Re: [Twisted-Python] conch problem with ecdsa-sha2-nistp256 host key?

Sat, 03 Dec 2016 14:06:06 -0800 

> On Dec 2, 2016, at 4:41 PM, Craig Rodrigues <rodr...@crodrigues.org> wrote:
> 
> Glyph,
> 
> I took your fix, and added some fixes of my own for __repr__() printing of EC 
> keys in this branch:
> 
> https://github.com/twisted/twisted/pull/615 
> <https://github.com/twisted/twisted/pull/615>
> 
> 
> If I run the tests, I get a new failure:
> 
> 
> trial twisted.conch.test.test_keys.KeyTests.test_fromBlobECDSA
> 
> Traceback (most recent call last):
>   File "/Users/crodrigues/twisted_15/src/twisted/conch/test/test_keys.py", 
> line 776, in test_fromBlobECDSA
>     eckey = keys.Key.fromString(ecblob)
>   File "/Users/crodrigues/twisted_15/src/twisted/conch/ssh/keys.py", line 
> 197, in fromString
>     return method(data)
>   File "/Users/crodrigues/twisted_15/src/twisted/conch/ssh/keys.py", line 
> 253, in _fromString_BLOB
>     default_backend()))
>   File 
> "/Users/crodrigues/venv-3.6/lib/python3.6/site-packages/cryptography/hazmat/primitives/serialization.py",
>  line 69, in load_ssh_public_key
>     return loader(key_type, rest, backend)
>   File 
> "/Users/crodrigues/venv-3.6/lib/python3.6/site-packages/cryptography/hazmat/primitives/serialization.py",
>  line 103, in _load_ssh_ecdsa_public_key
>     'Key header and key body contain different key type values.'
> 
> builtins.ValueError: Key header and key body contain different key type 
> values.
> 
> 
> Also, if I try to access my machine with:
> conch 192.168.1.2
> 
> I see that in the matchesKey() function on this line:
> https://github.com/twisted/twisted/blob/trunk/src/twisted/conch/client/knownhosts.py#L106
>  
> <https://github.com/twisted/twisted/blob/trunk/src/twisted/conch/client/knownhosts.py#L106>
> 
> self.publicKey is an EC key, while keyObject is an RSA key.
> 
> Therefore this function always fails, and I cannot log into the box.
> 
> Any ideas?

It looks like 
https://github.com/twisted/twisted/blob/e48500b94a3b3c751a4ccea36db95a45db8c34be/src/twisted/conch/client/knownhosts.py#L434-L446
 isn't really geared towards the idea that there might be multiple entries for 
one host.  The first step toward a fix would be to correct that algorithm to 
only fail if no matches are found, or to specifically check the key type before 
failing.

-glyph


_______________________________________________
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

Reply via email to