-
-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] - crypto - macs - local_mac misses umac-128@openssh.com,umac-128-etm@openssh.com in the structure #2310
Comments
paramiko currently doesn't support |
@jun66j5
|
That is due to incorrectly directly setting to paramiko.Transport._preferred_macs = ('umac-128-etm@openssh.com',) Instead, use SecurityOptions.digests to prefer MAC algorithms, and an exception is raised for unavailable algorithm: >>> import paramiko
>>>
>>> def transport_factory(*args, **kwargs):
... t = paramiko.Transport(*args, **kwargs)
... opts = t.get_security_options()
... opts.digests = ['umac-128@openssh.com', 'umac-128-etm@openssh.com']
... return t
...
>>> cli = paramiko.SSHClient()
>>> cli.set_missing_host_key_policy(paramiko.AutoAddPolicy)
>>> cli.connect('::1', transport_factory=transport_factory)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/home/jun66j5/src/paramiko/paramiko/client.py", line 413, in connect
t = self._transport = transport_factory(
^^^^^^^^^^^^^^^^^^
File "<stdin>", line 4, in transport_factory
File "/home/jun66j5/src/paramiko/paramiko/transport.py", line 3072, in digests
self._set("_preferred_macs", "_mac_info", x)
File "/home/jun66j5/src/paramiko/paramiko/transport.py", line 3053, in _set
raise ValueError("unknown cipher")
ValueError: unknown cipher
>>> |
@jun66j5 thank you for the example. It looks like the error message could be incorrect? ( also, as I mentioned, the debug message confused me:
so
( https://github.com/paramiko/paramiko/blob/3.3.1/paramiko/transport.py#L2437 ) |
No. I don't think so. >>> import paramiko
>>> import socket
>>> s = socket.socket()
>>> t = paramiko.Transport(s)
>>> opts = t.get_security_options()
>>> for prop in ('ciphers', 'digests', 'key_types', 'kex'):
... try:
... setattr(opts, prop, ['unknown'])
... except ValueError as e:
... print('%s: %r' % (prop, e))
...
ciphers: ValueError('unknown cipher')
digests: ValueError('unknown cipher')
key_types: ValueError('unknown cipher')
kex: ValueError('unknown cipher') The same message is used and raised for all of algorithm options. If you want better messages for this, you could create a PR. See also
Huh? That is the result of incorrect setting to |
@jun66j5 I addressed logging issue (cipher) as for such messages, it is not relevant to the incorrect setting. you can use standart settings and get the same bug,
run and grep:
|
Are you using paramiko as a client or server?
Client
What feature(s) aren't working right?
Keys/auth
What version(s) of paramiko are you using?
3.3.1
What version(s) of Python are you using?
3.7.16
What operating system and version are you using?
Amazon Linux 2
If you're connecting as a client, which SSH server are you connecting to?
SSH-2.0-OpenSSH_8.7 FreeBSD-openssh-portable-8.7.p1_1
If you're using paramiko as part of another tool, which tool/version?
No response
Expected/desired behavior
connection establishes with preferred macs "umac-128@openssh.com" or "umac-128-etm@openssh.com"
Actual behavior
code:
where self.local_mac struct is:
it is absent there, though debug output gives us it is supported:
How to reproduce
Anything else?
standart ssh linux client uses (ssh -vv mode):
The text was updated successfully, but these errors were encountered: