
Traceback (most recent call last):
File "/home/airflow/.local/lib/python3.6/site-packages/pysftp/__init__.py", line 167, in _set_authentication
private_key_file, private_key_pass)
File "/home/airflow/.local/lib/python3.6/site-packages/paramiko/pkey.py", line 206, in from_private_key_file
key = cls(filename=filename, password=password)
File "/home/airflow/.local/lib/python3.6/site-packages/paramiko/rsakey.py", line 55, in __init__
self._from_private_key_file(filename, password)
File "/home/airflow/.local/lib/python3.6/site-packages/paramiko/rsakey.py", line 175, in _from_private_key_file
data = self._read_private_key_file("RSA", filename, password)
File "/home/airflow/.local/lib/python3.6/site-packages/paramiko/pkey.py", line 279, in _read_private_key_file
data = self._read_private_key(tag, f, password)
File "/home/airflow/.local/lib/python3.6/site-packages/paramiko/pkey.py", line 289, in _read_private_key
raise SSHException("not a valid " + tag + " private key file")
paramiko.ssh_exception.SSHException: not a valid RSA private key file
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/home/airflow/.local/lib/python3.6/site-packages/airflow/contrib/hooks/sftp_hook.py", line 151, in list_directory
conn = self.get_conn()
File "/home/airflow/.local/lib/python3.6/site-packages/airflow/contrib/hooks/sftp_hook.py", line 114, in get_conn
self.conn = pysftp.Connection(**conn_params)
File "/home/airflow/.local/lib/python3.6/site-packages/pysftp/__init__.py", line 142, in __init__
self._set_authentication(password, private_key, private_key_pass)
File "/home/airflow/.local/lib/python3.6/site-packages/pysftp/__init__.py", line 171, in _set_authentication
private_key_file, private_key_pass)
File "/home/airflow/.local/lib/python3.6/site-packages/paramiko/pkey.py", line 206, in from_private_key_file
key = cls(filename=filename, password=password)
File "/home/airflow/.local/lib/python3.6/site-packages/paramiko/dsskey.py", line 65, in __init__
self._from_private_key_file(filename, password)
File "/home/airflow/.local/lib/python3.6/site-packages/paramiko/dsskey.py", line 224, in _from_private_key_file
data = self._read_private_key_file("DSA", filename, password)
File "/home/airflow/.local/lib/python3.6/site-packages/paramiko/pkey.py", line 279, in _read_private_key_file
data = self._read_private_key(tag, f, password)
File "/home/airflow/.local/lib/python3.6/site-packages/paramiko/pkey.py", line 289, in _read_private_key
raise SSHException("not a valid " + tag + " private key file")
paramiko.ssh_exception.SSHException: not a valid DSA private key file
What am I doing wrong here? That same SSH key works with WINSCP and the SFTP command in bash.
Think I figured it out. I upgraded that paramiko library and now it appears to be working. Will leave this as unanswered in case there was something else I was doing wrong.
I have the exact same problem, except that I'm using Composer, which is Airflow-based managed service in Google Cloud and I do not use the SFTP contrib operator.
Instead I use the apache-airflow-backport-providers-sftp which is backported from Airflow 2.0 and is compatible with my Airflow environment, which is 1.10.14.
It works fine with a user/password, but fails with an RSA key.
The contrib operator and the provider package are equivalent, and depend on the same Python modules: paramiko, pysftp, and sshtunnel.
My pip freeze:
paramiko==2.7.2 (latest release)
pysftp==0.2.9 (latest release)
sshtunnel==0.1.5 (latest release is 0.4.0)
In my understanding, and following your description, the problem is not in the top module (contrib or provider). You said that the problem is in paramiko but it works fine for me with the SSH operator and a RSA key. So, maybe it is in pysftp...
I am lost here.
Related
I try to connect via Nornir / Netmiko to an Cisco CSR1k Router. In AWS keys are used and the EC2-USER expect a key authentication.
This is my simple test Nornir Script:
from nornir_netmiko import netmiko_send_config, netmiko_send_command
from nornir import InitNornir
from nornir_utils.plugins.functions import print_result
from nornir.core.filter import F
nr = InitNornir(config_file="config.yaml")
cisco = nr.filter(F(platform="cisco_xe"))
result = cisco.run(
task=netmiko_send_command,
command_string="show arp"
)
print_result(result)
And this is my Inventroy:
---
Europe-Cisco-Site1:
hostname: "18.158.60.42"
username: "ec2-user"
password: ""
platform: "cisco_xe"
groups:
- cisco
I would expect that Nornir will handle the authentication automatically and use the keys. It seams this is not happening.
When I try to connect via ssh from the same host to the AWS EC2 Cisco CSR1k everthing works.
Question:
Do I need to give some extra options to use the SSH key?
I found something like this but it does not work:
connection_options:
paramiko:
port: 22
hostname:
username: "ec2-user"
password:
platform: "cisco_xe"
extras:
alt_host_keys: True
alt_key_file: "/home/coder/.ssh/id_rsa"
use_keys: True
And this is the error what I get:
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/coder/.local/lib/python3.8/site-packages/nornir/core/task.py", line 99, in start
r = self.task(self, **self.params)
File "/home/coder/.local/lib/python3.8/site-packages/nornir_netmiko/tasks/netmiko_send_command.py", line 26, in netmiko_send_command
net_connect = task.host.get_connection(CONNECTION_NAME, task.nornir.config)
File "/home/coder/.local/lib/python3.8/site-packages/nornir/core/inventory.py", line 494, in get_connection
self.open_connection(
File "/home/coder/.local/lib/python3.8/site-packages/nornir/core/inventory.py", line 546, in open_connection
conn_obj.open(
File "/home/coder/.local/lib/python3.8/site-packages/nornir_netmiko/connections/netmiko.py", line 59, in open
connection = ConnectHandler(**parameters)
File "/home/coder/.local/lib/python3.8/site-packages/netmiko/ssh_dispatcher.py", line 326, in ConnectHandler
return ConnectionClass(*args, **kwargs)
File "/home/coder/.local/lib/python3.8/site-packages/netmiko/cisco/cisco_ios.py", line 17, in __init__
return super().__init__(*args, **kwargs)
File "/home/coder/.local/lib/python3.8/site-packages/netmiko/base_connection.py", line 350, in __init__
self._open()
File "/home/coder/.local/lib/python3.8/site-packages/netmiko/base_connection.py", line 355, in _open
self.establish_connection()
File "/home/coder/.local/lib/python3.8/site-packages/netmiko/base_connection.py", line 972, in establish_connection
raise NetmikoAuthenticationException(msg)
netmiko.ssh_exception.NetmikoAuthenticationException: Authentication to device failed.
Common causes of this problem are:
1. Invalid username and password
2. Incorrect SSH-key file
3. Connecting to the wrong device
Device settings: cisco_xe 3.121.222.37:22
What I'm missing here?
Found the solution, this was missing in the inventory file:
connection_options:
netmiko:
extras:
use_keys: true
key_file: "/home/coder/.ssh/id_rsa"
I am creating a script that asks the user for the FQDN of a host, then the script sets that host to maintenance mode. I am running the script on the Windows Management Computer that is obviously connected to the esxi-vcsa that has these hosts on it. 11.11.11.5 is the IP of the vcsa.
from pyvim import connect
from pyVmomi import vim
fqdnInput = input("Enter FQDN of host: ")
host = connect.ConnectNoSSL("11.11.11.5", 443, root, lassword)
searcher = host.content.searchIndex
host = searcher.FindByDnsName(dnsName=fqdnInput, vmSearch=False)
host.EnterMaintenanceMode(0)
When I run that script, I am getting the following error after I input the FQDN name. (I tried both just the host name and host.domain full name).
Traceback (most recent call last):
File "C:\Users\Administrator\Desktop\task4.py", line 14, in <module>
host = connect.ConnectNoSSL("11.11.11.5", 443, "root", "Pa$$w0rd")
File "C:\Users\Administrator\AppData\Local\Programs\Python\Python35\lib\site-packages\pyvim\connect.py", line 308, in ConnectNoSSL
mechanism=mechanism)
File "C:\Users\Administrator\AppData\Local\Programs\Python\Python35\lib\site-packages\pyvim\connect.py", line 266, in Connect
keyFile, certFile, thumbprint, sslContext, connectionPoolTimeout)
File "C:\Users\Administrator\AppData\Local\Programs\Python\Python35\lib\site-packages\pyvim\connect.py", line 390, in __Login
x = content.sessionManager.Login(user, pwd, None)
File "C:\Users\Administrator\AppData\Local\Programs\Python\Python35\lib\site-packages\pyVmomi\VmomiSupport.py", line 706, in <lambda>
self.f(*(self.args + (obj,) + args), **kwargs)
File "C:\Users\Administrator\AppData\Local\Programs\Python\Python35\lib\site-packages\pyVmomi\VmomiSupport.py", line 512, in _InvokeMethod
return self._stub.InvokeMethod(self, info, args)
File "C:\Users\Administrator\AppData\Local\Programs\Python\Python35\lib\site-packages\pyVmomi\SoapAdapter.py", line 1397, in InvokeMethod
raise obj # pylint: disable-msg=E0702
pyVmomi.VmomiSupport.NoPermission: (vim.fault.NoPermission) {
dynamicType = <unset>,
dynamicProperty = (vmodl.DynamicProperty) [],
msg = 'Permission to perform this operation was denied.',
faultCause = <unset>,
faultMessage = (vmodl.LocalizableMessage) [],
object = 'vim.Folder:group-d1',
privilegeId = 'System.View'
}
Help would be appreciated.
It looks like you're dealing with a permissions issue and not a Python issue. I'm going to guess that the searcher is failing, meaning that the account you're using does not have access to the vCenter inventory at all.
Have you tried switching to a different account?
Perhaps the "Administrator#vsphere.local" account?
First off, I want to clarify that I'm pretty new to the whole python world.
I'm trying to create a python script, to ssh to multiple servers and execute bash commands.
For this, I'm using Paramiko, and this has led to some problems.
For some reason, my OpenSSH ssh key doesn't work, but this I have solved by creating a new one, with a different format.
This has led to me having to specify which key I want to use, to start with I tried to connect without a password specified, but then Paramiko couldn't decrypt the key.
password = "somepassword"
pkey_path = "/Users/user1/.ssh/id_rsa_copy"
key = RSAKey.from_private_key_file(pkey_path,password=password)
c = SSHClient()
c.set_missing_host_key_policy(AutoAddPolicy())
c.connect('somesite.com',password=password,pkey=key,look_for_keys=False)
stdin, stdout, stderr = c.exec_command('uptime')
c.close()
When executing the script, I receive the following error:
Traceback (most recent call last):
File "/Users/user1/projects/my_first_venv/lib/python3.7/site-packages/paramiko/rsakey.py", line 185, in _decode_key
data, password=None, backend=default_backend()
File "/Users/user1/projects/my_first_venv/lib/python3.7/site-packages/cryptography/hazmat/primitives/serialization/base.py", line 28, in load_der_private_key
return backend.load_der_private_key(data, password)
File "/Users/user1/projects/my_first_venv/lib/python3.7/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1106, in load_der_private_key
password,
File "/Users/user1/projects/my_first_venv/lib/python3.7/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1277, in _load_key
self._handle_key_loading_error()
File "/Users/user1/projects/my_first_venv/lib/python3.7/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1335, in _handle_key_loading_error
raise ValueError("Could not deserialize key data.")
ValueError: Could not deserialize key data.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/Users/user1/projects/python/paramiko-puppet.py", line 7, in <module>
key = RSAKey.from_private_key_file(pkey_path,password=password)
File "/Users/user1/projects/my_first_venv/lib/python3.7/site-packages/paramiko/pkey.py", line 206, in from_private_key_file
key = cls(filename=filename, password=password)
File "/Users/user1/projects/my_first_venv/lib/python3.7/site-packages/paramiko/rsakey.py", line 55, in __init__
self._from_private_key_file(filename, password)
File "/Users/user1/projects/my_first_venv/lib/python3.7/site-packages/paramiko/rsakey.py", line 176, in _from_private_key_file
self._decode_key(data)
File "/Users/user1/projects/my_first_venv/lib/python3.7/site-packages/paramiko/rsakey.py", line 188, in _decode_key
raise SSHException(str(e))
paramiko.ssh_exception.SSHException: Could not deserialize key data.
EDIT:
As requested here is the command which I used to generate a new ssh key, and what a key looks like when generated.
First I copied my current ssh key and then "transformed" it.
ssh-keygen -p -m PEM -f ~/.ssh/id_rsa_copy
New key:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,E48A0313BF686BDA7EB6B7F26B10BCC0
jeMD8Eh4g5cpq5YkFKMN5EbquJEVwser2NV6QI/ysO7wPs0SVy3HzoRjaOT4Iox+
gOX90VX5pml3v8S7UmYNzvI+sJMIo/pNpG3qai9OkL9/Z0DJRbTOBXY0nJhkvSVl
W41ojZOot/KWlgrHfPkYZ/Q9L4JJbmP/ChEi1SKFhSByjI9oZnmIHPTEinPib8AZ
j7Wd8S5tF6rJtuapVBPEz8NZLDOsTIME9iql3AxURRbMdQz3IfbWMuSP69ZO8ibe
PFnlHC0u6CjYpZ01axegDSw09xDFuywe0tRfCb0eK7NJQxfeLL3IoKz36+74De2Y
QA5jrJ/Yz/HIIWoOYh+M3wXBIBMSQ5I9/K9twEtyJ/zVOLaXEbJlBiWRPcXzbPXf
NwbfUUNc5ylI729FMB+cE3NuPqen3Hw+FlyKAKu2+E8I56THJIjwsZy3xEY4qkdO
pFukD7UiubB11mJUdT2RkNlI8/0zKCfTjzhRD8lEXFtMu/1OSdPdmaNu62XsXMcq
StA+TqnzMFQ+20vde6NgrZagC/jK3yMJgYSTf9uMLhone+SLVXh0AqPNmuvbHPN7
DvGcYTFlNt340of2Pi9myeOPNdZniLZtq7Oz+Z+2hs/3NxciHbO6MbMpK1Uk2pZK
wovw7+nt71IYjWrzfpVbFI2F7Rw+0rTzmIpe56gv1CtlWZ6pXYbnSakyEKXtCTh8
7CJ4ofSChp4vkCtx6wwjZK/1ysLL1i6pY9Y7TMHumKLTjN+iK0oK//h0/EJIUVVn
3HzX/qwYyTLBJrsr/wvWK6AjYRbUjncDC6fyGVSa25tlcgbo7rsTUaEsiBzhxBK/
zolpRjlBiHU4W64niXJShdU9RGANvPe9jiL1dmg58ZpaKRD4mN6qzxfG8TTBxMLS
+VmMgIFwcFVg2PtQgnoaqqcGFUlRlkoZX8rZ7xktg7ghPTRKxoxaeu0WKYrQzowi
hatyNhQbQ6h8zWb0Mt1+EVcatjAPHp8N/wosTX8QkYtyC82/uFXiz3eQr7RBZl4Z
hd2GkGZLvPPgP6dtXwHeqgGabsDCuFAKYhqnvlXeB6TURqgN9z0uBrRf/JzQV3n2
QZkHCoLKxqK86dw5/yjT+gS/kH8QBvvk/qJEh2tLWRrntD2if6KUXWWaFenq3v/U
ZNb3+ZnJKQMm8ujOJ0gzJo+SC2xDNJFOUMJbi7YVZ2JJSOcZ/Tcfbl8/VriKv+wD
kt2Ksv2vtSYXAqmItUnKcZMPVwujmmr+zpO6Nya+v4+nTfb7lgYYlVR/SxipELm4
HCgTFkQ0bQHURz+WikvSP8EvYqc/DpuvBu4m7yTcbKoJk4iozxzG6K3ligo8QT5o
uF2AFcNLOImo4E3sFUAW6FsDxUV+AuOD16XckRUiz+jYIhh6pbXNhfsYLC0bDaSf
3bC5O9IH7vVWzj8FfcuVxRCzHOoMRROrtTa983KV96YHEAzhIzb9GKEAvFkCN6wE
7a2m3MpTszPa+wnFA4CVuXmLsB5jCmzq0CcPE4SKmX03buN9v+oEOTHDUoAyMebg
RPurPnPkZfJT9RH0MNZ2HaavhJ/eXfALveYgSZBdiY6YiseQr5kKZJItKRZWBwR+
-----END RSA PRIVATE KEY-----
If I do exactly the same, it works for me.
But if I use a wrong passphrase in password=password, I get the same error as you get. So double check that you use the correct passphrase.
The password argument of from_private_key_file is your private key passphrase, not your account password.
In general you should not even need any account password, if you use private key, so I'm not sure why you pass password in the connect call – but that's not the immediate issue now.
Using parallel-ssh module I'm trying to run SSH commands using Natinve Client but getting SessionHandshakeError. And if I use Paramiko Client instead, everything works fine. I met the requirement of my_pkey.pub being in the same directory as my_pkey.
Here is my code which uses Native Client (changed real IPs to 'ip1' and 'ip2'):
from pssh.pssh2_client import ParallelSSHClient
pkey = os.path.dirname(os.path.abspath(__file__)) + '/my_pkey'
hosts = ['ip1', 'ip2']
client = ParallelSSHClient(hosts, user='root', pkey=pkey)
output = client.run_command('hostname')
for host, host_output in output.items():
for line in host_output.stdout:
print(line)
Getting this error:
Traceback (most recent call last):
File "C:\Program Files (x86)\Python36-32\lib\site-packages\pssh\ssh2_client.py", line 123, in _init
self.session.handshake(self.sock)
File "ssh2\session.pyx", line 81, in ssh2.session.Session.handshake
ssh2.exceptions.SessionHandshakeError: ('SSH session handshake failed with error code %s', -5)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:\Program Files (x86)\Python36-32\lib\site-packages\pssh\ssh2_client.py", line 123, in _init
self.session.handshake(self.sock)
File "ssh2\session.pyx", line 81, in ssh2.session.Session.handshake
ssh2.exceptions.SessionHandshakeError: ('SSH session handshake failed with error code %s', -5)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:\Program Files (x86)\Python36-32\lib\site-packages\pssh\ssh2_client.py", line 123, in _init
self.session.handshake(self.sock)
File "ssh2\session.pyx", line 81, in ssh2.session.Session.handshake
ssh2.exceptions.SessionHandshakeError: ('SSH session handshake failed with error code %s', -5)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:/Users/NazimokPP/Desktop/AnchorFree/QA-Automation/nodetest/nodetest.py", line 57, in <module>
main(args.server_domain, args.test_type)
File "C:/Users/NazimokPP/Desktop/AnchorFree/QA-Automation/nodetest/nodetest.py", line 45, in main
output = client.run_command('hostname')
File "C:\Program Files (x86)\Python36-32\lib\site-packages\pssh\pssh2_client.py", line 182, in run_command
encoding=encoding, use_pty=use_pty, timeout=timeout)
File "C:\Program Files (x86)\Python36-32\lib\site-packages\pssh\base_pssh.py", line 91, in run_command
self.get_output(cmd, output)
File "C:\Program Files (x86)\Python36-32\lib\site-packages\pssh\base_pssh.py", line 136, in get_output
(channel, host, stdout, stderr, stdin) = cmd.get()
File "C:\Program Files (x86)\Python36-32\lib\site-packages\gevent\greenlet.py", line 482, in get
self._raise_exception()
File "C:\Program Files (x86)\Python36-32\lib\site-packages\gevent\greenlet.py", line 159, in _raise_exception
reraise(*self.exc_info)
File "C:\Program Files (x86)\Python36-32\lib\site-packages\gevent\_compat.py", line 33, in reraise
raise value.with_traceback(tb)
File "C:\Program Files (x86)\Python36-32\lib\site-packages\gevent\greenlet.py", line 536, in run
result = self._run(*self.args, **self.kwargs)
File "C:\Program Files (x86)\Python36-32\lib\site-packages\pssh\pssh2_client.py", line 188, in _run_command
self._make_ssh_client(host)
File "C:\Program Files (x86)\Python36-32\lib\site-packages\pssh\pssh2_client.py", line 313, in _make_ssh_client
allow_agent=self.allow_agent, retry_delay=self.retry_delay)
File "C:\Program Files (x86)\Python36-32\lib\site-packages\pssh\ssh2_client.py", line 107, in __init__
THREAD_POOL.apply(self._init)
File "C:\Program Files (x86)\Python36-32\lib\site-packages\gevent\pool.py", line 325, in apply
return self.spawn(func, *args, **kwds).get()
File "C:\Program Files (x86)\Python36-32\lib\site-packages\gevent\event.py", line 385, in get
return self.get(block=False)
File "C:\Program Files (x86)\Python36-32\lib\site-packages\gevent\event.py", line 375, in get
return self._raise_exception()
File "C:\Program Files (x86)\Python36-32\lib\site-packages\gevent\event.py", line 355, in _raise_exception
reraise(*self.exc_info)
File "C:\Program Files (x86)\Python36-32\lib\site-packages\gevent\_compat.py", line 33, in reraise
raise value.with_traceback(tb)
File "C:\Program Files (x86)\Python36-32\lib\site-packages\gevent\threadpool.py", line 211, in _worker
value = func(*args, **kwargs)
File "C:\Program Files (x86)\Python36-32\lib\site-packages\pssh\ssh2_client.py", line 126, in _init
return self._connect_init_retry(retries)
File "C:\Program Files (x86)\Python36-32\lib\site-packages\pssh\ssh2_client.py", line 116, in _connect_init_retry
return self._init(retries=retries)
File "C:\Program Files (x86)\Python36-32\lib\site-packages\pssh\ssh2_client.py", line 126, in _init
return self._connect_init_retry(retries)
File "C:\Program Files (x86)\Python36-32\lib\site-packages\pssh\ssh2_client.py", line 116, in _connect_init_retry
return self._init(retries=retries)
File "C:\Program Files (x86)\Python36-32\lib\site-packages\pssh\ssh2_client.py", line 128, in _init
raise SessionError(msg, self.host, self.port, ex)
pssh.exceptions.SessionError: ('Error connecting to host %s:%s - %s', 'ip1', 22, SessionHandshakeError('SSH session handshake failed with error code %s', -5))
Process finished with exit code 1
Here is my code which uses Paramiko Client (changed real IPs to 'ip1' and 'ip2'):
from pssh.pssh_client import ParallelSSHClient
from pssh.utils import load_private_key
key_path = os.path.dirname(os.path.abspath(__file__)) + '/my_pkey'
pkey = load_private_key(key_path)
hosts = ['ip1', 'ip2']
client = ParallelSSHClient(hosts, user='root', pkey=pkey)
output = client.run_command('hostname')
for host, host_output in output.items():
for line in host_output.stdout:
print(line)
And it works. Here's the output (should I care about warnings?):
C:\Program Files (x86)\Python36-32\lib\site-packages\paramiko\ecdsakey.py:202: CryptographyDeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
signature, ec.ECDSA(self.ecdsa_curve.hash_object())
C:\Program Files (x86)\Python36-32\lib\site-packages\paramiko\rsakey.py:110: CryptographyDeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
algorithm=hashes.SHA1(),
ip1.hostname
ip2.hostname
Process finished with exit code 0
What am I doing wrong with Native Client?
This error was tracked down to the WinCNG back-end used for libssh2 on Windows - it does not support SHA-256 host key hashes which is now the default in recent versions of OpenSSH server.
The latest version of parallel-ssh, 1.6.0, fixes this issue by switching the Windows back-end to OpenSSL for better compatibility and to match the OSX and Linux binary wheels.
See release notes for more details.
Some explanations which I got from Panos in Google Groups thread. It didn't help me, but maybe it will be helpful for somebody else.
A -5 error is defined as a key exchange error in libssh2. It sounds
like the key type is not supported by libssh2 and paramiko shows
'ecdsakey.py' being used. ECDSA keys are not currently supported by
libssh2 (PR pending).
The warning are from paramiko itself, can't say if they matter.
Better exceptions for native client errors are being worked on for
next release.
_
So for a private key 'my_pkey', there should be a 'my_pkey.pub' in
same directory.
It may also be a case of the SSH server's key not being supported by
the native client (same limitations as user keys) which would explain
the key exchange error. Can check the type of key configured for the
server in /etc/ssh/sshd_config, HostKey entry. There should be at
least one non-ECDSA key configured, eg:
HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
If there is only a ECDSA key entry, the native client will not be able
to connect.
When I kick off my tornado https server, I am asked for a PEM password (which I did not set, so I just hit enter)
Enter PEM pass phrase: 2013-10-17 14:24:46,730 ioloop.py:660 Exception
in I/O handler for fd 3 Traceback (most recent call last): File
"/usr/lib/python2.7/site-packages/tornado/ioloop.py", line 653, in
start
self._handlers[fd](fd, events) File "/usr/lib/python2.7/site-packages/tornado/stack_context.py", line 241,
in wrapped
callback(*args, **kwargs) File "/usr/lib/python2.7/site-packages/tornado/netutil.py", line 141, in
accept_handler
callback(connection, address) File "/usr/lib/python2.7/site-packages/tornado/tcpserver.py", line 212, in
_handle_connection
do_handshake_on_connect=False) File "/usr/lib/python2.7/site-packages/tornado/netutil.py", line 322, in
ssl_wrap_socket
return ssl.wrap_socket(socket, **dict(context, **kwargs)) File "/usr/lib64/python2.7/ssl.py", line 387, in wrap_socket
ciphers=ciphers) File "/usr/lib64/python2.7/ssl.py", line 141, in __init__
ciphers) SSLError: [Errno 336265225] _ssl.c:351: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib Enter
PEM pass phrase:
I generated the keys with these instructions: http://www.thegeekstuff.com/2009/07/linux-apache-mod-ssl-generate-key-csr-crt-file/
Then modified the tornado spin-up as the following
SSL_OPTIONS = {
"certfile": "path/to/crt",
"keyfile": "path/to/private/key", }
https_server = tornado.httpserver.HTTPServer(application, ssl_options=SSL_OPTIONS)
I can't find any solution to this problem. I am using the latest tornado version and python 2.7
Thanks!
If you followed the instructions on that page, your key still has a password, it's just empty. I'm not sure if it's possible to use a key with a password non-interactively in Python 2 (the SSLContext.load_cert_chain method for this is new in Python 3.2). You can create a key with no password at all (which will disable the prompt) by changing -des3 to -nodes in the first step: openssl genrsa -nodes -out www.thegeekstuff.com.key 1024 (and then repeating the remaining steps for the new key), or using openssl rsa to strip the password from the key you've already got (see http://www.mnxsolutions.com/apache/removing-a-passphrase-from-an-ssl-key.html)