[Twisted-Python] Need SSH help
I am trying to write an encrypted P2P program (cryptic6.sourceforge.net). I am trying to understand twisted's ssh. Thanks to the helpful people on #twisted I have am able to get the twisted client to send messages to the twisted server. This works when I use the keys provided in the example. However when I try to generate my own keys it always complains that they are not password. This is the code I am using to generate public/private key pairs: twisted.scripts.ckeygen.generateRSAkey({'bits':1048,'filename': os.path.join(os.path.expanduser('~'),'.cryptic6/keys'),'pass':pass) This is the error I get: 2005/03/02 14:37 UTC [-] Log opened. 2005/03/02 14:37 UTC [-] Traceback (most recent call last): 2005/03/02 14:37 UTC [-] File "sshsimpleserver.py", line 97, in ? 2005/03/02 14:37 UTC [-] class ExampleFactory(factory.SSHFactory): 2005/03/02 14:37 UTC [-] File "sshsimpleserver.py", line 101, in ExampleFactory 2005/03/02 14:37 UTC [-] privateKeys = { 2005/03/02 14:37 UTC [-] File "/usr/lib/python2.3/site-packages/twisted/conch/ssh/keys.py", line 180, in getPrivateKeyObject 2005/03/02 14:37 UTC [-] return getPrivateKeyObject_openssh(data, passphrase) 2005/03/02 14:37 UTC [-] File "/usr/lib/python2.3/site-packages/twisted/conch/ssh/keys.py", line 207, in getPrivateKeyObject_openssh 2005/03/02 14:37 UTC [-] raise BadKeyError, 'encrypted key with no passphrase' 2005/03/02 14:37 UTC [-] twisted.conch.ssh.keys.BadKeyError: encrypted key with no passphrase Is there another way I should generate the keys? Thanks
On Wed, 2005-03-02 at 14:58 +0000, Bad_Bob wrote:
The problem is on the next line: 'ssh-rsa': keys.getPrivateKeyObject(data=privateKey) That means that getPrivateKeyObject doesn't expect the key to be encrypted. If it is, you need to also pass in the passphrase kwarg with the passphrase. -p -- Paul Swartz (o_ http://z3p.livejournal.com/ _o) //\ z3p@twistedmatrix.com /\\ V_/_ AIM: z3penguin _\_V->
Thanks, that worked! One more question: How do I authenticate with public keys? What I am trying to get this to do it to authenticate based on the public key, not based on the password. The program will have a list of trusted public keys, and only allow those to connect. They could use a password, but if they have the wrong public key, I don't want them to connect. Thanks, Bob Am Mittwoch, 2. März 2005 21:00 schrieb Paul Swartz:
On Wed, 2005-03-02 at 16:21 +0000, Bad_Bob wrote:
I assume you mean authenticate the client to the server using public keys? You need to set up a CredentialChecker that checks ISSHPublicKey. Take a look at t.c.checkers.SSHPublicKeyDatabase. If you're not familiar with how Cred works, you should also look at the Cred HOWTO. -p -- Paul Swartz (o_ http://z3p.livejournal.com/ _o) //\ z3p@twistedmatrix.com /\\ V_/_ AIM: z3penguin _\_V->
On Wed, 2005-03-02 at 14:58 +0000, Bad_Bob wrote:
The problem is on the next line: 'ssh-rsa': keys.getPrivateKeyObject(data=privateKey) That means that getPrivateKeyObject doesn't expect the key to be encrypted. If it is, you need to also pass in the passphrase kwarg with the passphrase. -p -- Paul Swartz (o_ http://z3p.livejournal.com/ _o) //\ z3p@twistedmatrix.com /\\ V_/_ AIM: z3penguin _\_V->
Thanks, that worked! One more question: How do I authenticate with public keys? What I am trying to get this to do it to authenticate based on the public key, not based on the password. The program will have a list of trusted public keys, and only allow those to connect. They could use a password, but if they have the wrong public key, I don't want them to connect. Thanks, Bob Am Mittwoch, 2. März 2005 21:00 schrieb Paul Swartz:
On Wed, 2005-03-02 at 16:21 +0000, Bad_Bob wrote:
I assume you mean authenticate the client to the server using public keys? You need to set up a CredentialChecker that checks ISSHPublicKey. Take a look at t.c.checkers.SSHPublicKeyDatabase. If you're not familiar with how Cred works, you should also look at the Cred HOWTO. -p -- Paul Swartz (o_ http://z3p.livejournal.com/ _o) //\ z3p@twistedmatrix.com /\\ V_/_ AIM: z3penguin _\_V->
participants (2)
-
Bad_Bob -
Paul Swartz