> On Dec 2, 2016, at 4:41 PM, Craig Rodrigues <rodr...@crodrigues.org> wrote: > > Glyph, > > I took your fix, and added some fixes of my own for __repr__() printing of EC > keys in this branch: > > https://github.com/twisted/twisted/pull/615 > <https://github.com/twisted/twisted/pull/615> > > > If I run the tests, I get a new failure: > > > trial twisted.conch.test.test_keys.KeyTests.test_fromBlobECDSA > > Traceback (most recent call last): > File "/Users/crodrigues/twisted_15/src/twisted/conch/test/test_keys.py", > line 776, in test_fromBlobECDSA > eckey = keys.Key.fromString(ecblob) > File "/Users/crodrigues/twisted_15/src/twisted/conch/ssh/keys.py", line > 197, in fromString > return method(data) > File "/Users/crodrigues/twisted_15/src/twisted/conch/ssh/keys.py", line > 253, in _fromString_BLOB > default_backend())) > File > "/Users/crodrigues/venv-3.6/lib/python3.6/site-packages/cryptography/hazmat/primitives/serialization.py", > line 69, in load_ssh_public_key > return loader(key_type, rest, backend) > File > "/Users/crodrigues/venv-3.6/lib/python3.6/site-packages/cryptography/hazmat/primitives/serialization.py", > line 103, in _load_ssh_ecdsa_public_key > 'Key header and key body contain different key type values.' > > builtins.ValueError: Key header and key body contain different key type > values. > > > Also, if I try to access my machine with: > conch 192.168.1.2 > > I see that in the matchesKey() function on this line: > https://github.com/twisted/twisted/blob/trunk/src/twisted/conch/client/knownhosts.py#L106 > > <https://github.com/twisted/twisted/blob/trunk/src/twisted/conch/client/knownhosts.py#L106> > > self.publicKey is an EC key, while keyObject is an RSA key. > > Therefore this function always fails, and I cannot log into the box. > > Any ideas?
It looks like https://github.com/twisted/twisted/blob/e48500b94a3b3c751a4ccea36db95a45db8c34be/src/twisted/conch/client/knownhosts.py#L434-L446 isn't really geared towards the idea that there might be multiple entries for one host. The first step toward a fix would be to correct that algorithm to only fail if no matches are found, or to specifically check the key type before failing. -glyph
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python