It reports:
$ python -c "from paramiko import RSAKey;RSAKey.from_private_key_file('./test.rsa')" Traceback (most recent call last): File "<string>", line 1, in <module> File "/usr/lib/python2.7/site-packages/paramiko/pkey.py", line 206, in from_private_key_file key = cls(filename=filename, password=password) File "/usr/lib/python2.7/site-packages/paramiko/rsakey.py", line 55, in __init__ self._from_private_key_file(filename, password) File "/usr/lib/python2.7/site-packages/paramiko/rsakey.py", line 175, in _from_private_key_file data = self._read_private_key_file("RSA", filename, password) File "/usr/lib/python2.7/site-packages/paramiko/pkey.py", line 279, in _read_private_key_file data = self._read_private_key(tag, f, password) File "/usr/lib/python2.7/site-packages/paramiko/pkey.py", line 289, in _read_private_key raise SSHException("not a valid " + tag + " private key file") paramiko.ssh_exception.SSHException: not a valid RSA private key file
With a key file generated using a recent ssh-keygen
, the file looks like this:
-----BEGIN OPENSSH PRIVATE KEY----- (key data) -----END OPENSSH PRIVATE KEY-----
Instead of the older pem format:
-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,48F3BB90CF126AB9 (key data) -----END RSA PRIVATE KEY-----
And so the connection fails with the message: not a valid RSA private key file
.
r22779 improves things and will continue and try other keyfiles, password auth, etc but this doesn't help loading this new key format.
We need paramiko to add support for loading this new type of keyfile: add support for new OpenSSH private key format. (no working implementation in those tickets at time of writing) See SSH key generated by ssh-keygen is not recognized by Paramiko.
Pointers:
Related code updates:
Looks like there is a more active fork: https://github.com/ploxiln/paramiko-ng/pull/13. AFAICT, the key loading code remains the same, so no code changes are required in xpra.
Since this bug is mostly relevant to Posix builds, there's not much we can do here: just hope that the distros switch to the ng fork, or that upstream merges the patch.
Code has been merged upstream in paramiko 2.7: https://github.com/paramiko/paramiko/pull/1343#issuecomment-561380014
this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/2307