More infos if there were errors

[mathias-heilmann]

It would be very nice to get more information about server connects that failed.

Is it possible to have more infos instead of only "Cannot connect to server."?

Background of this question is, that the dry-run ("-n") option works, but the distribution fails on some server where the connect with my ssh-key is working properly.

[thomai]

Could you provide some examples? How did the connection go wrong in your case?

Please feel free to provide pull requests as well.

[thomai]

Oh, and please add yourself to the contributors file of course!
https://github.com/thomai/SSHKeyDistribut0r/blob/master/CONTRIBUTORS.md

[mathias-heilmann]

I cannot say that, because there are no detailed error messages :(

I'm not familiar with python, I just use your script.

[thomai]

The reason for your issue could be one of the following:

• No valid connections error
  Documentation: "Multiple connection attempts were made and no families succeeded."
  Please take a look at the documentation to further debug this issue. Unfortunately, I am not able to help you out with this as long as I cannot debug the script in your environment. Sorry.
• General SSH exception
  Documentation: "Exception raised by failures in SSH2 protocol negotiation or logic errors."
  So, this sounds like a very general problem and I would blame the server for such an issue.

The SSHKeyDistribut0r distinguishes between the following errors already:

• "The private key file is protected by a passphrase, which is currently not supported."
• "Cannot connect to server because of an authentication problem."
• "Cannot send file to server."
• "Cannot connect to server."
• "Cannot connect to server because of a timeout."

I would like to extend/adjust this list with more detailed statements but this would require very detailed bug reports because I need to reproduce specific issues at first.

[mathias-heilmann]

I have now the the "Cannot connect to server because of an authentication problem." error.

I got the script running and added some lines to the key_distribut0r.py:

except paramiko.ssh_exception.AuthenticationException as e:
logging.exception(e)

So I got:

✗ Error: Authentication failed.
ERROR:root:Authentication failed.
Traceback (most recent call last):
  File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/SSHKeyDistribut0r-0.2.3-py3.8.egg/SSHKeyDistribut0r/key_distribut0r.py", line 96, in main
    ssh_client.connect(server['ip'], port=server['port'], username=server['user'],
  File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/paramiko-2.7.2-py3.8.egg/paramiko/client.py", line 435, in connect
    self._auth(
  File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/paramiko-2.7.2-py3.8.egg/paramiko/client.py", line 764, in _auth
    raise saved_exception
  File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/paramiko-2.7.2-py3.8.egg/paramiko/client.py", line 740, in _auth
    self._transport.auth_publickey(username, key)
  File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/paramiko-2.7.2-py3.8.egg/paramiko/transport.py", line 1580, in auth_publickey
    return self.auth_handler.wait_for_response(my_event)
  File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/paramiko-2.7.2-py3.8.egg/paramiko/auth_handler.py", line 250, in wait_for_response
    raise e
paramiko.ssh_exception.AuthenticationException: Authentication failed.

But connecting with the ssh command is working, so this cannot be a wrong key. Also the script connects properly to several servers where the ssh-key is the same. I checked this more than 10 times. Thats really strange.

[thomai]

Thanks a lot for debugging. So this is a different error message than the original one, right?

I did no tests on non-Linux systems and this is OS X, right? The issue might be that paramiko does not have access to the SSH key on OS X. Could you try the same test case with a Linux installation?

Did you experience the same problem with all servers or only once?

[mathias-heilmann]

Yes, thats a different message now. Maybe i case of testing a lot of ssh-keys.

Linux might be a idea to test, but I have no experience with that. On MacOS there are only two servers with this problem.

I tried this on three different MacOS-machines, everytime the same result.

[mathias-heilmann]

I tried also to get it running on linux with no success, but different error messages (paramiko version 2.7.2):

ERROR:root:Authentication failed.
Traceback (most recent call last):
  File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/SSHKeyDistribut0r-0.2.3-py3.8.egg/SSHKeyDistribut0r/key_distribut0r.py", line 96, in main
    ssh_client.connect(server['ip'], port=server['port'], username=server['user'],
  File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/paramiko-2.7.2-py3.8.egg/paramiko/client.py", line 435, in connect
    self._auth(
  File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/paramiko-2.7.2-py3.8.egg/paramiko/client.py", line 764, in _auth
    raise saved_exception
  File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/paramiko-2.7.2-py3.8.egg/paramiko/client.py", line 740, in _auth
    self._transport.auth_publickey(username, key)
  File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/paramiko-2.7.2-py3.8.egg/paramiko/transport.py", line 1580, in auth_publickey
    return self.auth_handler.wait_for_response(my_event)
  File "/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/paramiko-2.7.2-py3.8.egg/paramiko/auth_handler.py", line 250, in wait_for_response
    raise e
paramiko.ssh_exception.AuthenticationException: Authentication failed.

[mathias-heilmann]

Error also depends on the version of paramiko==2.x in the requirements.txt

Get this error on mac and also on linux (Raspberry Pi) with version 2.4.2:

ERROR:root:not a valid RSA private key file
Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/SSHKeyDistribut0r/key_distribut0r.py", line 96, in main
ssh_client.connect(server['ip'], port=server['port'], username=server['user'],
File "/usr/local/lib/python3.9/site-packages/paramiko/client.py", line 426, in connect
self._auth(
File "/usr/local/lib/python3.9/site-packages/paramiko/client.py", line 749, in _auth
raise saved_exception
File "/usr/local/lib/python3.9/site-packages/paramiko/client.py", line 719, in _auth
key = self._key_from_filepath(
File "/usr/local/lib/python3.9/site-packages/paramiko/client.py", line 571, in keyfrom_filepath
key = klass.from_private_key_file(key_path, password)
File "/usr/local/lib/python3.9/site-packages/paramiko/pkey.py", line 206, in from_private_key_file
key = cls(filename=filename, password=password)
File "/usr/local/lib/python3.9/site-packages/paramiko/rsakey.py", line 55, in init
self._from_private_key_file(filename, password)
File "/usr/local/lib/python3.9/site-packages/paramiko/rsakey.py", line 175, in fromprivate_key_file
data = self._read_private_key_file("RSA", filename, password)
File "/usr/local/lib/python3.9/site-packages/paramiko/pkey.py", line 279, in readprivate_key_file
data = self._read_private_key(tag, f, password)
File "/usr/local/lib/python3.9/site-packages/paramiko/pkey.py", line 289, in readprivate_key
raise SSHException("not a valid " + tag + " private key file")
paramiko.ssh_exception.SSHException: not a valid RSA private key file

[thomai]

I don't have any idea how to debug this unless having access to your systems. However, thanks for further investigating the issue.

Are you sure, that you have a valid RSA private key? The last paramiko exception seems weird to me - I expect that this exception is not raised unintended. This would explain that paramiko stated a failed authentication in other cases you described.

[mathias-heilmann]

Ok, I found the problem!

On the server the RSA-SHA1-Hashing for RSA-keys was disabled and the newer RSA-SHA2-Hashing is active. Thats something which paramiko is not handling I guess.

Not sure, if this is the same problem: paramiko/paramiko#1520

[mathias-heilmann]

There seems to happen something: paramiko/paramiko#1643

[thomai]

Thanks for keeping us in the loop! :-)

[mathias-heilmann]

Can you please implement the version 2.9.1 of paramiko? Then this issue should be solved, thanks!

[mathias-heilmann]

@thomai friendly reminder :)