Use arcfour cipher in sftp

[kdm9]

The capture process is limited by CPU, particularly in the encryption during the upload process. This isn't a high security application. Therefore, arcfour is probably the best cipher to use.

You can pass a list of ciphers to a sftp.Connection() initialiser. i.e.:

       link = sftp.Connection(host=hostname, username=user, password=passwd, ciphers=['arcfour128',])

[clixx-io]

I've added that option, but I get this when running it:

2014-07-09 07:11:02,543 - paramiko.transport - ERROR - self._parse_kex_init(m) 2014-07-09 07:11:02,543 - paramiko.transport - ERROR - File "/usr/local/lib/python2.7/dist-packages/paramiko-1.14.0-py2.7.egg/paramiko/transport.py", line 1663, in _parse_kex_init 2014-07-09 07:11:02,543 - paramiko.transport - ERROR - raise SSHException('Incompatible ssh server (no acceptable ciphers)') 2014-07-09 07:11:02,543 - paramiko.transport - ERROR - SSHException: Incompatible ssh server (no acceptable ciphers) 2014-07-09 07:11:02,543 - paramiko.transport - ERROR - 2014-07-09 07:11:02,573 - main - ERROR - Incompatible ssh server (no acceptable ciphers) ^CTraceback (most recent call last):

On Thu, Jul 3, 2014 at 11:42 AM, Kevin Murray notifications@github.com wrote:

The capture process is limited by CPU, particularly in the encryption during the upload process. This isn't a high security application. Therefore, arcfour is probably the best cipher to use.

You can pass a list of ciphers to a sftp.Connection() initialiser. i.e.:

   link = sftp.Connection(host=hostname, username=user, password=passwd, ciphers=['arcfour128',])

— Reply to this email directly or view it on GitHub https://github.com/borevitzlab/spc-eyepi/issues/7.

[kdm9]

OK, you then need to specify something like ciphers=['arcfour128', 'aes256']. I.e., prefer arcfour if the server supports it, otherwise fall back to something sane and common.

[clixx-io]

I get:

2014-07-11 06:06:18,617 - main - INFO - Program Startup 2014-07-11 06:06:18,634 - main - DEBUG - Preparing to upload 114 files 2014-07-11 06:06:18,634 - main - DEBUG - Connecting 2014-07-11 06:06:18,713 - main - ERROR - unknown cipher

On Wed, Jul 9, 2014 at 6:00 PM, Kevin Murray notifications@github.com wrote:

OK, you then need to specify something like ciphers=['arcfour128', 'aes256']. I.e., prefer arcfour if the server supports it, otherwise fall back to something sane and common.

— Reply to this email directly or view it on GitHub https://github.com/borevitzlab/spc-eyepi/issues/7#issuecomment-48440526.

[kdm9]

aes256 is just an example, you need to inspect the ones that paramiko says the connection supports. It prints a list out in its debug log.

[clixx-io]

Arcfour cipher doesn't appear to be supported on your server.

However, the upload is working:

2014-07-17 16:32:24,910 - main - INFO - Successfuly uploaded images/DAVID_2014-07-17_16-19-03.CR2 2014-07-17 16:32:24,952 - paramiko.transport.sftp - DEBUG - [chan 1] open('DAVID_2014-07-17_16-19-03.ppm', 'wb') 2014-07-17 16:32:25,372 - paramiko.transport.sftp - DEBUG - [chan 1] open('DAVID_2014-07-17_16-19-03.ppm', 'wb') -> 0002 2014-07-17 16:43:42,949 - paramiko.transport.sftp - DEBUG - [chan 1] close(0002) 2014-07-17 16:43:47,032 - paramiko.transport.sftp - DEBUG - [chan 1] stat('DAVID_2014-07-17_16-19-03.ppm') 2014-07-17 16:43:52,541 - main - INFO - Successfuly uploaded images/DAVID_2014-07-17_16-19-03.ppm 2014-07-17 16:43:52,579 - main - DEBUG - Disconnecting

On Fri, Jul 11, 2014 at 9:39 AM, Kevin Murray notifications@github.com wrote:

aes256 is just an example, you need to inspect the ones that paramiko says the connection supports. It prints a list out in its debug log.

— Reply to this email directly or view it on GitHub https://github.com/borevitzlab/spc-eyepi/issues/7#issuecomment-48678502.

[kdm9]

Can you confirm that the change to arcfour was made, per my above comments?

[clixx-io]

I made the change, but the server reported that arcfour cipher wasn't supported by your server.

So I reverted the code back so that the uploads were working again. Which they are now.

When you request that I debug the system to find alternate ciphers that are availabe on the server, how much time would you like me to spend on that ?

On Thu, Jul 17, 2014 at 6:29 PM, Kevin Murray notifications@github.com wrote:

Can you confirm that the change to arcfour was made, per my above comments?

— Reply to this email directly or view it on GitHub https://github.com/borevitzlab/spc-eyepi/issues/7#issuecomment-49272602.

[kdm9]

Content preview: None, I'll do it. Just seeing if you had. K On Thu, 17 Jul 2014 03:03:35 -0700 David Lyon notifications@github.com wrote: [...]

Content analysis details: (-1.0 points, 5.0 required)

pts rule name description

---

-1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP

None, I'll do it. Just seeing if you had.

K

On Thu, 17 Jul 2014 03:03:35 -0700 David Lyon notifications@github.com wrote:

I made the change, but the server reported that arcfour cipher wasn't supported by your server.

So I reverted the code back so that the uploads were working again. Which they are now.

When you request that I debug the system to find alternate ciphers that are availabe on the server, how much time would you like me to spend on that ?

On Thu, Jul 17, 2014 at 6:29 PM, Kevin Murray notifications@github.com wrote:

Can you confirm that the change to arcfour was made, per my above comments?

— Reply to this email directly or view it on GitHub https://github.com/borevitzlab/spc-eyepi/issues/7#issuecomment-49272602.

---

Reply to this email directly or view it on GitHub: https://github.com/borevitzlab/spc-eyepi/issues/7#issuecomment-49287283

[gdunstone]

The default cipher is not too complex. And since threading the capture and uploads, it's non-blocking. I'll look at changing the cipher shortly but I don't think that it will make much difference.