Bug#1071675: duplicity: SSH broken with Paramiko 3.4

Mon, 27 May 2024 10:18:14 -0700 

On Fri, May 24, 2024 at 09:05:17AM +1000, Alexander Zangerl wrote:
> tags 1071675 +moreinfo +unreproducible
> severity 1071675 normal
> thanks
> 
> On Thu, 23 May 2024 18:16:58 +0200, Fiona Klute writes:
> >When trying to do backup to an sftp:// target Duplicity fails since
> >python3-paramiko was updated to 3.4.0-1, with the following error which
> >looks like an API change in Paramiko:
> 
> i cannot reproduce this problem. please provide the output of a
> duplicity -v9 run and the ssh key types involved on your target machine.

Hi,

It's happening here too, for backups using an ed25519 SSH key that has
worked with duplicity in the past.  The same key works correctly with
the backend via openssh-client.  If it makes a difference, the ssh
server is rsync.net.

Requested debug output attached.  Thank you for taking a look.  (I think
the severity should be important; duplicity fails for one of its primary
use cases.)

Thanks,
tony

duplicity -v9 backup --name foo /some/path 
scp://u...@user.rsync.net/some/other/path                                  

GPG binary is /usr/bin/gpg, version 2.2.43
Import of duplicity.backends.adbackend Succeeded
Import of duplicity.backends.azurebackend Succeeded
Import of duplicity.backends.b2backend Succeeded
Import of duplicity.backends.boxbackend Succeeded
Import of duplicity.backends.cfbackend Succeeded
Import of duplicity.backends.dpbxbackend Succeeded
Import of duplicity.backends.gdocsbackend Succeeded
Import of duplicity.backends.gdrivebackend Succeeded
Import of duplicity.backends.giobackend Succeeded
Import of duplicity.backends.hsibackend Succeeded
Import of duplicity.backends.hubicbackend Succeeded
Import of duplicity.backends.idrivedbackend Succeeded
Import of duplicity.backends.imapbackend Succeeded
Import of duplicity.backends.jottacloudbackend Succeeded
Import of duplicity.backends.lftpbackend Succeeded
Import of duplicity.backends.localbackend Succeeded
Import of duplicity.backends.mediafirebackend Succeeded
Import of duplicity.backends.megabackend Succeeded
Import of duplicity.backends.megav2backend Succeeded
Import of duplicity.backends.megav3backend Succeeded
Import of duplicity.backends.multibackend Succeeded
Import of duplicity.backends.ncftpbackend Succeeded
Import of duplicity.backends.onedrivebackend Succeeded
Import of duplicity.backends.par2backend Succeeded
Import of duplicity.backends.pcabackend Succeeded
Import of duplicity.backends.pydrivebackend Succeeded
Import of duplicity.backends.rclonebackend Succeeded
Import of duplicity.backends.rsyncbackend Succeeded
Import of duplicity.backends.s3_boto3_backend Succeeded
Import of duplicity.backends.slatebackend Succeeded
Import of duplicity.backends.ssh_paramiko_backend Succeeded
Import of duplicity.backends.ssh_pexpect_backend Succeeded
Import of duplicity.backends.swiftbackend Succeeded
Import of duplicity.backends.sxbackend Succeeded
Import of duplicity.backends.tahoebackend Succeeded
Import of duplicity.backends.webdavbackend Succeeded
Import of duplicity.backends.xorrisobackend Succeeded
ssh: starting thread (client mode): 0xca27ed0
ssh: Local version/idstring: SSH-2.0-paramiko_3.4.0
ssh: Remote version/idstring: SSH-2.0-OpenSSH_8.9-hpn14v15 
FreeBSD-openssh-portable-8.9.p1_3,1
ssh: Connected (version 2.0, client OpenSSH_8.9-hpn14v15)
ssh: === Key exchange possibilities ===
ssh: kex algos: curve25519-sha256, curve25519-sha...@libssh.org, 
ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, 
sntrup761x25519-sha...@openssh.com, diffie-hellman-group-exchange-sha256, 
diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, 
diffie-hellman-group14-sha256
ssh: server key: ecdsa-sha2-nistp256, ssh-ed25519, rsa-sha2-512, rsa-sha2-256, 
ssh-rsa
ssh: client encrypt: chacha20-poly1...@openssh.com, aes128-ctr, aes192-ctr, 
aes256-ctr, aes128-...@openssh.com, aes256-...@openssh.com, none
ssh: server encrypt: chacha20-poly1...@openssh.com, aes128-ctr, aes192-ctr, 
aes256-ctr, aes128-...@openssh.com, aes256-...@openssh.com, none
ssh: client mac: umac-64-...@openssh.com, umac-128-...@openssh.com, 
hmac-sha2-256-...@openssh.com, hmac-sha2-512-...@openssh.com, 
hmac-sha1-...@openssh.com, umac...@openssh.com, umac-...@openssh.com, 
hmac-sha2-256, hmac-sha2-512, hmac-sha1
ssh: server mac: umac-64-...@openssh.com, umac-128-...@openssh.com, 
hmac-sha2-256-...@openssh.com, hmac-sha2-512-...@openssh.com, 
hmac-sha1-...@openssh.com, umac...@openssh.com, umac-...@openssh.com, 
hmac-sha2-256, hmac-sha2-512, hmac-sha1
ssh: client compress: none, z...@openssh.com
ssh: server compress: none, z...@openssh.com
ssh: client lang: <none>
ssh: server lang: <none>
ssh: kex follows: False
ssh: === Key exchange agreements ===
ssh: Kex: curve25519-sha...@libssh.org
ssh: HostKey: ssh-ed25519
ssh: Cipher: aes128-ctr
ssh: MAC: hmac-sha2-256
ssh: Compression: none
ssh: === End of kex handshake ===
ssh: kex engine KexCurve25519 specified hash_algo <built-in function 
openssl_sha256>
ssh: Switch to new keys ...
ssh: Got EXT_INFO: {'server-sig-algs': 
b'ssh-ed25519,sk-ssh-ed25...@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp...@openssh.com,webauthn-sk-ecdsa-sha2-nistp...@openssh.com',
 'publickey-hostbo...@openssh.com': b'0'}
ssh: Trying SSH agent key b'****REDACTED****'
ssh: userauth is OK
ssh: Unknown exception: public_blob
ssh: Traceback (most recent call last):
ssh:   File "/usr/lib/python3/dist-packages/paramiko/transport.py", line 2220, 
in run
ssh:     handler(m)
ssh:   File "/usr/lib/python3/dist-packages/paramiko/auth_handler.py", line 
394, in _parse_service_accept
ssh:     key_type, bits = self._get_key_type_and_bits(self.private_key)
ssh:                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ssh:   File "/usr/lib/python3/dist-packages/paramiko/auth_handler.py", line 
218, in _get_key_type_and_bits
ssh:     if key.public_blob:
ssh:        ^^^^^^^^^^^^^^^
ssh:   File "/usr/lib/python3/dist-packages/paramiko/agent.py", line 476, in 
__getattr__
ssh:     raise AttributeError(name)
ssh: AttributeError: public_blob
ssh: 
Using temporary directory /tmp/duplicity-5vf9rtnt-tempdir
Backend error detail: Traceback (innermost last):
  File "/usr/bin/duplicity", line 67, in <module>
    with_tempdir(main)
  File "/usr/bin/duplicity", line 58, in with_tempdir
    fn()
  File "/usr/lib/python3/dist-packages/duplicity/dup_main.py", line 1545, in 
main
    action = cli_main.process_command_line(sys.argv[1:])
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/duplicity/cli_main.py", line 281, in 
process_command_line
    config.backend = backend.get_backend(remote_url)
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/duplicity/backend.py", line 207, in 
get_backend
    obj = get_backend_object(url_string)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/duplicity/backend.py", line 195, in 
get_backend_object
    return factory(pu)
           ^^^^^^^^^^^
  File 
"/usr/lib/python3/dist-packages/duplicity/backends/ssh_paramiko_backend.py", 
line 280, in __init__
    self.connect()
  File 
"/usr/lib/python3/dist-packages/duplicity/backends/ssh_paramiko_backend.py", 
line 296, in connect
    raise BackendException(
 duplicity.errors.BackendException: ssh connection to u...@user.rsync.net:22 
failed: public_blob

BackendException: ssh connection to u...@user.rsync.net:22 failed: public_blob

Attachment: signature.asc
Description: PGP signature

Reply via email to