Your message dated Sat, 17 Dec 2022 14:00:37 -0500
with message-id
<CAB4XWXxJMg4Umnf0GUwZ8JULHPErgXugOP5+HdcYpzDqa=z...@mail.gmail.com>
and subject line Re: Further information
has caused the Debian Bug report #896056,
regarding python-paramiko: SSH key login fails since 2.0.0
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
896056: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896056
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: python-paramiko
Version: 2.4.0-1
Severity: important
Dear Maintainer,
I use SSH keys on a PKCS#11 smart card (via OpenSC) to authenticate to various
machines via SSH.
I also use Fabric to automate certain tasks on some remote machines and have
been doing so since Jessie. It worked fine then.
Ever since upgrading to Stretch, Fabric can no longer authenticate to remote
machines, either with my SSH key or my correct password, while normal direct
ssh continues to work correctly with keys (and passwords if I remove keys from
the agent.)
(Fabric uses the Paramiko library to make its SSH connections.)
Running ssh-agent in debug mode shows the error "process_sign_request2:
sshkey_sign: error in libcrypto" when paramiko attempts to authenticate to the
remote host, itself saying "SSHException: key cannot be used for signing".
It does this on the second key on my card while the fourth one is the correct
one for a particular remote machine. It lists that it is trying the other keys
but gives no further debug information about them.
Running ssh -vvv <the same host> does not show any such error about signing
when it tries that same key. (The server just rejects it so the client moves on
to the next key.)
My ssh-agent is linked against libssl 1.0.2.
#paramiko on Freenode mentioned that Paramiko v2.0.0 changed their dependency
from PyCrypto to cryptography.io which may be related.
-- System Information:
Debian Release: 9.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages python-paramiko depends on:
ii python 2.7.13-2
ii python-bcrypt 3.1.2-1
ii python-cryptography 1.7.1-3
ii python-nacl 1.0.1-2
ii python-pyasn1 0.1.9-2
python-paramiko recommends no packages.
Versions of packages python-paramiko suggests:
pn python-gssapi <none>
-- no debconf information
--- End Message ---
--- Begin Message ---
> For further testing, I did the following:
>
> sudo dpkg -r python-paramiko
> pip install paramiko==1.18.5
>
> And the problem still appears just the same as with a newer Paramiko.
> (Does that mean this problem is not related to Paramiko then?)
very likely, also this bug report is 4 years old and in the meantime
there has been no updates to it and paramiko was updated several
times. Please retry on an up-to-date debian machine and reopen if the
problem still happens and it is indeed related to paramiko. closting
--- End Message ---
_______________________________________________
Python-modules-team mailing list
Python-modules-team@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/python-modules-team
