Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
paramiko error: "q must be exactly 160, 224, or 256 bits long" / too little SSH configurability
See original GitHub issueDescribe the bug
Running pyinfra inventories/somestuff.py fact server.Os yields
Unknown exception: q must be exactly 160, 224, or 256 bits long
This has been reported in several other projects using paramiko. It has to do with ~/.ssh/config settings for the Host in question. I have the feeling that some of those settings are taken into account by pyinfra/paramiko, while others are ignored/overwritten. Also, pyinfra doesn’t expose paramikos settings like allow_agents or look_for_keys directly, which makes it very confusing and hard to debug and control what actually happens under the hood.
edit: esp. the last comment here might help to illuminate the issue: https://github.com/fabric/fabric/issues/2140
To Reproduce
I defined a ssh_user in group_data/all.py, but not ssh_key. I started a new shell through a fresh ssh-agent, to which I only add the SSH key that has been installed on the remote system for the defined user. Until now that worked in that pyinfra used the provided username, and the first (and only) SSH key in the agent. Today that changed for reasons I could now figure out. I have found matching error descriptions in various other projects using paramiko. In ~/.ssh/config I had a matching Host configuration for my regular user with IdentityFile, IdentitiesOnly, and User set (in addition to Hostname). Removing the IdentityFile prevents the Unknown exception error above, but of course disturbs my regular ssh use.
Expected behavior
pyinfra should give more control how paramiko is configured instead of make assumptions under the hood whether to e.g. use an ssh-agent.
Meta
- Include output of
pyinfra --support.
pyinfra --support
--> Support information:
If you are having issues with pyinfra or wish to make feature requests, please
check out the GitHub issues at https://github.com/Fizzadar/pyinfra/issues .
When adding an issue, be sure to include the following:
System: FreeBSD
Platform: FreeBSD-13.0-RELEASE-p4-amd64-64bit-ELF
Release: 13.0-RELEASE-p4
Machine: amd64
pyinfra: v1.4.18
Executable: /home/yggdrasil/.local/bin/pyinfra
Python: 3.8.12 (CPython, Clang 11.0.1 (git@github.com:llvm/llvm-project.git llvmorg-11.0.1-0-g43ff75f2c)
- How was pyinfra installed (source/pip)? pipx
Issue Analytics
- State:
- Created 2 years ago
- Comments:5 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Unfortunately I’m not entirely sure if it stopped working directly after my last update of pyinfra, or whether that was more of a coincidence, and the error was triggered by some other change in my environment (although I wouldn’t now what that change would be). As for the version used, I can only venture a bit of a guess based on what version was current when I attempted to add a serial connector to pyinfra: v.1.4.4. I might’ve update to an intermediate version before going to 1.4.18, but can’t say for sure.
Yes, that make_paramiko_kwargs function was what I meant with the “that some of those settings are taken into account”: it’s algorithmically decided what to do, and I cannot override that behaviour.
Have now released the configuration options in
v1.6.2so will close this issue for now, if the keys are still broken please comment here or add a new issue and we can investigate!