Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ecdsa.der.UnexpectedDER with my ECDSA key #559

KokaKiwi opened this issue Jul 16, 2015 · 7 comments

ecdsa.der.UnexpectedDER with my ECDSA key #559

KokaKiwi opened this issue Jul 16, 2015 · 7 comments


Copy link

@KokaKiwi KokaKiwi commented Jul 16, 2015

Hi, I'm using Fabric and I noticed using the 1.15 version that my ECDSA key raise an exception when handled by paramiko:

Traceback (most recent call last):
  File ".../deploy/.venv/lib/python2.7/site-packages/fabric/", line 743, in main
    *args, **kwargs
  File ".../deploy/.venv/lib/python2.7/site-packages/fabric/", line 387, in execute
  File ".../deploy/.venv/lib/python2.7/site-packages/fabric/", line 277, in _execute
    return*args, **kwargs)
  File ".../deploy/.venv/lib/python2.7/site-packages/fabric/", line 174, in run
    return self.wrapped(*args, **kwargs)
  File ".../deploy/.venv/lib/python2.7/site-packages/fabric/", line 53, in inner_decorator
    return func(*args, **kwargs)
  File ".../deploy/fabfile/", line 32, in install
    cmd.packages_install('zsh', 'sudo', 'curl', 'git', 'openssl')
  File ".../deploy/fabfile/", line 35, in packages_install
  File ".../deploy/.venv/lib/python2.7/site-packages/", line 154, in wrapper
    return function(*args, **kwargs)
  File ".../deploy/.venv/lib/python2.7/site-packages/", line 204, in wrapper
    return specific(*args, **kwargs)
  File ".../deploy/.venv/lib/python2.7/site-packages/", line 1006, in package_ensure_apt
    status = run("dpkg-query -W -f='${Status} ' %s && echo OK;true" % p)
  File ".../deploy/.venv/lib/python2.7/site-packages/", line 433, in run
    return*args, **kwargs)
  File ".../deploy/.venv/lib/python2.7/site-packages/fabric/", line 649, in host_prompting_wrapper
    return func(*args, **kwargs)
  File ".../deploy/.venv/lib/python2.7/site-packages/fabric/", line 1056, in run
  File ".../deploy/.venv/lib/python2.7/site-packages/fabric/", line 923, in _run_command
    channel=default_channel(), command=wrapped_command, pty=pty,
  File ".../deploy/.venv/lib/python2.7/site-packages/fabric/", line 397, in default_channel
    chan = _open_session()
  File ".../deploy/.venv/lib/python2.7/site-packages/fabric/", line 389, in _open_session
    return connections[env.host_string].get_transport().open_session()
  File ".../deploy/.venv/lib/python2.7/site-packages/fabric/", line 159, in __getitem__
  File ".../deploy/.venv/lib/python2.7/site-packages/fabric/", line 151, in connect
    user, host, port, cache=self, seek_gateway=seek_gateway)
  File ".../deploy/.venv/lib/python2.7/site-packages/fabric/", line 452, in connect
  File ".../deploy/.venv/lib/python2.7/site-packages/paramiko/", line 307, in connect
    look_for_keys, gss_auth, gss_kex, gss_deleg_creds, gss_host)
  File ".../deploy/.venv/lib/python2.7/site-packages/paramiko/", line 497, in _auth
    key = pkey_class.from_private_key_file(filename, password)
  File ".../deploy/.venv/lib/python2.7/site-packages/paramiko/", line 183, in from_private_key_file
    key = cls(filename=filename, password=password)
  File ".../deploy/.venv/lib/python2.7/site-packages/paramiko/", line 49, in __init__
    self._from_private_key_file(filename, password)
  File ".../deploy/.venv/lib/python2.7/site-packages/paramiko/", line 148, in _from_private_key_file
  File ".../deploy/.venv/lib/python2.7/site-packages/paramiko/", line 158, in _decode_key
    s, padding = der.remove_sequence(data)
  File ".../deploy/.venv/lib/python2.7/site-packages/ecdsa/", line 65, in remove_sequence
    raise UnexpectedDER("wanted sequence (0x30), got 0x%02x" % n)
ecdsa.der.UnexpectedDER: wanted sequence (0x30), got 0x2d

I don't have any idea why I have this as my key is working perfectly with my OpenSSH client.

Copy link

@arittr arittr commented Oct 12, 2015

any news on this? i have the exact same issue and it's very frustrating

Copy link

@cebrusfs cebrusfs commented Jan 14, 2016

I got the same error with password-encrypted ecdsa key. But after I removed the password, it will not raise the exception. I think paramiko may not handle the encrypted ecdsa key.

Copy link

@mikl mikl commented Feb 29, 2016

Ditto here, only remedy was to make sure Paramiko does not try to load the ecdsa key.

Copy link

@cebrusfs cebrusfs commented May 8, 2016

I traced this bug and it seems that it didn't handle the Exception of der in ecdsa key parsing phase. However, this bug is fixed in the latest version. I re-installed paramiko by pip and never see the error message.

PS: the paramiko version with bug in my machine is paramiko-1.16.0, but there is paramiko-2.0.0 on pip.

Copy link

@cebrusfs cebrusfs commented May 9, 2016

Sorry that I make some mistake. The issue is still there even the is refactored.
I've created a pull request to handle this case.

Copy link

@bitprophet bitprophet commented May 12, 2016

I'm wondering what the initial trigger for this was, since @cebrusfs' patch only fixes the post-2.0.0 use case. Perhaps folks getting this pre-2.0 are using specific subtypes of ECDSA keys we didn't support previously (e.g. #731 - though that notes the errors encountered w/ such keys were silent failures...but could still have been the usual "only the last error gets raised" behavior in play).

Going to close/roll into #742 in the hopes that the earlier instances have been addressed in recent updates - please comment if you can still recreate the original error here, with Paramiko 2.0.1 or above (once that's out with #742 in it).

@bitprophet bitprophet closed this May 12, 2016
Copy link

@cebrusfs cebrusfs commented May 12, 2016

In my use case, I use client.connect() with username and password to connect a server. paramiko will load all keys in .ssh/id_* and tried to use this password to decrypt them.
The password is not the password of my private key, so the key parser gets the garbage contents and then raises the error.

I believed that some people here met the same situation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants
You can’t perform that action at this time.