Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

On Fri, Jan 20, 2017 at 10:21 PM, Glyph Lefkowitz wrote: > > > I finally got around to trying this, and was baffled as to why the > behavior wasn't different between trunk and trunk-with-merged-PRs; then I > realized the commits from both were already in trunk :-).

Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

> On Dec 21, 2016, at 5:40 PM, Craig Rodrigues wrote: > > > > On Wed, Dec 21, 2016 at 4:46 PM, Glyph Lefkowitz > wrote: > > > Can you file a new ticket for each of these? The ordering thing seems super >

Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

On Wed, Dec 21, 2016 at 4:46 PM, Glyph Lefkowitz wrote: > > > Can you file a new ticket for each of these? The ordering thing seems > super low priority, but not being able to receive multiple host keys is > definitely a spec violation. > > Thanks for figuring it out, >

Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

> On Dec 20, 2016, at 7:32 PM, Craig Rodrigues wrote: > > On Tue, Dec 20, 2016 at 6:24 PM, Glyph Lefkowitz > wrote: > > > > So... is this because buildbot.twistedmatrix.com >

Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

On Tue, Dec 20, 2016 at 7:32 PM, Craig Rodrigues wrote: > On Tue, Dec 20, 2016 at 6:24 PM, Glyph Lefkowitz > wrote: > >> >> > >> >> So... is this because buildbot.twistedmatrix.com has an RSA key as well, >> and when it offers it, our checking

Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

On Tue, Dec 20, 2016 at 6:24 PM, Glyph Lefkowitz wrote: > > > > So... is this because buildbot.twistedmatrix.com has an RSA key as well, > and when it offers it, our checking isn't correctly comparing the type > before deciding that it doesn't match, or allowing for

Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

> On Dec 20, 2016, at 5:50 PM, Craig Rodrigues wrote: > > Ah, OK. In my testing, I had this in my server's /etc/ssh/sshd_config file > to force > use of ECDSA keys during my testing: > > > # HostKey for protocol version 1 > #HostKey /etc/ssh/ssh_host_key > # HostKeys

Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

Ah, OK. In my testing, I had this in my server's /etc/ssh/sshd_config file to force use of ECDSA keys during my testing: # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key

Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

Here's buildbot's key: buildbot.twistedmatrix.com ecdsa-sha2-nistp256 E2VjZHNhLXNoYTItbmlzdHAyNTYIbmlzdHAyNTYAAAcw4pr6WdgDMw7PbkvsuEdCqKQTtpLYPGoe7qkuQucuexYBiCkO/BeoB0wANX2cVmxUP0llpYJQL4w3cAR0csA= I think you should be able to validate that even if you can't auth :) -g > On Dec

Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

I'm not sure. I was able to use conch to log into a box where the ecdsa key looked like this in my ~/.ssh/known_hosts 192.168.1.2 ecdsa-sha2-nistp256 XX -- Craig On Tue, Dec 20, 2016 at 4:10 PM, Glyph Lefkowitz wrote: > It works: > > $ conch

Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

It works: $ conch twistedmatrix.com echo hooray hooray $ conch --version Twisted version: 16.6.0dev0 $ That's using an RSA host key though. It seems that the hosts I have using ECDSA keys (buildbot.twistedmatrix.com , for example) still don't work

Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

On Friday, December 2, 2016, Glyph Lefkowitz wrote: > > I think there might be a regression in 16.6.0. > > For every version up to 16.6.0, I can do 'conch twistedmatrix.com' in a > shell and it works fine. > I believe that I have fixed this in trunk. Can you try this

Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

> On Dec 3, 2016, at 4:21 PM, Craig Rodrigues wrote: > > On Thu, Dec 1, 2016 at 7:01 PM, Mark Williams > wrote: > > I bet the key negotiated by conch is not an ECDSA key but rather an > RSA key. If this is all

Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

On Thu, Dec 1, 2016 at 7:01 PM, Mark Williams wrote: > > I bet the key negotiated by conch is not an ECDSA key but rather an > RSA key. If this is all the case, then I think you've found a key > that LibreSSL supports but your client's libssl (which conch calls > into

Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

Glyph, I took your fix, and added some fixes of my own for __repr__() printing of EC keys in this branch: https://github.com/twisted/twisted/pull/615 If I run the tests, I get a new failure: trial twisted.conch.test.test_keys.KeyTests.test_fromBlobECDSA Traceback (most recent call last):

Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

On Fri, Dec 2, 2016 at 9:18 AM, Craig Rodrigues wrote: > > Traceback (most recent call last): > > > File "", line 1, in > File "/Users/crodrigues/twisted8/src/twisted/conch/ssh/keys.py", line > 787, in __repr__ > self._keyObject.key_size)] > > AttributeError:

Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

On Fri, Dec 2, 2016 at 1:23 AM, Glyph Lefkowitz wrote: > > > Investigating further, I think I've figured it out. Here's a patch that > fixes the problem: > > diff --git a/src/twisted/conch/ssh/keys.py b/src/twisted/conch/ssh/keys.py > index d47db7f..570f524 100644 > ---

Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

> On Dec 2, 2016, at 12:37 AM, Glyph Lefkowitz wrote: > > >> On Dec 2, 2016, at 12:27 AM, Glyph Lefkowitz > > wrote: >> >> >>> On Dec 2, 2016, at 12:19 AM, Glyph Lefkowitz >>

Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

> On Dec 2, 2016, at 12:27 AM, Glyph Lefkowitz wrote: > > >> On Dec 2, 2016, at 12:19 AM, Glyph Lefkowitz > > wrote: >> >> >>> On Dec 1, 2016, at 7:01 PM, Mark Williams >>

Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

> On Dec 2, 2016, at 12:19 AM, Glyph Lefkowitz wrote: > > >> On Dec 1, 2016, at 7:01 PM, Mark Williams > > wrote: >> >> On Thu, Dec 01, 2016 at 05:11:37PM -0800, Craig Rodrigues wrote: >>> Hi, >>> >>> I filed

Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

> On Dec 1, 2016, at 7:01 PM, Mark Williams wrote: > > On Thu, Dec 01, 2016 at 05:11:37PM -0800, Craig Rodrigues wrote: >> Hi, >> >> I filed this bug: >> https://twistedmatrix.com/trac/ticket/8931 >> >> At least for me, conch fails to parse a host key created by

Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

On Thu, Dec 01, 2016 at 05:11:37PM -0800, Craig Rodrigues wrote: > Hi, > > I filed this bug: > https://twistedmatrix.com/trac/ticket/8931 > > At least for me, conch fails to parse a host key created by OpenSSH > in ~/.ssh/known_hosts > which is of type ecdsa-sha2-nistp256. > > Anyone have an idea

Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

I don't think that is it. It is failing to parse an existing key generated by OpenSSH. If I delete the known_hosts file, conch generates a key which it ca parse. -- Craig On Thu, Dec 1, 2016 at 5:24 PM, Oon-Ee Ng wrote: >

Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

http://twistedmatrix.com/pipermail/twisted-python/2016-October/030819.html On Fri, Dec 2, 2016 at 9:11 AM, Craig Rodrigues wrote: > Hi, > > I filed this bug: > https://twistedmatrix.com/trac/ticket/8931 > > At least for me, conch fails to parse a host key created by