search

internap / fake-switches

A pluggable switch/router command-line simulator
Apache License 2.0
65 stars 41 forks source link

Docker failing with error - Invalid private key #163

Open ansiblejunky opened 3 years ago

ansiblejunky commented 3 years ago

Running the suggested docker command docker run -P -d internap/fake-switches results in failure. Using latest version/code/branch.

/usr/local/lib/python2.7/site-packages/twisted/conch/ssh/transport.py:22: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in the next release.
  from cryptography.exceptions import UnsupportedAlgorithm
Traceback (most recent call last):
  File "/usr/local/bin/fake-switches", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/python2.7/site-packages/fake_switches/cmd/main.py", line 39, in main
    ssh_service.hook_to_reactor(reactor)
  File "/usr/local/lib/python2.7/site-packages/fake_switches/transports/ssh_service.py", line 121, in hook_to_reactor
    b'ssh-rsa': keys.Key.fromString(data=host_private_key.encode())}
  File "/usr/local/lib/python2.7/site-packages/twisted/conch/ssh/keys.py", line 199, in fromString
    return method(data, passphrase)
  File "/usr/local/lib/python2.7/site-packages/twisted/conch/ssh/keys.py", line 450, in _fromString_PRIVATE_OPENSSH
    ).private_key(default_backend())
  File "/usr/local/lib/python2.7/site-packages/cryptography/hazmat/primitives/asymmetric/rsa.py", line 317, in private_key
    return backend.load_rsa_private_numbers(self)
  File "/usr/local/lib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 629, in load_rsa_private_numbers
    return _RSAPrivateKey(self, rsa_cdata, evp_pkey)
  File "/usr/local/lib/python2.7/site-packages/cryptography/hazmat/backends/openssl/rsa.py", line 361, in __init__
    raise ValueError("Invalid private key", errors)
ValueError: ('Invalid private key', [_OpenSSLErrorWithText(code=67764348L, lib=4, func=160, reason=124, reason_text='error:040A007C:rsa routines:RSA_check_key_ex:dmp1 not congruent to d'), _OpenSSLErrorWithText(code=67764349L, lib=4, func=160, reason=125, reason_text='error:040A007D:rsa routines:RSA_check_key_ex:dmq1 not congruent to d'), _OpenSSLErrorWithText(code=67764350L, lib=4, func=160, reason=126, reason_text='error:040A007E:rsa routines:RSA_check_key_ex:iqmp not inverse of q')])
ansiblejunky commented 3 years ago

Modifying the Dockerfile to force installation of a higher version of cryptography fixes the problem. This is a minimal fix, but ultimately the whole repo needs to be updated to use python3 instead and adjust the Dockerfile appropriately. I tested with docker base image python:3.8-alpha and some adjustments to the requirements.txt and ran the pip-compile command to regenerate the constraints.txt. The docker image built fine, but running the fake-switches got a prompt but when I tried enable command it asked for admin password and even though I provided it, it did not accept it. So something in the code needs further fixes.

For now, here's the Dockerfile change you need. Add the cryptography requirement to the file, right above the pip install command that exists.

RUN pip install cryptography==3.0
RUN pip install --no-cache-dir -r requirements.txt