attempt to connect to a server that does not support server-sig-algs and also only supports ssh-rsa (specifically, does not support rsa-sha2-512). the connection will fail:
DEBUG:paramiko.transport:Finalizing pubkey algorithm for key of type 'ssh-rsa'
DEBUG:paramiko.transport:Our pubkey algorithm list: ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-rsa']
DEBUG:paramiko.transport:Server did not send a server-sig-algs list; defaulting to our first preferred algo ('rsa-sha2-512')
DEBUG:paramiko.transport:NOTE: you may use the 'disabled_algorithms' SSHClient/Transport init kwarg to disable that or other algorithms if your server does not support them!
INFO:paramiko.transport:Authentication (publickey) failed.
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3/dist-packages/paramiko/client.py", line 435, in connect
self._auth(
File "/usr/lib/python3/dist-packages/paramiko/client.py", line 766, in _auth
raise saved_exception
File "/usr/lib/python3/dist-packages/paramiko/client.py", line 736, in _auth
key = self._key_from_filepath(
File "/usr/lib/python3/dist-packages/paramiko/client.py", line 588, in _key_from_filepath
key = klass.from_private_key_file(key_path, password)
File "/usr/lib/python3/dist-packages/paramiko/pkey.py", line 249, in from_private_key_file
key = cls(filename=filename, password=password)
File "/usr/lib/python3/dist-packages/paramiko/rsakey.py", line 64, in __init__
self._from_private_key_file(filename, password)
File "/usr/lib/python3/dist-packages/paramiko/rsakey.py", line 190, in _from_private_key_file
data = self._read_private_key_file("RSA", filename, password)
File "/usr/lib/python3/dist-packages/paramiko/pkey.py", line 322, in _read_private_key_file
data = self._read_private_key(tag, f, password)
File "/usr/lib/python3/dist-packages/paramiko/pkey.py", line 351, in _read_private_key
data = self._read_private_key_openssh(lines[start:end], password)
File "/usr/lib/python3/dist-packages/paramiko/pkey.py", line 452, in _read_private_key_openssh
raise PasswordRequiredException(
paramiko.ssh_exception.PasswordRequiredException: private key file is encrypted
[regression potential]
any regression would likely prevent paramiko from connecting to a remote server.
[scope]
this needs to be fixed in jammy and later.
this problem was introduced in paramiko 2.9.0 so does not exist in impish or earlier.
[impact]
paramiko fails to connect to some servers.
[test case]
attempt to connect to a server that does not support server-sig-algs and also only supports ssh-rsa (specifically, does not support rsa-sha2-512). the connection will fail:
DEBUG:paramiko. transport: Finalizing pubkey algorithm for key of type 'ssh-rsa' transport: Our pubkey algorithm list: ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-rsa'] transport: Server did not send a server-sig-algs list; defaulting to our first preferred algo ('rsa-sha2-512') transport: NOTE: you may use the 'disabled_ algorithms' SSHClient/Transport init kwarg to disable that or other algorithms if your server does not support them! transport: Authentication (publickey) failed. python3/ dist-packages/ paramiko/ client. py", line 435, in connect python3/ dist-packages/ paramiko/ client. py", line 766, in _auth python3/ dist-packages/ paramiko/ client. py", line 736, in _auth from_filepath( python3/ dist-packages/ paramiko/ client. py", line 588, in _key_from_filepath private_ key_file( key_path, password) python3/ dist-packages/ paramiko/ pkey.py" , line 249, in from_private_ key_file filename, password=password) python3/ dist-packages/ paramiko/ rsakey. py", line 64, in __init__ _from_private_ key_file( filename, password) python3/ dist-packages/ paramiko/ rsakey. py", line 190, in _from_private_ key_file private_ key_file( "RSA", filename, password) python3/ dist-packages/ paramiko/ pkey.py" , line 322, in _read_private_ key_file private_ key(tag, f, password) python3/ dist-packages/ paramiko/ pkey.py" , line 351, in _read_private_key private_ key_openssh( lines[start: end], password) python3/ dist-packages/ paramiko/ pkey.py" , line 452, in _read_private_ key_openssh dException( ssh_exception. PasswordRequire dException: private key file is encrypted
DEBUG:paramiko.
DEBUG:paramiko.
DEBUG:paramiko.
INFO:paramiko.
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/
self._auth(
File "/usr/lib/
raise saved_exception
File "/usr/lib/
key = self._key_
File "/usr/lib/
key = klass.from_
File "/usr/lib/
key = cls(filename=
File "/usr/lib/
self.
File "/usr/lib/
data = self._read_
File "/usr/lib/
data = self._read_
File "/usr/lib/
data = self._read_
File "/usr/lib/
raise PasswordRequire
paramiko.
[regression potential]
any regression would likely prevent paramiko from connecting to a remote server.
[scope]
this needs to be fixed in jammy and later.
this problem was introduced in paramiko 2.9.0 so does not exist in impish or earlier.
[other info]
this doesn't appear to be fixed upstream yet. /github. com/paramiko/ paramiko/ issues/ 2012
https:/