You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 11, 2022. It is now read-only.
I'm trying to get paramiko working with the Berryian 2.0.0 distribution. Using cryptography 2.3.1, OpenSSL 1.0.2p, and paramiko 2.4.2 to open an SSH connection givens the error:
cryptography.exceptions.UnsupportedAlgorithm: Backend object does not support secp256r1.
I checked with the cryptography contributors, and they said that the OpenSSL backend should provide support for secp256r1. See pyca/cryptography#4691. I'm wondering if there's any known reason why this might be happening.
Versions of Python, cryptography, cffi, pip, and setuptools you're using
Running on Raspberry Pi 3+ with Raspbian Stretch and the Berryconda 2.0.0 distribution.
Clear steps for reproducing your bug
Installed Berryconda; pip installed paramiko; ran a simple example:
import paramiko
t = paramiko.Transport(("127.0.0.1", 22))
t.connect(username="pi", password=<password>)
This gives error:
Unknown exception: Backend object does not support secp256r1.
Traceback (most recent call last):
File "/home/producer/berryconda3/lib/python3.6/site-packages/paramiko/transport.py", line 2010, in run
self._handler_table[ptype](self, m)
File "/home/producer/berryconda3/lib/python3.6/site-packages/paramiko/transport.py", line 2126, in _negotiate_keys
self.kex_engine.start_kex()
File "/home/producer/berryconda3/lib/python3.6/site-packages/paramiko/kex_ecdh_nist.py", line 32, in start_kex
self._generate_key_pair()
File "/home/producer/berryconda3/lib/python3.6/site-packages/paramiko/kex_ecdh_nist.py", line 53, in _generate_key_pair
self.P = ec.generate_private_key(self.curve, default_backend())
File "/home/producer/berryconda3/lib/python3.6/site-packages/cryptography/hazmat/primitives/asymmetric/ec.py", line 287, in generate_private_key
return backend.generate_elliptic_curve_private_key(curve)
File "/home/producer/berryconda3/lib/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1346, in generate_elliptic_curve_private_key
_Reasons.UNSUPPORTED_ELLIPTIC_CURVE
cryptography.exceptions.UnsupportedAlgorithm: Backend object does not support secp256r1.
The text was updated successfully, but these errors were encountered:
eric-nok
changed the title
Problem with cryptography and OpenSSL packages
Issue with Berryconda cryptography and OpenSSL
Jan 15, 2019
I looked at the OpenSSL package in Berryconda and it looks like the binary prefix replacement done by conda was interfering with the secp256r1 cipher. Rebuilding the package with the replacement turned off fixed the issue on my Pi. You will need to update the openssl package, either to 1.0.2p build 1 or 1.0.2q, the later should be installed if you run conda update openssl.
I'm trying to get paramiko working with the Berryian 2.0.0 distribution. Using cryptography 2.3.1, OpenSSL 1.0.2p, and paramiko 2.4.2 to open an SSH connection givens the error:
I checked with the
cryptography
contributors, and they said that the OpenSSL backend should provide support for secp256r1. See pyca/cryptography#4691. I'm wondering if there's any known reason why this might be happening.Versions of Python,
cryptography
,cffi
,pip
, andsetuptools
you're usingPython: 3.6.1
cryptography: 2.3.1
cffi: 1.11.5
pip: 18.1
setup tools: 36.0.1
openssl: 1.0.2p
Running on Raspberry Pi 3+ with Raspbian Stretch and the Berryconda 2.0.0 distribution.
Clear steps for reproducing your bug
Installed Berryconda; pip installed paramiko; ran a simple example:
This gives error:
The text was updated successfully, but these errors were encountered: