Package: python-paramiko Version: 1.15.2-1 Severity: normal I'm using paramiko as the SSH backend for duply. Recently, after looking more closely at the current SSH man page, I found that newer types of SSH keys, ECDSA and ED25519, existed. So I created new keypairs of that nature, and all seemed to work fine. Until my next backup.
I began getting errors like this: > BackendException: ssh connection to r...@backup.rjmx.net:22 > failed: wanted sequence (0x30), got 0x6a > > ssh: EOF in transport thread > 20:25:35.849 Task 'STATUS' failed with exit code '23'. > --- Finished state FAILED 'code 23' at 20:25:35.849 - Runtime 00:00:00.695 --- I spent some time trying to find out the cause of this error, and finally narroed it down to the new keypairs. >From the SSH man page: > -i identity_file > Selects a file from which the identity (private key) for public > key authentication is read. The default is ~/.ssh/identity for > protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, > ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2. > Identity files may also be specified on a per-host basis in the > configuration file. It is possible to have multiple -i options > (and multiple identities specified in configuration files). ssh > will also try to load certificate information from the filename > obtained by appending -cert.pub to identity filenames. Note the filenames (~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and ~/.ssh/id_rsa). In my case, these were symbolic links to the real private key files, but replacing the links with copies of the real file makes no difference. File id_dsa doesn't affect paramiko's operation (as I imagine it shouldn't: that filename has been generated at install time by SSH2 for as long as I can remember), and neither does id_rsa for much the same reason. The presence of either of the two new private key files, id_ecdsa and id_ed25519, or symbolic links by either name, seems to cause paramiko to barf. Since all my private keys have passwords (naturally), that may be part of the problem. Either way, without looking at the code (I'm not a Python programmer), I'd guess that paramiko knows to ignore the two older id_* files (id_rsa and id_dsa). It should probably be told about the new ones, too. Backtrace from duply is available, but probably not a lot of use here. The last few lines are: > File "/usr/lib/python2.7/dist-packages/duplicity/backend.py", line 209, in get_backend_object > return factory(pu) > File "/usr/lib/python2.7/dist- packages/duplicity/backends/ssh_paramiko_backend.py", line 218, in __init__ > self.config['port'], e)) > BackendException: ssh connection to r...@alexandria.rjmx.net:22 failed: wanted sequence (0x30), got 0x6a > > BackendException: ssh connection to r...@alexandria.rjmx.net:22 failed: wanted sequence (0x30), got 0x6a > ssh: EOF in transport thread > 20:25:35.849 Task 'STATUS' failed with exit code '23'. > --- Finished state FAILED 'code 23' at 20:25:35.849 - Runtime 00:00:00.695 --- I can always upload it if you need it. -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.2.0-khufu-0 (SMP w/8 CPU cores; PREEMPT) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages python-paramiko depends on: ii python-crypto 2.6.1-5+b2 ii python-ecdsa 0.13-2 pn python:any <none> python-paramiko recommends no packages. python-paramiko suggests no packages. -- no debconf information
