Bazaar

[win32] sftp access to remote server with SSH key failed

Bug #70398 reported by Alexander Belchenko on 2006-11-05

Affects		Status	Importance	Assigned to	Milestone
	Bazaar	Fix Released	High	Unassigned	Bazaar 0.13
	paramiko	Fix Released	Medium	Robey Pointer	paramiko 1.6.4

Bug Description

I cannot do bzr operations over sftp with remote server when I use SSH key authorisation.

I use native windows version of bzr + paramiko + pageant.exe utility as server for SSH private keys.

When I try to connect to another machine in my local network -- all OK.
When I try to connect to my repo on Aaron Bentley's site (many thanks to Aaron) I cannot do this with bzr. With Putty.exe ssh session works OK.

Here is traceback:

D:\Bazaar\sandbox>bzr revno sftp://<email address hidden>/~/repo/bzr.dev/
Connected (version 2.0, client OpenSSH_4.2p1)
Adding ssh-rsa host key for aaronbentley.com: 882392A28664E4C056E09C24A648C099
bzr: ERROR: exceptions.KeyError: 'aaronbentley.com'

Traceback (most recent call last):
  File "D:\Bazaar\sandbox\bzr.dev\bzrlib\commands.py", line 626, in run_bzr_catch_errors
    return run_bzr(argv)
  File "D:\Bazaar\sandbox\bzr.dev\bzrlib\commands.py", line 588, in run_bzr
    ret = run(*run_argv)
  File "D:\Bazaar\sandbox\bzr.dev\bzrlib\commands.py", line 292, in run_argv_aliases
    return self.run(**all_cmd_args)
  File "D:\Bazaar\sandbox\bzr.dev\bzrlib\commands.py", line 598, in ignore_pipe
    result = func(*args, **kwargs)
  File "D:\Bazaar\sandbox\bzr.dev\bzrlib\builtins.py", line 226, in run
    self.outf.write(str(Branch.open_containing(location)[0].revno()))
  File "D:\Bazaar\sandbox\bzr.dev\bzrlib\branch.py", line 133, in open_containing
    control, relpath = bzrdir.BzrDir.open_containing(url)
  File "D:\Bazaar\sandbox\bzr.dev\bzrlib\bzrdir.py", line 525, in open_containing
    return BzrDir.open_containing_from_transport(get_transport(url))
  File "D:\Bazaar\sandbox\bzr.dev\bzrlib\lazy_import.py", line 106, in __call__
    return obj(*args, **kwargs)
  File "D:\Bazaar\sandbox\bzr.dev\bzrlib\transport\__init__.py", line 1036, in get_transport
    t, last_err = _try_transport_factories(base, factory_list)
  File "D:\Bazaar\sandbox\bzr.dev\bzrlib\transport\__init__.py", line 1052, in _try_transport_factories
    return factory(base), None
  File "D:\Bazaar\sandbox\bzr.dev\bzrlib\transport\__init__.py", line 103, in _loader
    return klass(base)
  File "D:\Bazaar\sandbox\bzr.dev\bzrlib\transport\sftp.py", line 223, in __init__
    self._sftp_connect()
  File "D:\Bazaar\sandbox\bzr.dev\bzrlib\transport\sftp.py", line 834, in _sftp_connect
    self._password)
  File "D:\Bazaar\sandbox\bzr.dev\bzrlib\transport\sftp.py", line 1193, in _sftp_connect
    sftp = _sftp_connect_uncached(host, port, username, password)
  File "D:\Bazaar\sandbox\bzr.dev\bzrlib\transport\sftp.py", line 1199, in _sftp_connect_uncached
    sftp = vendor.connect_sftp(username, password, host, port)
  File "D:\Bazaar\sandbox\bzr.dev\bzrlib\transport\ssh.py", line 243, in connect_sftp
    t = self._connect(username, password, host, port)
  File "D:\Bazaar\sandbox\bzr.dev\bzrlib\transport\ssh.py", line 228, in _connect
    BZR_HOSTKEYS[host][keytype] = server_key
  File "E:\Python24\lib\site-packages\paramiko\hostkeys.py", line 229, in __getitem__
    raise KeyError(key)
KeyError: 'aaronbentley.com'

bzr 0.13.0dev0 on python 2.4.4.final.0 (win32)
arguments: ['c:\\utils\\bzr.py', 'revno', 'sftp://<email address hidden>/~/repo/bzr.dev/']

As I see bzr expect to get key by the name of remote site. What I do wrong?

Paramiko 1.6.3
bzr 0.13.dev revno.2120

Revision history for this message

Robey Pointer (robey) wrote on 2006-11-11:

I think the bug is actually happening two lines above, at:

if host not in BZR_HOSTKEYS:
BZR_HOSTKEYS[host] = {}

Using a HostKeys object as a dict is deprecated since 1.5.3, but I guess it at least shouldn't throw an exception. I think I can patch paramiko to silently ignore in 1.6.4.

Note that even in 1.6.1, no keys are actually getting added to the hostkeys file. You have to use HostKeys.add() for that. My change to paramiko will just make it stop throwing an exception when you try.

Changed in paramiko:
assignee:	nobody → robey
importance:	Undecided → Medium
status:	Unconfirmed → Confirmed

Revision history for this message

Alexander Belchenko (bialix) wrote on 2006-11-11: Re: [Bug 70398] Re: [win32] sftp access to remote server with SSH key failed

Robey Pointer пишет:
> I think the bug is actually happening two lines above, at:
>
> if host not in BZR_HOSTKEYS:
> BZR_HOSTKEYS[host] = {}

You're right.

> Using a HostKeys object as a dict is deprecated since 1.5.3,

I don't know this.

> but I guess
> it at least shouldn't throw an exception. I think I can patch paramiko
> to silently ignore in 1.6.4.

Well, my experiments show that:

1.6.3 -- silently ignore (but I think it's bad)
1.6.2 -- throw exception
1.6.1 -- seems to do what I want because bzr works

> Note that even in 1.6.1, no keys are actually getting added to the
> hostkeys file. You have to use HostKeys.add() for that. My change to
> paramiko will just make it stop throwing an exception when you try.

I think that paramiko should emit deprecation warning instead of
throwing exception or silently ignore.

Alexander

Revision history for this message

John A Meinel (jameinel) wrote on 2006-11-11:

Well, I realize it was deprecated in 1.5.3, but the biggest problem we encounter is that the most common version out there is 1.5.2. It is the one that shipped with Dapper.

So if BZR_HOSTKEYS.add() has been supported since 1.5.2, then we should have just fixed bzr long ago. And definitely we should fix it for 0.13. However, we need to know from Robey what we need to do to support 1.5.2 and then >1.5.2

I would be happy if it was deprecated rather than raising an exception, but I think raising an exception is better than silently failing.

Changed in bzr:
importance:	Undecided → High
status:	Unconfirmed → Confirmed

Revision history for this message

Robey Pointer (robey) wrote on 2006-11-12:

I think I figured out a way to make the dict emulation work better here. I checked in a change @412 that at least passes unit tests -- can you try it with the Windows bzr and see if that fixes it?

Changed in paramiko:
status:	Confirmed → Fix Committed

Revision history for this message

Wouter van Heyst (larstiq) wrote on 2006-11-16:

I believe bzr.dev r2137 should have the fix to work with versions of paramiko 1.5.3 - 1.6.3 as well. Alexander, could you confirm that it works for your situation?

Revision history for this message

Alexander Belchenko (bialix) wrote on 2006-11-17:

I confirm this.

Revision history for this message

Aaron Bentley (abentley) wrote on 2006-11-17:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Wouter van Heyst wrote:
> I believe bzr.dev r2137 should have the fix to work with versions of
> paramiko 1.5.3 - 1.6.3 as well. Alexander, could you confirm that it
> works for your situation?

As of revno 2140, it also works for paramiko 1.5.2

Aaron

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFFXb3N0F+nu1YWqI0RAjuzAJ97/0l4vsroGd+2CxyOaG3bcKY0sACdELYs
k118jCTzyQQRoknRJPK3EV4=
=GKeX
-----END PGP SIGNATURE-----

Revision history for this message

Wouter van Heyst (larstiq) wrote on 2006-11-20:

As of r2140 it should _really_ work with all known versions of paramiko, at least for the BZR_HOSTKEYS

Changed in bzr:
status:	Confirmed → Fix Released

Robey Pointer (robey) on 2006-12-15

Changed in paramiko:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.