New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add support for new OpenSSH private key format #1343
add support for new OpenSSH private key format #1343
Conversation
This work is based off the work done in paramiko#618
Is it not possible for the code supporting the new format in |
Probably. I'll investigate when I get some free time but I'm pretty swamped at the moment. |
Is there any ETA for when the new format could be supported? |
Please merge this. Looks like since OpenSSH 7.8 (released 6 months ago 2018-08-24) the new format is the default. https://www.openssh.com/txt/release-7.8 |
Bump! Fedora 29, openssh 7.9p1. Paramiko can't read my private key files without this change. |
Bumping this as well. This has broken my automation from OS X Mojave |
Is there anything blocking this that requires help? Lacking this is causing major issues for us. |
I'm currently having issues as well. Broken on Debian 9 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it not be better to make it a raw string and drop flake comment?
r"^-{5}BEGIN (RSA|DSA|EC|OPENSSH) PRIVATE KEY-{5}\s*$"
https://lintlyci.github.io/Flake8Rules/rules/W605.html
Yes, fixed. |
Any idea when this will go in? |
elif pkformat == self.PRIVATE_KEY_FORMAT_OPENSSH: | ||
curve, verkey, sigkey = self._uint32_cstruct_unpack(data, "sss") | ||
try: | ||
key = ec.derive_private_key(sigkey, curve, default_backend()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this doesn't work: sigkey
needs to be an integer, and curve
needs to be translated into one of the Curve objects in _ECDSA_CURVES
noticed while working on my port and cleanup of this. here's a test to show the errors:
https://github.com/ploxiln/paramiko-ng/pull/13/files#diff-523fff3457d80985c9d2429eb3aecb6e
the fix is mixed into my large refactor, since I figured this out towards the end:
https://github.com/ploxiln/paramiko-ng/pull/13/files#diff-00344f8a080e03112e93210cdfd37302
|
||
# Remove padding | ||
padlen = byte_ord(keydata[len(keydata) - 1]) | ||
return keydata[: len(keydata) - padlen] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this unpad suffers from roughly the same bug I fixed for Ed25519Key in #1400
any movement? We all know Apple is the new Microsoft, doing everything their own way. However, It kinda sucks when I can't run Ansible / Testinfra from my mac box due to |
This comment was marked as disruptive content.
This comment was marked as disruptive content.
Could we please just run black on pkey and resolve the tests on tests/test_pkey.py? |
Diving into reviewing/tweaking/merging this now. Thanks for everyone who's been keeping the patchset rolling, and for everyone's patience |
Merged to latest master & blackened, taking a look:
|
This will be out in Paramiko 2.7 (only one more ticket after this one before that's cut!) |
@bitprophet thank you for your work on this!! |
thanks so much! |
@johnnybubonic I put 'em in a milestone, I can't say when they'll be gotten to but at least they're on my radar now, thank you! |
The Ed25519Key class contained key parsing and decryption logic for OPENSSH-format keys before that code became generic. Now that paramiko#1343 is merged, this logic becomes redundant and can be removed. This cleanup was extracted from ploxiln#13 and the original author @ploxiln is credited even though I (@intgr) am submitting this pull request. Signed-off-by: Marti Raudsepp <marti@juffo.org>
The Ed25519Key class contained key parsing and decryption logic for OPENSSH-format keys before that code became generic. Now that paramiko#1343 is merged, this logic becomes redundant and can be removed. This cleanup was extracted from ploxiln#13 and the original author @ploxiln is credited as commit author even though I (@intgr) am submitting this pull request. Signed-off-by: Marti Raudsepp <marti@juffo.org>
The Ed25519Key class contained key parsing and decryption logic for OPENSSH-format keys before that code became generic. Now that paramiko#1343 is merged, this logic becomes redundant and can be removed. This cleanup was extracted from ploxiln#13 and the original author @ploxiln is credited as commit author even though I (@intgr) am submitting this pull request. Signed-off-by: Marti Raudsepp <marti@juffo.org>
The Ed25519Key class contained key parsing and decryption logic for OPENSSH-format keys before that code became generic. Now that paramiko#1343 is merged, this logic becomes redundant and can be removed. This cleanup was extracted from ploxiln#13 and the original author @ploxiln is credited as commit author even though I (@intgr) am submitting this pull request. Signed-off-by: Marti Raudsepp <marti@juffo.org>
The Ed25519Key class contained key parsing and decryption logic for OPENSSH-format keys before that code became generic. Now that paramiko#1343 is merged, this logic becomes redundant and can be removed. This cleanup was extracted from ploxiln#13 and the original author @ploxiln is credited as commit author even though I (@intgr) am submitting this pull request. Signed-off-by: Marti Raudsepp <marti@juffo.org>
The Ed25519Key class contained key parsing and decryption logic for OPENSSH-format keys before that code became generic. Now that paramiko#1343 is merged, this logic becomes redundant and can be removed. This cleanup was extracted from ploxiln#13 and the original author @ploxiln is credited as commit author even though I (@intgr) am submitting this pull request. Signed-off-by: Marti Raudsepp <marti@juffo.org>
This work is based off the work done in #618