Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support new key format #1313

Closed
dj-foxxy opened this issue Oct 7, 2018 · 9 comments
Closed

Support new key format #1313

dj-foxxy opened this issue Oct 7, 2018 · 9 comments

Comments

@dj-foxxy
Copy link

@dj-foxxy dj-foxxy commented Oct 7, 2018

I generated a key using ssh-keygen but it's now in a different format and paramiko failed saying Authentication failed.. I had to make a new key like this ssh-keygen -m PEM.

@elijahbal

This comment has been minimized.

Copy link

@elijahbal elijahbal commented Oct 13, 2018

Yes, it is because openssh has its own format for generating keys, that is not understood but almost all the implementations out there.

This is a low priority issue but still a problem for most users. I am not aware of a python implementation of that openSSH internal format, but there is definitely a need for having interoperability improved in this domain.

gbenhaim added a commit to lago-project/lago that referenced this issue Nov 20, 2018
OpenSSH-7.8 introudced a new key format which isn't supported by
paramiko [1]. Use PEM key format instead.

We have not seen this error in CI since the fallback is to use password
authentication.

[1] paramiko/paramiko#1313

Signed-off-by: gbenhaim <galbh2@gmail.com>
galitf pushed a commit to galitf/lago that referenced this issue Nov 27, 2018
OpenSSH-7.8 introudced a new key format which isn't supported by
paramiko [1]. Use PEM key format instead.

We have not seen this error in CI since the fallback is to use password
authentication.

[1] paramiko/paramiko#1313

Signed-off-by: gbenhaim <galbh2@gmail.com>
@PierreSelim

This comment has been minimized.

Copy link

@PierreSelim PierreSelim commented Apr 5, 2019

This change from OpenSSH is unfortunate ;(

@radssh

This comment has been minimized.

Copy link
Contributor

@radssh radssh commented Apr 5, 2019

Until the file format is natively supported by Paramiko, you can still use these keys by making them accessible via ssh-agent. That way, it is the OpenSSH utility that loads and reads the file format, then makes the key available so that Paramiko is able to perform the signing of data by proxy, instead of having to read and interpret the private key contents.

@PierreSelim

This comment has been minimized.

Copy link

@PierreSelim PierreSelim commented Apr 5, 2019

Thanks for this. To be clear, I find unfortunate that OpenSSH change formats of things such as SSH key, not really the fact paramiko does not support it yet.

@hyperknot

This comment has been minimized.

Copy link

@hyperknot hyperknot commented May 14, 2019

This is a problem with recent macOS, whose OpenSSL ssh-keygen has changed the default format. Now a generated SSH key starts with:

-----BEGIN OPENSSH PRIVATE KEY-----

instead of the supported

-----BEGIN RSA PRIVATE KEY-----

To generate a supported key, use the following command:

ssh-keygen -t rsa -b 4096 -C "email@email.com" -m PEM
@SharkFourSix

This comment has been minimized.

Copy link

@SharkFourSix SharkFourSix commented May 22, 2019

@hyperknot This does not work for me. What the hell. Any other solution?

@hyperknot

This comment has been minimized.

Copy link

@hyperknot hyperknot commented May 22, 2019

@SharkFourSix remove the old keys and make a new one. It should start with -----BEGIN RSA PRIVATE KEY-----

@SharkFourSix

This comment has been minimized.

Copy link

@SharkFourSix SharkFourSix commented Aug 1, 2019

hyperknot I inadvertently updated paramiko and it seems it's fixed.

@bitprophet

This comment has been minimized.

Copy link
Member

@bitprophet bitprophet commented Aug 7, 2019

This seems like it may concern the new OpenSSH key format - see #1343.

@bitprophet bitprophet closed this Aug 7, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
7 participants
You can’t perform that action at this time.