search

SUSE-Enceladus / img-proof

img-proof provides a command line utility to test images in the Public Cloud
https://img-proof.readthedocs.io/en/latest/
GNU General Public License v3.0
14 stars 7 forks source link

Handle ssh key type discovery in img-proof #382

Open smarlowucf opened 4 months ago

smarlowucf commented 4 months ago

Currently img-proof passes a ssh key file path to paramiko and relies on paramiko to determine the key type. This leads to cryptic errors if there is an authentication or authorization failure with the key/user being used. For example with an RSA key that is not authorized to access the test instance instead of returning auth error paramiko returns ValueError: q must be exactly 160, 224, or 256 bits long.

To better handle and prevent this type of error from bubbling up img-proof can handle the key type discovery and instead pass a pkey object to paramiko that already is typed.

smarlowucf commented 4 months ago

Example:

def get_key(key_path: str = "./id_rsa") -> paramiko.PKey:
    with open(key_path) as f:
        return paramiko.RSAKey.from_private_key(f)

key = get_key()
client.connect(hostname, username=username, pkey=key)
smarlowucf commented 4 months ago

The code in question in paramiko walks through the following types:

from paramiko.dsskey import DSSKey
from paramiko.ecdsakey import ECDSAKey
from paramiko.ed25519key import Ed25519Key
from paramiko.rsakey import RSAKey

for pkey_class in (RSAKey, DSSKey, ECDSAKey, Ed25519Key):
    ...