search

cirros-dev / cirros

120 stars 33 forks source link

cirros no mutual signature supported and paramiko issues #74

Closed freedge closed 1 year ago

freedge commented 2 years ago

I am using cirros 0.5.2 to perform some rally testing. Rally spawns a VM with cirros and tries to connect to it with Paramiko.

Since release of Paramiko 2.9 a week ago, Rally fails with:

2021-12-27 09:51:20.891 425 INFO paramiko.transport [-] Connected (version 2.0, client dropbear_2018.76)
2021-12-27 09:51:20.901 425 INFO paramiko.transport [-] Authentication (publickey) failed.
2021-12-27 09:51:21.908 425 ERROR paramiko.transport [-] Exception (client): Error reading SSH protocol banner[Errno 104] Connection reset by peer: paramiko.ssh_exception.SSHException: Error reading SSH protocol banner[Errno 104] Connection reset by peer
2021-12-27 09:51:21.910 425 ERROR paramiko.transport [-] Traceback (most recent call last):: paramiko.ssh_exception.SSHException: Error reading SSH protocol banner[Errno 104] Connection reset by peer
2021-12-27 09:51:21.910 425 ERROR paramiko.transport [-]   File "/opt/app-root/lib/python3.6/site-packages/paramiko/transport.py", line 2270, in _check_banner: paramiko.ssh_exception.SSHException: Error reading SSH protocol banner[Errno 104] Connection reset by peer
2021-12-27 09:51:21.910 425 ERROR paramiko.transport [-]     buf = self.packetizer.readline(timeout): paramiko.ssh_exception.SSHException: Error reading SSH protocol banner[Errno 104] Connection reset by peer
2021-12-27 09:51:21.910 425 ERROR paramiko.transport [-]   File "/opt/app-root/lib/python3.6/site-packages/paramiko/packet.py", line 380, in readline: paramiko.ssh_exception.SSHException: Error reading SSH protocol banner[Errno 104] Connection reset by peer
2021-12-27 09:51:21.911 425 ERROR paramiko.transport [-]     buf += self._read_timeout(timeout): paramiko.ssh_exception.SSHException: Error reading SSH protocol banner[Errno 104] Connection reset by peer
2021-12-27 09:51:21.911 425 ERROR paramiko.transport [-]   File "/opt/app-root/lib/python3.6/site-packages/paramiko/packet.py", line 607, in _read_timeout: paramiko.ssh_exception.SSHException: Error reading SSH protocol banner[Errno 104] Connection reset by peer

Reverting to paramiko<2.9 works around the issue.

As I was checking which cipher cirros would be using I noticed:

[fedora@fr2 ~]$ ssh 192.168.0.14 -l cirros 
sign_and_send_pubkey: no mutual signature supported
cirros@192.168.0.14's password: 
^C
[fedora@fr2 ~]$ ssh -o "PubkeyAcceptedKeyTypes +ssh-dss" 192.168.0.14 -l cirros
$ uname -a
Linux fr3 5.3.0-26-generic #28~18.04.1-Ubuntu SMP Wed Dec 18 16:40:14 UTC 2019 x86_64 GNU/Linux

It seems that there is an issue with cirros and the ciphers it supports. (client here is running Fedora 35)

hrw commented 2 years ago

Please check with 0.6.0

osfrickler commented 1 year ago

This should be fixed with 0.6.0, please re-open if not.