Paramiko: Raising exception "Invalid private key" when dependencies handled by conda, but not otherwise + workaround

Created on 27 Aug 2020  路  5Comments  路  Source: paramiko/paramiko

Working version:
if installing paramiko and other dependencies using pip3, then call some script that contains:

ret_ssh = self.ssh.connect(self.hostname, self.port, self.username, self.password)

everything works fine.

Non-working version:

if installing paramiko and other dependencies using conda: (create conda env and then using pip3 inside the environment).
Calling the same previous script reports this error:

('Invalid private key', [_OpenSSLErrorWithText(code=67764350, lib=4, func=160, reason=126, reason_text=b'error:040A007E:rsa routines:RSA_check_key_ex:iqmp not inverse of q')])
...
File "/home/myusername/anaconda3/envs/env_skeletons/lib/python3.7/site-packages/cryptography/hazmat/backends/openssl/rsa.py", line 321, in __init__
raise ValueError("Invalid private key", errors)

the workaround:
commenting the lines that rise the exception in rsa.py:

319        if res != 1:
320           errors = backend._consume_errors_with_text()
321            raise ValueError("Invalid private key", errors)

now everything works fine again. The value of res is "0", reason why it raises an expection.

Most helpful comment

@alnavv @alexallah Paramiko released a new version yesterday. Fixes the issue.

All 5 comments

We're seeing the same error. It seems that the recent cryptography 3.1 release broke something.
As a temporary workaround, we switched to cryptography==3.0

We are actually using cryptography=2.6.1
3.0 does not work for us (same error).

@alnavv @alexallah Paramiko released a new version yesterday. Fixes the issue.

@bitprophet @alex I think this can be closed now.

We are testing it now at our end, I'll update once confirmed it's fixing it:
https://github.com/scylladb/scylla-cluster-tests/pull/2789

Was this page helpful?
0 / 5 - 0 ratings