Opened 8 years ago

Closed 8 years ago

Last modified 7 years ago

#160 closed defect (wontfix)

ssh key failures: "Input strings must be a multiple of 8 in length"

Reported by: Antoine Martin Owned by: Antoine Martin
Priority: critical Milestone: 0.12
Component: Client Keywords: ssh keys
Cc:

Description

This happens on some distributions that ship old versions of Python-Twisted (older than 10.x?) - the user will not be able to use their SSH key with Window Switch because of this.

This causes stacktraces like this one:

[II] 2011/08/09 17:41:05 ConchUserAuth.ok(################,False)
[EE] 2011/08/09 17:41:05 ConchUserAuth.ok((...),False) cannot load private key
[ee] 2011/08/09 17:41:05 Traceback (most recent call last):
[ee] 2011/08/09 17:41:05   File "/usr/lib/pymodules/python2.6/winswitch/net/conch_util.py", line 228, in ok
[ee] 2011/08/09 17:41:05     key = privateKeyFromFile(self.factory.private_key, new_passphrase)
[ee] 2011/08/09 17:41:05   File "/usr/lib/pymodules/python2.6/winswitch/net/conch_util.py", line 207, in privateKeyFromFile
[ee] 2011/08/09 17:41:05     return     keys.Key.fromFile(filename, passphrase=passphrase).keyObject
[ee] 2011/08/09 17:41:05   File "/usr/lib/python2.6/dist-packages/twisted/conch/ssh/keys.py", line 62, in fromFile
[ee] 2011/08/09 17:41:05     return Class.fromString(file(filename, 'rb').read(), type, passphrase)
[ee] 2011/08/09 17:41:05   File "/usr/lib/python2.6/dist-packages/twisted/conch/ssh/keys.py", line 90, in fromString
[ee] 2011/08/09 17:41:05     return method(data, passphrase)
[ee] 2011/08/09 17:41:05   File "/usr/lib/python2.6/dist-packages/twisted/conch/ssh/keys.py", line 216, in _fromString_PRIVATE_OPENSSH
[ee] 2011/08/09 17:41:05     keyData = DES3.new(decKey, DES3.MODE_CBC, iv).decrypt(b64Data)
[ee] 2011/08/09 17:41:05 ValueError: Input strings must be a multiple of 8 in length

It will occur more often now that distros are using the AES-128 cypher when generating SSH keys.

This bug is here just as a reminder that there is absolutely nothing we can do about this: it is the distribution's responsibility to fix their buggy libraries. Once again, Ubuntu is shipping buggy versions in its "stable" release... sigh

More info at zenoss.org and their ticket

Change History (2)

comment:1 Changed 8 years ago by Antoine Martin

Resolution: wontfix
Status: newclosed

If you this and are wondering how to fix this, just ask your distro to fix Twisted.

This cannot be fixed in Window Switch.

comment:2 Changed 7 years ago by Ryanofsky

It's pretty easy to work around this issue by converting your key from AES to DES3:

openssl rsa -in id_rsa -out newkey_id_rsa -des3
mv newkey_id_rsa id_rsa
chmod 600 id_rsa
truncate --size=-1 id_rsa

The truncate command is needed to remove a trailing newline in the OpenSSL output which causes conch to parse the key incorrectly.

For reference, here's the error I was seeing with my AES key:

[EE] 2012/19/08 14:41:04 ConchUserAuth.privateKeyFromFile(/home/ryanofsky/.ssh/id_rsa,#######) unsupported key file format?
[ee] 2012/19/08 14:41:04 Traceback (most recent call last):
[ee] 2012/19/08 14:41:04   File "/usr/lib/pymodules/python2.6/winswitch/net/conch_util.py", line 298, in privateKeyFromFile
[ee] 2012/19/08 14:41:04     key =	keys.Key.fromFile(filename, passphrase=passphrase).keyObject
[ee] 2012/19/08 14:41:04   File "/usr/lib/python2.6/dist-packages/twisted/conch/ssh/keys.py", line 62, in fromFile
[ee] 2012/19/08 14:41:04     return Class.fromString(file(filename, 'rb').read(), type, passphrase)
[ee] 2012/19/08 14:41:04   File "/usr/lib/python2.6/dist-packages/twisted/conch/ssh/keys.py", line 90, in fromString
[ee] 2012/19/08 14:41:04     return method(data, passphrase)
[ee] 2012/19/08 14:41:04   File "/usr/lib/python2.6/dist-packages/twisted/conch/ssh/keys.py", line 216, in _fromString_PRIVATE_OPENSSH
[ee] 2012/19/08 14:41:04     keyData = DES3.new(decKey, DES3.MODE_CBC, iv).decrypt(b64Data)
[ee] 2012/19/08 14:41:04 ValueError: IV must be 8 bytes long

Here's the error I was seeing my DES3 key + newline:

[EE] 2012/19/08 14:43:43 ConchUserAuth.privateKeyFromFile(/home/ryanofsky/.ssh/id_rsa,#######) unsupported key file format?
[ee] 2012/19/08 14:43:43 Traceback (most recent call last):
[ee] 2012/19/08 14:43:43   File "/usr/lib/pymodules/python2.6/winswitch/net/conch_util.py", line 298, in privateKeyFromFile
[ee] 2012/19/08 14:43:43     key =	keys.Key.fromFile(filename, passphrase=passphrase).keyObject
[ee] 2012/19/08 14:43:43   File "/usr/lib/python2.6/dist-packages/twisted/conch/ssh/keys.py", line 62, in fromFile
[ee] 2012/19/08 14:43:43     return Class.fromString(file(filename, 'rb').read(), type, passphrase)
[ee] 2012/19/08 14:43:43   File "/usr/lib/python2.6/dist-packages/twisted/conch/ssh/keys.py", line 90, in fromString
[ee] 2012/19/08 14:43:43     return method(data, passphrase)
[ee] 2012/19/08 14:43:43   File "/usr/lib/python2.6/dist-packages/twisted/conch/ssh/keys.py", line 216, in _fromString_PRIVATE_OPENSSH
[ee] 2012/19/08 14:43:43     keyData = DES3.new(decKey, DES3.MODE_CBC, iv).decrypt(b64Data)
[ee] 2012/19/08 14:43:43 ValueError: Input strings must be a multiple of 8 in length
Note: See TracTickets for help on using tickets.