我正在使用私钥通过 SSH 连接到远程服务器。
❯ ssh-keygen -l -f /Users/myusername/.ssh/id_rsa
3072 SHA256:LCLUysspU0RkPwD8FCUG017tcX0iYc6vgG5TdZZqcy8 myusername@COMPUTER-NAME (RSA)
当我使用
ssh
命令通过终端连接到服务器时,它工作正常并且我设法进行身份验证。但是,当我尝试使用 Paramiko 使用相同的密钥连接到同一服务器时,它失败了。
这是我的代码:
from paramiko import SSHClient, AutoAddPolicy
hostname = "my server ip"
key_filename = "/Users/myusername/.ssh/id_rsa"
passphrase = "the key passphrase"
username = "myusername"
ssh_client = SSHClient()
ssh_client.set_missing_host_key_policy(AutoAddPolicy())
ssh_client.connect(
hostname=hostname,
port=22,
username=username,
key_filename=key_filename,
passphrase=passphrase
)
这是错误:
Traceback (most recent call last):
File "/Users/myusername/Code/test.py", line 14, in <module>
dev_machine.connect(
File "/Users/myusername/Code/venv/lib/python3.11/site-packages/paramiko/client.py", line 485, in connect
self._auth(
File "/Users/myusername/Code/venv/lib/python3.11/site-packages/paramiko/client.py", line 734, in _auth
self._transport.auth_publickey(username, key)
File "/Users/myusername/Code/venv/lib/python3.11/site-packages/paramiko/transport.py", line 1674, in auth_publickey
return self.auth_handler.wait_for_response(my_event)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/myusername/Code/venv/lib/python3.11/site-packages/paramiko/auth_handler.py", line 248, in wait_for_response
raise e
File "/Users/myusername/Code/venv/lib/python3.11/site-packages/paramiko/transport.py", line 2220, in run
handler(m)
File "/Users/myusername/Code/venv/lib/python3.11/site-packages/paramiko/auth_handler.py", line 404, in _parse_service_accept
sig = self.private_key.sign_ssh_data(blob, algorithm)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/myusername/Code/venv/lib/python3.11/site-packages/paramiko/dsskey.py", line 120, in sign_ssh_data
).private_key(backend=default_backend())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/myusername/Code/venv/lib/python3.11/site-packages/cryptography/hazmat/primitives/asymmetric/dsa.py", line 253, in private_key
return ossl.load_dsa_private_numbers(self)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/myusername/Code/venv/lib/python3.11/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 708, in load_dsa_private_numbers
dsa._check_dsa_private_numbers(numbers)
File "/Users/myusername/Code/venv/lib/python3.11/site-packages/cryptography/hazmat/primitives/asymmetric/dsa.py", line 294, in _check_dsa_private_numbers
_check_dsa_parameters(parameters)
File "/Users/myusername/Code/venv/lib/python3.11/site-packages/cryptography/hazmat/primitives/asymmetric/dsa.py", line 286, in _check_dsa_parameters
raise ValueError("q must be exactly 160, 224, or 256 bits long")
ValueError: q must be exactly 160, 224, or 256 bits long
Paramiko 似乎不明白提供的密钥正在使用 RSA,并将其视为 DSA 密钥。有谁知道怎么解决吗
我使用的是Paramiko 3.4.0版本
您可能遇到这个问题:
修复 paramiko #1993 将 RSA 密钥视为 DSA 密钥的问题
虽然修复程序并未到达官方分支,但显然他们正在对密钥身份验证代码进行大修,这最终也应该解决问题:
按键处理太糟糕了#387