Handle ssh key type discovery in img-proof #382

smarlowucf · 2024-04-12T18:27:24Z

Currently img-proof passes a ssh key file path to paramiko and relies on paramiko to determine the key type. This leads to cryptic errors if there is an authentication or authorization failure with the key/user being used. For example with an RSA key that is not authorized to access the test instance instead of returning auth error paramiko returns ValueError: q must be exactly 160, 224, or 256 bits long.

To better handle and prevent this type of error from bubbling up img-proof can handle the key type discovery and instead pass a pkey object to paramiko that already is typed.

The text was updated successfully, but these errors were encountered:

smarlowucf · 2024-04-12T18:28:02Z

Example:

def get_key(key_path: str = "./id_rsa") -> paramiko.PKey:
    with open(key_path) as f:
        return paramiko.RSAKey.from_private_key(f)

key = get_key()
client.connect(hostname, username=username, pkey=key)

smarlowucf · 2024-04-12T18:29:18Z

The code in question in paramiko walks through the following types:

from paramiko.dsskey import DSSKey
from paramiko.ecdsakey import ECDSAKey
from paramiko.ed25519key import Ed25519Key
from paramiko.rsakey import RSAKey

for pkey_class in (RSAKey, DSSKey, ECDSAKey, Ed25519Key):
    ...

smarlowucf added the enhancement label Apr 12, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Handle ssh key type discovery in img-proof #382

Handle ssh key type discovery in img-proof #382

smarlowucf commented Apr 12, 2024

smarlowucf commented Apr 12, 2024

smarlowucf commented Apr 12, 2024

Handle ssh key type discovery in img-proof #382

Handle ssh key type discovery in img-proof #382

Comments

smarlowucf commented Apr 12, 2024

smarlowucf commented Apr 12, 2024

smarlowucf commented Apr 12, 2024