The remote side accepts the connection using the public key but paramiko still gives an error. Seems to be a bug in paramiko==2.4.0 (ubuntu 16.04, python 3)
Stack trace :
File "/usr/local/lib/python3.5/dist-packages/pysftp/__init__.py", line 143, in __init__
self._transport.connect(**self._tconnect)
File "/usr/local/lib/python3.5/dist-packages/paramiko/transport.py", line 1205, in connect
self.auth_publickey(username, pkey)
File "/usr/local/lib/python3.5/dist-packages/paramiko/transport.py", line 1450, in auth_publickey
return self.auth_handler.wait_for_response(my_event)
File "/usr/local/lib/python3.5/dist-packages/paramiko/auth_handler.py", line 226, in wait_for_response
raise e
paramiko.ssh_exception.AuthenticationException: Authentication failed.
Remark, I can ssh to the host without any problem, without specifying a password
Same issue, same version. I can ssh from the command line, but Paramiko fails using the rsa key. Any word on this?
Paramiko==2.4.0 (CentOS 7, python 3.4).
Stack Trace:
File "/usr/lib/python3.4/site-packages/paramiko/client.py", line 424, in connect
passphrase,
File "/usr/lib/python3.4/site-packages/paramiko/client.py", line 714, in _auth
raise saved_exception
File "/usr/lib/python3.4/site-packages/paramiko/client.py", line 691, in _auth
self._transport.auth_publickey(username, key))
File "/usr/lib/python3.4/site-packages/paramiko/transport.py", line 1450, in auth_publickey
return self.auth_handler.wait_for_response(my_event)
File "/usr/lib/python3.4/site-packages/paramiko/auth_handler.py", line 226, in wait_for_response
raise e
anyone here for help, I met this issue too
i also met this issue too, i donot know how to solve it
I am seeing the same issue when using the example file rforward.py. rforward.py works when authenticating with a password, and standard SSH works when authenticating with a private key.
For reference here is the output in syslog on the SSH server:
Jun 22 22:49:41 ubuntu-s-1vcpu-1gb-sfo2-01 sshd[9275]: Connection closed by authenticating user $USER $IP_ADDRESS 60836 [preauth]
Can y'all try differing Paramiko versions to see if this was introduced at a specific point in time? More details on your exact keys (eg number of bits, how they were generated, etc) might shed a clue as well - RSA in general clearly still works for most users so something more specific must be at work here.
Also ran into this issue and it seems to be related to the key format. From what I can tell, private keys in the RFC4716 format are not supported by paramiko, while PEM (and maybe other) formatted keys are. Or, perhaps the version of openssl on the box where you're running determines the support of different key formats.
I seems on recent versions of MacOS, ssh-keygen defaults to RFC4716 format, so those keys I generate on my mac were not working for me. Keys that I've generated on a linux box (debian) or using the -m PEM flag on MacOS do seem to work though.
Running into the same issue, any update?
I'm also seeing this issue using paramiko 2.4.2.
Here is the /var/log/auth.log on the server side:
Mar 7 08:36:22 serverhostname sshd[7021]: Connection closed by 177.206.230.70 port 60465 [preauth]
I can log to the server passing the private key file using the ssh -i key
@dpbus How can I check if my private key is in PEM format or RFC4716?
Can I convert the private key without modifying my public key?
How can I convert it to paramiko expected format?
After reading some more, I found that a PEM key file starts with
—–BEGIN RSA PRIVATE KEY—–
And a RFC4716 starts with:
—–BEGIN OPENSSH PRIVATE KEY—–
My file is a PEM key file, so it is not the problem @dpbus mentioned.
Any comments?
@ffleandro (or anyone else) any resolution on this?
@eepstein Yes I solved the following way. I don't remember the previous code but I think I was opening the key the wrong way or I was passing the password to the connect instead of passing when opening the key.
key = paramiko.RSAKey.from_private_key_file('key/file/path', password='key_password')
warnings.filterwarnings(action='ignore',module='.*
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(host, username=user, port=port, password=password, look_for_keys=False, pkey=key)
This smells like another dupe of the handful of missing-OpenSSH-feature tickets out there (there's at least 3-4). Please keep an eye on the changelog over the next few weeks/months!
@bitprophet I don't think there is an existing ticket for this issue. (after doing some searching) should we re-open this ticket? or create a more formal request for this ticket with a simple use case?
It seems like more people are running to this issue as openssh v8 is deployed more widely.
Reference information is: https://coolaj86.com/articles/the-openssh-private-key-format/
for the new openssh private key format see https://github.com/paramiko/paramiko/pull/1343