You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Paramiko currently uses getpass.getuser() to determine the local username, which works by examining various environment variables, starting with LOGNAME. However, that can give the wrong answer following su. For example:
> sudo su -m nobody
su: /root/.bashrc: Permission denied
[nobody@myhost /mydirectory]$ echo $LOGNAME
root
This leads to authentication errors, at least when using hostbased authentication as in PR #2093, like this: paramiko.ssh_exception.AuthenticationException: /usr/libexec/ssh-keysign terminated with an error: not a valid request. I haven't yet figured out how to trigger the problem without hostbased authentication, but config.py and client.py both use getpass.getuser().
Paramiko currently uses
getpass.getuser()
to determine the local username, which works by examining various environment variables, starting withLOGNAME
. However, that can give the wrong answer followingsu
. For example:This leads to authentication errors, at least when using hostbased authentication as in PR #2093, like this:
paramiko.ssh_exception.AuthenticationException: /usr/libexec/ssh-keysign terminated with an error: not a valid request
. I haven't yet figured out how to trigger the problem without hostbased authentication, but config.py and client.py both usegetpass.getuser()
.OpenSSH itself does not. It uses the process's uid. See https://github.com/freebsd/freebsd-src/blob/150486f6a940947fa7a7c6db357c3f92d07a955f/crypto/openssh/ssh.c#L660 . I suggest that Paramiko do the same. Doing that fixes the hostbased authentication errors after
su
. Do you agree? the Python code isThe text was updated successfully, but these errors were encountered: