search

paramiko / paramiko

The leading native Python SSHv2 protocol library.
http://paramiko.org
GNU Lesser General Public License v2.1
9.13k stars 2.01k forks source link

*gss.py tests fail (due to changed key path?) #2245

Open mgorny opened 1 year ago

mgorny commented 1 year ago 
FAILED tests/test_kex_gss.py::GSSKexTest::test_gsskex_and_auth - FileNotFoundError: [Errno 2] No such file or directory: 'tests/rsa.key'
FAILED tests/test_ssh_gss.py::GSSAuthTest::test_auth_trickledown - FileNotFoundError: [Errno 2] No such file or directory: 'tests/rsa.key'
FAILED tests/test_ssh_gss.py::GSSAuthTest::test_gss_auth - FileNotFoundError: [Errno 2] No such file or directory: 'tests/rsa.key'

I guess they weren't updated when the key was moved into _support/.

bskinn commented 1 year ago

Is this with the new paramiko 3.2?

stanislavlevin commented 1 year ago

yep, since paramiko 3.2

mgorny commented 1 year ago

Is this with the new paramiko 3.2?

Yes, since 162213fa1a4551bd955134c97ca5276a5f29e907 to be more precise.

bskinn commented 1 year ago

Is this with the new paramiko 3.2?

Yes, since 162213f to be more precise.

:+1:, I've forwarded to bitprophet for his action.

bitprophet commented 1 year ago

Yea this is an oversight in the test shuffling (though I'd thought I made the support path loader backwards compatible, maybe it's not in use in this sub-suite at all...). Should be a quick fix.

Note that GSSAPI almost certainly doesn't work at all under the new experimental APIs in this release, but this breakage is orthogonal as the gssapi test suites didn't get updated to look at those anyways.

bitprophet commented 1 year ago

That was it, those suites were hardcoding the paths, I just updated them to use the helper. I don't have kerberos kit locally so can't actually run the tests - please let us know how they look now @mgorny !

mgorny commented 1 year ago

Well, for a start I've accidentally tested with Python 3.12 and noticed another problem:

FAILED tests/test_kex_gss.py::GSSKexTest::test_gsskex_and_auth - AttributeError: 'GSSKexTest' object has no attribute 'assert_'. Did you mean: 'assertIn'?

IIRC assert_ was deprecated long ago for assertTrue.

On Python 3.11, that one test is fixed while the two other fail with:

FAILED tests/test_ssh_gss.py::GSSAuthTest::test_auth_trickledown - paramiko.ssh_exception.SSHException: encountered RSA key, expected OPENSSH key
FAILED tests/test_ssh_gss.py::GSSAuthTest::test_gss_auth - paramiko.ssh_exception.AuthenticationException: Authentication failed: transport shut down or saw EOF
Full traceback ```pytb ========================================================= test session starts ========================================================= platform linux -- Python 3.11.3, pytest-7.3.1, pluggy-1.0.0 rootdir: /tmp/paramiko configfile: pytest.ini plugins: relaxed-2.0.1 collected 2 items tests/test_ssh_gss.py FF [100%] ============================================================== FAILURES =============================================================== __________________________________________________ GSSAuthTest.test_auth_trickledown __________________________________________________ self = def test_auth_trickledown(self): """ Failed gssapi-with-mic doesn't prevent subsequent key from succeeding """ self.hostname = ( "this_host_does_not_exists_and_causes_a_GSSAPI-exception" ) > self._test_connection( key_filename=[_support("rsa.key")], allow_agent=False, look_for_keys=False, ) tests/test_ssh_gss.py:156: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ tests/test_ssh_gss.py:111: in _test_connection self.tc.connect( paramiko/client.py:485: in connect self._auth( paramiko/client.py:818: in _auth raise saved_exception paramiko/client.py:730: in _auth key = self._key_from_filepath( paramiko/client.py:638: in _key_from_filepath key = klass.from_private_key_file(key_path, password) paramiko/pkey.py:421: in from_private_key_file key = cls(filename=filename, password=password) paramiko/ed25519key.py:60: in __init__ pkformat, data = self._read_private_key("OPENSSH", f) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = <[AttributeError("'Ed25519Key' object has no attribute '_signing_key'") raised in repr()] Ed25519Key object at 0x7f25491fa410> tag = 'OPENSSH', f = <_io.TextIOWrapper name='/tmp/paramiko/tests/_support/rsa.key' mode='r' encoding='UTF-8'>, password = None def _read_private_key(self, tag, f, password=None): lines = f.readlines() if not lines: raise SSHException("no lines in {} private key file".format(tag)) # find the BEGIN tag start = 0 m = self.BEGIN_TAG.match(lines[start]) line_range = len(lines) - 1 while start < line_range and not m: start += 1 m = self.BEGIN_TAG.match(lines[start]) start += 1 keytype = m.group(1) if m else None if start >= len(lines) or keytype is None: raise SSHException("not a valid {} private key file".format(tag)) # find the END tag end = start m = self.END_TAG.match(lines[end]) while end < line_range and not m: end += 1 m = self.END_TAG.match(lines[end]) if keytype == tag: data = self._read_private_key_pem(lines, end, password) pkformat = self._PRIVATE_KEY_FORMAT_ORIGINAL elif keytype == "OPENSSH": data = self._read_private_key_openssh(lines[start:end], password) pkformat = self._PRIVATE_KEY_FORMAT_OPENSSH else: > raise SSHException( "encountered {} key, expected {} key".format(keytype, tag) ) E paramiko.ssh_exception.SSHException: encountered RSA key, expected OPENSSH key paramiko/pkey.py:529: SSHException -------------------------------------------------------- Captured stderr setup -------------------------------------------------------- [4946.0883140563965] DEBUG:k5test.realm:Using discovered path for krb5-config (/usr/bin/krb5-config) [5028.918266296387] DEBUG:k5test.realm:Using discovered path for kdb5_util (/usr/sbin/kdb5_util) [5029.298543930054] DEBUG:k5test.realm:Using discovered path for krb5kdc (/usr/sbin/krb5kdc) [5029.631853103638] DEBUG:k5test.realm:Using discovered path for kadmin (/usr/bin/kadmin) [5029.954433441162] DEBUG:k5test.realm:Using discovered path for kadmin.local (/usr/sbin/kadmin.local) [5030.285835266113] DEBUG:k5test.realm:Using discovered path for kadmind (/usr/sbin/kadmind) [5030.600786209106] DEBUG:k5test.realm:Using discovered path for kprop (/usr/sbin/kprop) [5030.933856964111] DEBUG:k5test.realm:Using discovered path for kinit (/usr/bin/kinit) [5031.255722045898] DEBUG:k5test.realm:Using discovered path for klist (/usr/bin/klist) [6042.673587799072] DEBUG:k5test.realm:[OUTPUT FROM `/usr/sbin/kdb5_util create -W -s -P master`] Initializing database '/tmp/tmp0p896syd-krbtest/db' for realm 'KRBTEST.COM', master key name 'K/M@KRBTEST.COM' [6055.220603942871] DEBUG:k5test.realm:[OUTPUT FROM `/usr/sbin/kadmin.local -q addprinc -pw usertmp0p896syd-krbtest user@KRBTEST.COM`] No policy specified for user@KRBTEST.COM; defaulting to no policy Authenticating as principal mgorny/admin@KRBTEST.COM with password. Principal "user@KRBTEST.COM" created. [6068.031549453735] DEBUG:k5test.realm:[OUTPUT FROM `/usr/sbin/kadmin.local -q addprinc -pw admintmp0p896syd-krbtest user/admin@KRBTEST.COM`] No policy specified for user/admin@KRBTEST.COM; defaulting to no policy Authenticating as principal mgorny/admin@KRBTEST.COM with password. Principal "user/admin@KRBTEST.COM" created. [6070.51682472229] DEBUG:k5test.realm:[OUTPUT FROM `/usr/sbin/kadmin.local -q addprinc -randkey host/pomiot@KRBTEST.COM`] No policy specified for host/pomiot@KRBTEST.COM; defaulting to no policy Authenticating as principal mgorny/admin@KRBTEST.COM with password. Principal "host/pomiot@KRBTEST.COM" created. [6073.570489883423] DEBUG:k5test.realm:[OUTPUT FROM `/usr/sbin/kadmin.local -q ktadd -k /tmp/tmp0p896syd-krbtest/keytab -norandkey host/pomiot@KRBTEST.COM`] Authenticating as principal mgorny/admin@KRBTEST.COM with password. Entry for principal host/pomiot@KRBTEST.COM with kvno 1, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/tmp/tmp0p896syd-krbtest/keytab. Entry for principal host/pomiot@KRBTEST.COM with kvno 1, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/tmp/tmp0p896syd-krbtest/keytab. [6078.910827636719] DEBUG:k5test.realm:[OUTPUT FROM `/usr/sbin/krb5kdc -n`] krb5kdc: starting... [6090.476989746094] DEBUG:k5test.realm:[OUTPUT FROM `/usr/bin/kinit -V user@KRBTEST.COM`] Using default cache: /tmp/tmp0p896syd-krbtest/ccache Using principal: user@KRBTEST.COM Password for user@KRBTEST.COM: Authenticated to Kerberos v5 [6091.673135757446] DEBUG:k5test.realm:[OUTPUT FROM `/usr/bin/klist /tmp/tmp0p896syd-krbtest/ccache`] Ticket cache: FILE:/tmp/tmp0p896syd-krbtest/ccache Default principal: user@KRBTEST.COM Valid starting Expires Service principal 05/26/23 16:38:10 05/27/23 16:38:10 krbtgt/KRBTEST.COM@KRBTEST.COM --------------------------------------------------------- Captured log setup ---------------------------------------------------------- DEBUG k5test.realm:realm.py:73 Using discovered path for krb5-config (/usr/bin/krb5-config) DEBUG k5test.realm:realm.py:73 Using discovered path for kdb5_util (/usr/sbin/kdb5_util) DEBUG k5test.realm:realm.py:73 Using discovered path for krb5kdc (/usr/sbin/krb5kdc) DEBUG k5test.realm:realm.py:73 Using discovered path for kadmin (/usr/bin/kadmin) DEBUG k5test.realm:realm.py:73 Using discovered path for kadmin.local (/usr/sbin/kadmin.local) DEBUG k5test.realm:realm.py:73 Using discovered path for kadmind (/usr/sbin/kadmind) DEBUG k5test.realm:realm.py:73 Using discovered path for kprop (/usr/sbin/kprop) DEBUG k5test.realm:realm.py:73 Using discovered path for kinit (/usr/bin/kinit) DEBUG k5test.realm:realm.py:73 Using discovered path for klist (/usr/bin/klist) DEBUG k5test.realm:realm.py:354 [OUTPUT FROM `/usr/sbin/kdb5_util create -W -s -P master`] Initializing database '/tmp/tmp0p896syd-krbtest/db' for realm 'KRBTEST.COM', master key name 'K/M@KRBTEST.COM' DEBUG k5test.realm:realm.py:354 [OUTPUT FROM `/usr/sbin/kadmin.local -q addprinc -pw usertmp0p896syd-krbtest user@KRBTEST.COM`] No policy specified for user@KRBTEST.COM; defaulting to no policy Authenticating as principal mgorny/admin@KRBTEST.COM with password. Principal "user@KRBTEST.COM" created. DEBUG k5test.realm:realm.py:354 [OUTPUT FROM `/usr/sbin/kadmin.local -q addprinc -pw admintmp0p896syd-krbtest user/admin@KRBTEST.COM`] No policy specified for user/admin@KRBTEST.COM; defaulting to no policy Authenticating as principal mgorny/admin@KRBTEST.COM with password. Principal "user/admin@KRBTEST.COM" created. DEBUG k5test.realm:realm.py:354 [OUTPUT FROM `/usr/sbin/kadmin.local -q addprinc -randkey host/pomiot@KRBTEST.COM`] No policy specified for host/pomiot@KRBTEST.COM; defaulting to no policy Authenticating as principal mgorny/admin@KRBTEST.COM with password. Principal "host/pomiot@KRBTEST.COM" created. DEBUG k5test.realm:realm.py:354 [OUTPUT FROM `/usr/sbin/kadmin.local -q ktadd -k /tmp/tmp0p896syd-krbtest/keytab -norandkey host/pomiot@KRBTEST.COM`] Authenticating as principal mgorny/admin@KRBTEST.COM with password. Entry for principal host/pomiot@KRBTEST.COM with kvno 1, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/tmp/tmp0p896syd-krbtest/keytab. Entry for principal host/pomiot@KRBTEST.COM with kvno 1, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/tmp/tmp0p896syd-krbtest/keytab. DEBUG k5test.realm:realm.py:394 [OUTPUT FROM `/usr/sbin/krb5kdc -n`] krb5kdc: starting... DEBUG k5test.realm:realm.py:354 [OUTPUT FROM `/usr/bin/kinit -V user@KRBTEST.COM`] Using default cache: /tmp/tmp0p896syd-krbtest/ccache Using principal: user@KRBTEST.COM Password for user@KRBTEST.COM: Authenticated to Kerberos v5 DEBUG k5test.realm:realm.py:354 [OUTPUT FROM `/usr/bin/klist /tmp/tmp0p896syd-krbtest/ccache`] Ticket cache: FILE:/tmp/tmp0p896syd-krbtest/ccache Default principal: user@KRBTEST.COM Valid starting Expires Service principal 05/26/23 16:38:10 05/27/23 16:38:10 krbtgt/KRBTEST.COM@KRBTEST.COM -------------------------------------------------------- Captured stderr call --------------------------------------------------------- [6170.283794403076] DEBUG:paramiko.transport:starting thread (server mode): 0x47724290 [6170.611381530762] DEBUG:paramiko.transport:Local version/idstring: SSH-2.0-paramiko_3.2.0 [9968.591213226318] DEBUG:paramiko.transport:starting thread (client mode): 0x492dd490 [9969.01798248291] DEBUG:paramiko.transport:Local version/idstring: SSH-2.0-paramiko_3.2.0 [9969.281196594238] DEBUG:paramiko.transport:Remote version/idstring: SSH-2.0-paramiko_3.2.0 [9969.507217407227] INFO:paramiko.transport:Connected (version 2.0, client paramiko_3.2.0) [9969.990015029907] DEBUG:paramiko.transport:Remote version/idstring: SSH-2.0-paramiko_3.2.0 [9970.257043838501] INFO:paramiko.transport:Connected (version 2.0, client paramiko_3.2.0) [9971.799612045288] DEBUG:paramiko.transport:=== Key exchange possibilities === [9971.988677978516] DEBUG:paramiko.transport:kex algos: curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group16-sha512, diffie-hellman-group-exchange-sha256, diffie-hellman-group14-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1 [9972.150802612305] DEBUG:paramiko.transport:server key: rsa-sha2-512, rsa-sha2-256, ssh-rsa [9972.308158874512] DEBUG:paramiko.transport:client encrypt: aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, aes192-cbc, aes256-cbc, 3des-cbc [9972.4702835083] DEBUG:paramiko.transport:server encrypt: aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, aes192-cbc, aes256-cbc, 3des-cbc [9972.627639770508] DEBUG:paramiko.transport:client mac: hmac-sha2-256, hmac-sha2-512, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1, hmac-md5, hmac-sha1-96, hmac-md5-96 [9972.784042358398] DEBUG:paramiko.transport:server mac: hmac-sha2-256, hmac-sha2-512, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1, hmac-md5, hmac-sha1-96, hmac-md5-96 [9972.941637039185] DEBUG:paramiko.transport:client compress: none [9973.110675811768] DEBUG:paramiko.transport:server compress: none [9973.269701004028] DEBUG:paramiko.transport:client lang: [9973.43111038208] DEBUG:paramiko.transport:server lang: [9973.696231842041] DEBUG:paramiko.transport:=== Key exchange possibilities === [9973.91152381897] DEBUG:paramiko.transport:kex follows: False [9974.104642868042] DEBUG:paramiko.transport:kex algos: curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group16-sha512, diffie-hellman-group-exchange-sha256, diffie-hellman-group14-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1, ext-info-c [9974.27225112915] DEBUG:paramiko.transport:=== Key exchange agreements === [9974.441766738892] DEBUG:paramiko.transport:server key: ssh-rsa, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, rsa-sha2-512, rsa-sha2-256, ssh-dss, ssh-rsa-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, rsa-sha2-512-cert-v01@openssh.com, rsa-sha2-256-cert-v01@openssh.com, ssh-dss-cert-v01@openssh.com [9974.647998809814] DEBUG:paramiko.transport:Kex: curve25519-sha256@libssh.org [9974.819898605347] DEBUG:paramiko.transport:client encrypt: aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, aes192-cbc, aes256-cbc, 3des-cbc [9975.034236907959] DEBUG:paramiko.transport:HostKey: ssh-rsa [9975.198745727539] DEBUG:paramiko.transport:server encrypt: aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, aes192-cbc, aes256-cbc, 3des-cbc [9975.409507751465] DEBUG:paramiko.transport:Cipher: aes128-ctr [9975.592851638794] DEBUG:paramiko.transport:client mac: hmac-sha2-256, hmac-sha2-512, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1, hmac-md5, hmac-sha1-96, hmac-md5-96 [9976.016283035278] DEBUG:paramiko.transport:MAC: hmac-sha2-256 [9976.245164871216] DEBUG:paramiko.transport:server mac: hmac-sha2-256, hmac-sha2-512, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1, hmac-md5, hmac-sha1-96, hmac-md5-96 [9976.502656936646] DEBUG:paramiko.transport:Compression: none [9976.688385009766] DEBUG:paramiko.transport:client compress: none [9976.911783218384] DEBUG:paramiko.transport:=== End of kex handshake === [9977.085590362549] DEBUG:paramiko.transport:server compress: none [9977.694034576416] DEBUG:paramiko.transport:client lang: [9977.854013442993] DEBUG:paramiko.transport:server lang: [9978.013515472412] DEBUG:paramiko.transport:kex follows: False [9978.166341781616] DEBUG:paramiko.transport:=== Key exchange agreements === [9978.359699249268] DEBUG:paramiko.transport:Kex: curve25519-sha256@libssh.org [9978.585481643677] DEBUG:paramiko.transport:HostKey: ssh-rsa [9978.78909111023] DEBUG:paramiko.transport:Cipher: aes128-ctr [9978.991985321045] DEBUG:paramiko.transport:MAC: hmac-sha2-256 [9979.179382324219] DEBUG:paramiko.transport:Compression: none [9979.336023330688] DEBUG:paramiko.transport:=== End of kex handshake === [9981.348514556885] DEBUG:paramiko.transport:kex engine KexCurve25519 specified hash_algo [9982.800483703613] DEBUG:paramiko.transport:kex engine KexCurve25519 specified hash_algo [9983.289957046509] DEBUG:paramiko.transport:Switch to new keys ... [9983.417510986328] DEBUG:paramiko.transport:Switch to new keys ... [9984.549522399902] DEBUG:paramiko.transport:Got EXT_INFO: {'server-sig-algs': b'ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss'} [9986.05990409851] DEBUG:paramiko.transport:userauth is OK [10289.353370666504] DEBUG:paramiko.transport:Auth request (type=gssapi-with-mic) service=ssh-connection, username=user@KRBTEST.COM [14220.781087875366] DEBUG:paramiko.transport:GSSAPI failure: Major (851968): Unspecified GSS failure. Minor code may provide more information, Minor (2529638919): Server host/this_host_does_not_exists_and_causes_a_gssapi-exception.@KRBTEST.COM not found in Kerberos database [14221.133708953857] INFO:paramiko.transport:Authentication (gssapi-with-mic) failed. [14228.814601898193] DEBUG:paramiko.transport:Trying discovered key b'60733844cb5186657fdedaa22b5a57d5' in /tmp/paramiko/tests/_support/rsa.key [14229.18176651001] DEBUG:paramiko.transport:Adding public certificate /tmp/paramiko/tests/_support/rsa.key-cert.pub [14229.919910430908] ERROR:paramiko.transport:Unknown exception: GssapiWithMicAuthHandler._parse_service_request() missing 1 required positional argument: 'm' [14233.067274093628] ERROR:paramiko.transport:Traceback (most recent call last): [14233.312368392944] ERROR:paramiko.transport: File "/tmp/paramiko/paramiko/transport.py", line 2185, in run [14233.544111251831] ERROR:paramiko.transport: handler(m) [14233.848571777344] ERROR:paramiko.transport:TypeError: GssapiWithMicAuthHandler._parse_service_request() missing 1 required positional argument: 'm' [14234.102964401245] ERROR:paramiko.transport: [14234.545230865479] DEBUG:paramiko.transport:EOF in transport thread ---------------------------------------------------------- Captured log call ---------------------------------------------------------- DEBUG paramiko.transport:transport.py:1893 starting thread (server mode): 0x47724290 DEBUG paramiko.transport:transport.py:1893 Local version/idstring: SSH-2.0-paramiko_3.2.0 DEBUG paramiko.transport:transport.py:1893 starting thread (client mode): 0x492dd490 DEBUG paramiko.transport:transport.py:1893 Local version/idstring: SSH-2.0-paramiko_3.2.0 DEBUG paramiko.transport:transport.py:1893 Remote version/idstring: SSH-2.0-paramiko_3.2.0 INFO paramiko.transport:transport.py:1893 Connected (version 2.0, client paramiko_3.2.0) DEBUG paramiko.transport:transport.py:1893 Remote version/idstring: SSH-2.0-paramiko_3.2.0 INFO paramiko.transport:transport.py:1893 Connected (version 2.0, client paramiko_3.2.0) DEBUG paramiko.transport:transport.py:1893 === Key exchange possibilities === DEBUG paramiko.transport:transport.py:1893 kex algos: curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group16-sha512, diffie-hellman-group-exchange-sha256, diffie-hellman-group14-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1 DEBUG paramiko.transport:transport.py:1893 server key: rsa-sha2-512, rsa-sha2-256, ssh-rsa DEBUG paramiko.transport:transport.py:1893 client encrypt: aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, aes192-cbc, aes256-cbc, 3des-cbc DEBUG paramiko.transport:transport.py:1893 server encrypt: aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, aes192-cbc, aes256-cbc, 3des-cbc DEBUG paramiko.transport:transport.py:1893 client mac: hmac-sha2-256, hmac-sha2-512, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1, hmac-md5, hmac-sha1-96, hmac-md5-96 DEBUG paramiko.transport:transport.py:1893 server mac: hmac-sha2-256, hmac-sha2-512, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1, hmac-md5, hmac-sha1-96, hmac-md5-96 DEBUG paramiko.transport:transport.py:1893 client compress: none DEBUG paramiko.transport:transport.py:1893 server compress: none DEBUG paramiko.transport:transport.py:1893 client lang: DEBUG paramiko.transport:transport.py:1893 server lang: DEBUG paramiko.transport:transport.py:1893 === Key exchange possibilities === DEBUG paramiko.transport:transport.py:1893 kex follows: False DEBUG paramiko.transport:transport.py:1893 kex algos: curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group16-sha512, diffie-hellman-group-exchange-sha256, diffie-hellman-group14-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1, ext-info-c DEBUG paramiko.transport:transport.py:1893 === Key exchange agreements === DEBUG paramiko.transport:transport.py:1893 server key: ssh-rsa, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, rsa-sha2-512, rsa-sha2-256, ssh-dss, ssh-rsa-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, rsa-sha2-512-cert-v01@openssh.com, rsa-sha2-256-cert-v01@openssh.com, ssh-dss-cert-v01@openssh.com DEBUG paramiko.transport:transport.py:1893 Kex: curve25519-sha256@libssh.org DEBUG paramiko.transport:transport.py:1893 client encrypt: aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, aes192-cbc, aes256-cbc, 3des-cbc DEBUG paramiko.transport:transport.py:1893 HostKey: ssh-rsa DEBUG paramiko.transport:transport.py:1893 server encrypt: aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, aes192-cbc, aes256-cbc, 3des-cbc DEBUG paramiko.transport:transport.py:1893 Cipher: aes128-ctr DEBUG paramiko.transport:transport.py:1893 client mac: hmac-sha2-256, hmac-sha2-512, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1, hmac-md5, hmac-sha1-96, hmac-md5-96 DEBUG paramiko.transport:transport.py:1893 MAC: hmac-sha2-256 DEBUG paramiko.transport:transport.py:1893 server mac: hmac-sha2-256, hmac-sha2-512, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1, hmac-md5, hmac-sha1-96, hmac-md5-96 DEBUG paramiko.transport:transport.py:1893 Compression: none DEBUG paramiko.transport:transport.py:1893 client compress: none DEBUG paramiko.transport:transport.py:1893 === End of kex handshake === DEBUG paramiko.transport:transport.py:1893 server compress: none DEBUG paramiko.transport:transport.py:1893 client lang: DEBUG paramiko.transport:transport.py:1893 server lang: DEBUG paramiko.transport:transport.py:1893 kex follows: False DEBUG paramiko.transport:transport.py:1893 === Key exchange agreements === DEBUG paramiko.transport:transport.py:1893 Kex: curve25519-sha256@libssh.org DEBUG paramiko.transport:transport.py:1893 HostKey: ssh-rsa DEBUG paramiko.transport:transport.py:1893 Cipher: aes128-ctr DEBUG paramiko.transport:transport.py:1893 MAC: hmac-sha2-256 DEBUG paramiko.transport:transport.py:1893 Compression: none DEBUG paramiko.transport:transport.py:1893 === End of kex handshake === DEBUG paramiko.transport:transport.py:1893 kex engine KexCurve25519 specified hash_algo DEBUG paramiko.transport:transport.py:1893 kex engine KexCurve25519 specified hash_algo DEBUG paramiko.transport:transport.py:1893 Switch to new keys ... DEBUG paramiko.transport:transport.py:1893 Switch to new keys ... DEBUG paramiko.transport:transport.py:1893 Got EXT_INFO: {'server-sig-algs': b'ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss'} DEBUG paramiko.transport:transport.py:1893 userauth is OK DEBUG paramiko.transport:transport.py:1893 Auth request (type=gssapi-with-mic) service=ssh-connection, username=user@KRBTEST.COM DEBUG paramiko.transport:transport.py:1893 GSSAPI failure: Major (851968): Unspecified GSS failure. Minor code may provide more information, Minor (2529638919): Server host/this_host_does_not_exists_and_causes_a_gssapi-exception.@KRBTEST.COM not found in Kerberos database INFO paramiko.transport:transport.py:1893 Authentication (gssapi-with-mic) failed. DEBUG paramiko.transport:transport.py:1893 Trying discovered key b'60733844cb5186657fdedaa22b5a57d5' in /tmp/paramiko/tests/_support/rsa.key DEBUG paramiko.transport:transport.py:1893 Adding public certificate /tmp/paramiko/tests/_support/rsa.key-cert.pub ERROR paramiko.transport:transport.py:1893 Unknown exception: GssapiWithMicAuthHandler._parse_service_request() missing 1 required positional argument: 'm' ERROR paramiko.transport:transport.py:1891 Traceback (most recent call last): ERROR paramiko.transport:transport.py:1891 File "/tmp/paramiko/paramiko/transport.py", line 2185, in run ERROR paramiko.transport:transport.py:1891 handler(m) ERROR paramiko.transport:transport.py:1891 TypeError: GssapiWithMicAuthHandler._parse_service_request() missing 1 required positional argument: 'm' ERROR paramiko.transport:transport.py:1891 DEBUG paramiko.transport:transport.py:1893 EOF in transport thread ______________________________________________________ GSSAuthTest.test_gss_auth ______________________________________________________ self = def test_gss_auth(self): """ Verify that Paramiko can handle SSHv2 GSS-API / SSPI authentication (gssapi-with-mic) in client and server mode. """ > self._test_connection(allow_agent=False, look_for_keys=False) tests/test_ssh_gss.py:147: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ tests/test_ssh_gss.py:111: in _test_connection self.tc.connect( paramiko/client.py:485: in connect self._auth( paramiko/client.py:818: in _auth raise saved_exception paramiko/client.py:701: in _auth return self._transport.auth_gssapi_with_mic( paramiko/transport.py:1760: in auth_gssapi_with_mic return self.auth_handler.wait_for_response(my_event) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = , event = def wait_for_response(self, event): max_ts = None if self.transport.auth_timeout is not None: max_ts = time.time() + self.transport.auth_timeout while True: event.wait(0.1) if not self.transport.is_active(): e = self.transport.get_exception() if (e is None) or issubclass(e.__class__, EOFError): e = AuthenticationException( "Authentication failed: transport shut down or saw EOF" ) > raise e E paramiko.ssh_exception.AuthenticationException: Authentication failed: transport shut down or saw EOF paramiko/auth_handler.py:248: AuthenticationException -------------------------------------------------------- Captured stderr call --------------------------------------------------------- [14577.900648117065] DEBUG:paramiko.transport:starting thread (server mode): 0x474c4450 [14578.282833099365] DEBUG:paramiko.transport:Local version/idstring: SSH-2.0-paramiko_3.2.0 [14590.291976928711] DEBUG:paramiko.transport:starting thread (client mode): 0x474c72d0 [14590.578317642212] DEBUG:paramiko.transport:Local version/idstring: SSH-2.0-paramiko_3.2.0 [14590.788125991821] DEBUG:paramiko.transport:Remote version/idstring: SSH-2.0-paramiko_3.2.0 [14590.963125228882] INFO:paramiko.transport:Connected (version 2.0, client paramiko_3.2.0) [14591.282367706299] DEBUG:paramiko.transport:Remote version/idstring: SSH-2.0-paramiko_3.2.0 [14591.465711593628] INFO:paramiko.transport:Connected (version 2.0, client paramiko_3.2.0) [14592.632055282593] DEBUG:paramiko.transport:=== Key exchange possibilities === [14592.823028564453] DEBUG:paramiko.transport:kex algos: curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group16-sha512, diffie-hellman-group-exchange-sha256, diffie-hellman-group14-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1, ext-info-c [14592.996597290039] DEBUG:paramiko.transport:server key: ssh-rsa, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, rsa-sha2-512, rsa-sha2-256, ssh-dss, ssh-rsa-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, rsa-sha2-512-cert-v01@openssh.com, rsa-sha2-256-cert-v01@openssh.com, ssh-dss-cert-v01@openssh.com [14593.190670013428] DEBUG:paramiko.transport:client encrypt: aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, aes192-cbc, aes256-cbc, 3des-cbc [14593.368291854858] DEBUG:paramiko.transport:server encrypt: aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, aes192-cbc, aes256-cbc, 3des-cbc [14593.546867370605] DEBUG:paramiko.transport:client mac: hmac-sha2-256, hmac-sha2-512, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1, hmac-md5, hmac-sha1-96, hmac-md5-96 [14593.71304512024] DEBUG:paramiko.transport:server mac: hmac-sha2-256, hmac-sha2-512, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1, hmac-md5, hmac-sha1-96, hmac-md5-96 [14593.879699707031] DEBUG:paramiko.transport:client compress: none [14594.048261642456] DEBUG:paramiko.transport:server compress: none [14594.217538833618] DEBUG:paramiko.transport:client lang: [14594.383716583252] DEBUG:paramiko.transport:server lang: [14594.552516937256] DEBUG:paramiko.transport:kex follows: False [14594.713687896729] DEBUG:paramiko.transport:=== Key exchange agreements === [14594.915866851807] DEBUG:paramiko.transport:Kex: curve25519-sha256@libssh.org [14595.147609710693] DEBUG:paramiko.transport:HostKey: ssh-rsa [14595.359563827515] DEBUG:paramiko.transport:Cipher: aes128-ctr [14595.570087432861] DEBUG:paramiko.transport:MAC: hmac-sha2-256 [14595.764636993408] DEBUG:paramiko.transport:Compression: none [14595.938920974731] DEBUG:paramiko.transport:=== End of kex handshake === [14596.428394317627] DEBUG:paramiko.transport:=== Key exchange possibilities === [14596.605777740479] DEBUG:paramiko.transport:kex algos: curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group16-sha512, diffie-hellman-group-exchange-sha256, diffie-hellman-group14-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1 [14596.77505493164] DEBUG:paramiko.transport:server key: rsa-sha2-512, rsa-sha2-256, ssh-rsa [14596.932172775269] DEBUG:paramiko.transport:client encrypt: aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, aes192-cbc, aes256-cbc, 3des-cbc [14597.086668014526] DEBUG:paramiko.transport:server encrypt: aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, aes192-cbc, aes256-cbc, 3des-cbc [14597.240447998047] DEBUG:paramiko.transport:client mac: hmac-sha2-256, hmac-sha2-512, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1, hmac-md5, hmac-sha1-96, hmac-md5-96 [14597.40161895752] DEBUG:paramiko.transport:server mac: hmac-sha2-256, hmac-sha2-512, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1, hmac-md5, hmac-sha1-96, hmac-md5-96 [14597.556352615356] DEBUG:paramiko.transport:client compress: none [14597.710371017456] DEBUG:paramiko.transport:server compress: none [14597.865343093872] DEBUG:paramiko.transport:client lang: [14598.020076751709] DEBUG:paramiko.transport:server lang: [14598.174810409546] DEBUG:paramiko.transport:kex follows: False [14598.32501411438] DEBUG:paramiko.transport:=== Key exchange agreements === [14598.512649536133] DEBUG:paramiko.transport:Kex: curve25519-sha256@libssh.org [14598.740100860596] DEBUG:paramiko.transport:HostKey: ssh-rsa [14598.945617675781] DEBUG:paramiko.transport:Cipher: aes128-ctr [14599.143266677856] DEBUG:paramiko.transport:MAC: hmac-sha2-256 [14599.324464797974] DEBUG:paramiko.transport:Compression: none [14599.47657585144] DEBUG:paramiko.transport:=== End of kex handshake === [14634.856224060059] DEBUG:paramiko.transport:kex engine KexCurve25519 specified hash_algo [14636.316776275635] DEBUG:paramiko.transport:kex engine KexCurve25519 specified hash_algo [14636.842012405396] DEBUG:paramiko.transport:Switch to new keys ... [14637.453317642212] DEBUG:paramiko.transport:Switch to new keys ... [14638.441801071167] DEBUG:paramiko.transport:Got EXT_INFO: {'server-sig-algs': b'ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss'} [14639.140605926514] DEBUG:paramiko.transport:userauth is OK [14639.705419540405] DEBUG:paramiko.transport:Auth request (type=gssapi-with-mic) service=ssh-connection, username=user@KRBTEST.COM [14665.839195251465] ERROR:paramiko.transport:Unknown exception: GssapiWithMicAuthHandler._parse_userauth_gssapi_token() missing 1 required positional argument: 'm' [14666.93139076233] ERROR:paramiko.transport:Traceback (most recent call last): [14667.096138000488] ERROR:paramiko.transport: File "/tmp/paramiko/paramiko/transport.py", line 2185, in run [14667.242050170898] ERROR:paramiko.transport: handler(m) [14667.385339736938] ERROR:paramiko.transport:TypeError: GssapiWithMicAuthHandler._parse_userauth_gssapi_token() missing 1 required positional argument: 'm' [14667.529344558716] ERROR:paramiko.transport: [14667.84143447876] DEBUG:paramiko.transport:EOF in transport thread ---------------------------------------------------------- Captured log call ---------------------------------------------------------- DEBUG paramiko.transport:transport.py:1893 starting thread (server mode): 0x474c4450 DEBUG paramiko.transport:transport.py:1893 Local version/idstring: SSH-2.0-paramiko_3.2.0 DEBUG paramiko.transport:transport.py:1893 starting thread (client mode): 0x474c72d0 DEBUG paramiko.transport:transport.py:1893 Local version/idstring: SSH-2.0-paramiko_3.2.0 DEBUG paramiko.transport:transport.py:1893 Remote version/idstring: SSH-2.0-paramiko_3.2.0 INFO paramiko.transport:transport.py:1893 Connected (version 2.0, client paramiko_3.2.0) DEBUG paramiko.transport:transport.py:1893 Remote version/idstring: SSH-2.0-paramiko_3.2.0 INFO paramiko.transport:transport.py:1893 Connected (version 2.0, client paramiko_3.2.0) DEBUG paramiko.transport:transport.py:1893 === Key exchange possibilities === DEBUG paramiko.transport:transport.py:1893 kex algos: curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group16-sha512, diffie-hellman-group-exchange-sha256, diffie-hellman-group14-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1, ext-info-c DEBUG paramiko.transport:transport.py:1893 server key: ssh-rsa, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, rsa-sha2-512, rsa-sha2-256, ssh-dss, ssh-rsa-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, rsa-sha2-512-cert-v01@openssh.com, rsa-sha2-256-cert-v01@openssh.com, ssh-dss-cert-v01@openssh.com DEBUG paramiko.transport:transport.py:1893 client encrypt: aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, aes192-cbc, aes256-cbc, 3des-cbc DEBUG paramiko.transport:transport.py:1893 server encrypt: aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, aes192-cbc, aes256-cbc, 3des-cbc DEBUG paramiko.transport:transport.py:1893 client mac: hmac-sha2-256, hmac-sha2-512, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1, hmac-md5, hmac-sha1-96, hmac-md5-96 DEBUG paramiko.transport:transport.py:1893 server mac: hmac-sha2-256, hmac-sha2-512, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1, hmac-md5, hmac-sha1-96, hmac-md5-96 DEBUG paramiko.transport:transport.py:1893 client compress: none DEBUG paramiko.transport:transport.py:1893 server compress: none DEBUG paramiko.transport:transport.py:1893 client lang: DEBUG paramiko.transport:transport.py:1893 server lang: DEBUG paramiko.transport:transport.py:1893 kex follows: False DEBUG paramiko.transport:transport.py:1893 === Key exchange agreements === DEBUG paramiko.transport:transport.py:1893 Kex: curve25519-sha256@libssh.org DEBUG paramiko.transport:transport.py:1893 HostKey: ssh-rsa DEBUG paramiko.transport:transport.py:1893 Cipher: aes128-ctr DEBUG paramiko.transport:transport.py:1893 MAC: hmac-sha2-256 DEBUG paramiko.transport:transport.py:1893 Compression: none DEBUG paramiko.transport:transport.py:1893 === End of kex handshake === DEBUG paramiko.transport:transport.py:1893 === Key exchange possibilities === DEBUG paramiko.transport:transport.py:1893 kex algos: curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group16-sha512, diffie-hellman-group-exchange-sha256, diffie-hellman-group14-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1 DEBUG paramiko.transport:transport.py:1893 server key: rsa-sha2-512, rsa-sha2-256, ssh-rsa DEBUG paramiko.transport:transport.py:1893 client encrypt: aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, aes192-cbc, aes256-cbc, 3des-cbc DEBUG paramiko.transport:transport.py:1893 server encrypt: aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, aes192-cbc, aes256-cbc, 3des-cbc DEBUG paramiko.transport:transport.py:1893 client mac: hmac-sha2-256, hmac-sha2-512, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1, hmac-md5, hmac-sha1-96, hmac-md5-96 DEBUG paramiko.transport:transport.py:1893 server mac: hmac-sha2-256, hmac-sha2-512, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1, hmac-md5, hmac-sha1-96, hmac-md5-96 DEBUG paramiko.transport:transport.py:1893 client compress: none DEBUG paramiko.transport:transport.py:1893 server compress: none DEBUG paramiko.transport:transport.py:1893 client lang: DEBUG paramiko.transport:transport.py:1893 server lang: DEBUG paramiko.transport:transport.py:1893 kex follows: False DEBUG paramiko.transport:transport.py:1893 === Key exchange agreements === DEBUG paramiko.transport:transport.py:1893 Kex: curve25519-sha256@libssh.org DEBUG paramiko.transport:transport.py:1893 HostKey: ssh-rsa DEBUG paramiko.transport:transport.py:1893 Cipher: aes128-ctr DEBUG paramiko.transport:transport.py:1893 MAC: hmac-sha2-256 DEBUG paramiko.transport:transport.py:1893 Compression: none DEBUG paramiko.transport:transport.py:1893 === End of kex handshake === DEBUG paramiko.transport:transport.py:1893 kex engine KexCurve25519 specified hash_algo DEBUG paramiko.transport:transport.py:1893 kex engine KexCurve25519 specified hash_algo DEBUG paramiko.transport:transport.py:1893 Switch to new keys ... DEBUG paramiko.transport:transport.py:1893 Switch to new keys ... DEBUG paramiko.transport:transport.py:1893 Got EXT_INFO: {'server-sig-algs': b'ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss'} DEBUG paramiko.transport:transport.py:1893 userauth is OK DEBUG paramiko.transport:transport.py:1893 Auth request (type=gssapi-with-mic) service=ssh-connection, username=user@KRBTEST.COM ERROR paramiko.transport:transport.py:1893 Unknown exception: GssapiWithMicAuthHandler._parse_userauth_gssapi_token() missing 1 required positional argument: 'm' ERROR paramiko.transport:transport.py:1891 Traceback (most recent call last): ERROR paramiko.transport:transport.py:1891 File "/tmp/paramiko/paramiko/transport.py", line 2185, in run ERROR paramiko.transport:transport.py:1891 handler(m) ERROR paramiko.transport:transport.py:1891 TypeError: GssapiWithMicAuthHandler._parse_userauth_gssapi_token() missing 1 required positional argument: 'm' ERROR paramiko.transport:transport.py:1891 DEBUG paramiko.transport:transport.py:1893 EOF in transport thread ========================================================== warnings summary =========================================================== .venv311/lib/python3.11/site-packages/k5test/_utils.py:99 /tmp/paramiko/.venv311/lib/python3.11/site-packages/k5test/_utils.py:99: DeprecationWarning: invalid escape sequence '\(' "find %s/ -type d \( ! -executable -o ! -readable \) " -- Docs: https://docs.pytest.org/en/stable/how-to/capture-warnings.html ======================================================= short test summary info ======================================================= FAILED tests/test_ssh_gss.py::GSSAuthTest::test_auth_trickledown - paramiko.ssh_exception.SSHException: encountered RSA key, expected OPENSSH key FAILED tests/test_ssh_gss.py::GSSAuthTest::test_gss_auth - paramiko.ssh_exception.AuthenticationException: Authentication failed: transport shut down or saw EOF ==================================================== 2 failed, 1 warning in 10.17s ==================================================== ```

FWICS these two are broken since 7700c7e033652ed98c0c385b0da936f12b35aabf.

bitprophet commented 1 year ago

A lot of the tests are still incredibly old even by vanilla unittest standards; I've been updating things as I go to be pytest style asserts (not a fan of junit-style asserts and we are using pytest to run tests nowadays) so that's my recommendation here too.

Not entirely sure what's up with those other two errors though. I'd entertain a patch if you figure it out though. Thanks for poking the GSSAPI stuff! (I'd also be curious how you're getting gssapi running locally enough to execute the tests; I'm in a bad middle area where I cannot prove GSSAPI works, but also don't really want to just rip its support back out again...something we can run in our CI stack might be ideal)

mgorny commented 1 year ago

To be honest, I'm not doing anything special — I just happen to have gssapi, k5test and pyasn1 installed.

bitprophet commented 1 year ago

Notes to self: I tried getting gssapi on my dev env (NixOS 22.05) but even with krb5.dev installed (ie krb5-config exists, works) I can't seem to install gssapi 1.8.x or 1.7.x. Similar-ish symptoms to this issue which implies krb5-config is still emitting incorrect parameters or something (wouldn't surprise me on NixOS which is a bit special).

Also! I had totally forgotten we do have gssapi support in our CI. It's just commented out because it's broken 😢 Sadly, I just re-checked and it is still (slightly) broken. But it's there, and if fixed (and, if not part of that breakage, also fixed re: mgorny's findings) I'd be fine merging a PR to uncomment it in CI again.

mweinelt commented 1 year ago

Unfortunately, as was recognized in this issue, krb5-config is too limited to take the multiple outputs nixpkgs provides, into account. I therefore went and submitted a PR to gssapi to take pkg-config information into account, if any exists.

PTAL https://github.com/pythongssapi/python-gssapi/pull/320.