Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

p must be exactly 1024, 2048, or 3072 bits long

See original GitHub issue

Hello, i’ve got a problem with a nemiko script :

#!/usr/bin/env python
from netmiko import ConnectHandler

import logging
logging.raiseExceptions=False
logging.basicConfig(filename='2.log', level=logging.DEBUG)
logger = logging.getLogger("netmiko")

key_file = "/home/pascal/.ssh/id_dsa"
alcatel = {
    "device_type": "alcatel_aos",
    "host": "192.168.1.2",
    "username": "admin",
    "use_keys": True,
    "key_file": key_file,
    "ssh_config_file": "./ssh_config",
    "verbose":False,
    "fast_cli": True,
}
net_connect = ConnectHandler(**alcatel)
output = net_connect.send_command("show spantree ports blocking")
print(output)

I run the test on 2 identicals switchs with exactly same dsa pub key. On the first everything works fine no error in log file and the result is OK. On the second i’ve got this error : ValueError: p must be exactly 1024, 2048, or 3072 bits long

Here is the log file :

DEBUG:paramiko.transport:starting thread (client mode): 0xdf0a210L
DEBUG:paramiko.transport:Local version/idstring: SSH-2.0-paramiko_2.4.2
DEBUG:paramiko.transport:Remote version/idstring: SSH-2.0-OpenSSH_5.0
INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_5.0)
DEBUG:paramiko.transport:kex algos:[u'diffie-hellman-group-exchange-sha256', u'diffie-hellman-group-exchange-sha1', u'diffie-hellman-group14-sha1', u'diffie-hellman-group1-sha1'] server key:[u'ssh-dss'] client encrypt:[u'aes128-cbc', u'3des-cbc', u'blowfish-cbc', u'cast128-cbc', u'arcfour128', u'arcfour256', u'arcfour', u'aes192-cbc', u'aes256-cbc', u'rijndael-cbc@lysator.liu.se', u'aes128-ctr', u'aes192-ctr', u'aes256-ctr'] server encrypt:[u'aes128-cbc', u'3des-cbc', u'blowfish-cbc', u'cast128-cbc', u'arcfour128', u'arcfour256', u'arcfour', u'aes192-cbc', u'aes256-cbc', u'rijndael-cbc@lysator.liu.se', u'aes128-ctr', u'aes192-ctr', u'aes256-ctr'] client mac:[u'hmac-md5', u'hmac-sha1', u'umac-64@openssh.com', u'hmac-ripemd160', u'hmac-ripemd160@openssh.com', u'hmac-sha1-96', u'hmac-md5-96'] server mac:[u'hmac-md5', u'hmac-sha1', u'umac-64@openssh.com', u'hmac-ripemd160', u'hmac-ripemd160@openssh.com', u'hmac-sha1-96', u'hmac-md5-96'] client compress:[u'none'] server compress:[u'none'] client lang:[u''] server lang:[u''] kex follows?False
DEBUG:paramiko.transport:Kex agreed: diffie-hellman-group-exchange-sha256
DEBUG:paramiko.transport:HostKey agreed: ssh-dss
DEBUG:paramiko.transport:Cipher agreed: aes128-ctr
DEBUG:paramiko.transport:MAC agreed: hmac-sha1
DEBUG:paramiko.transport:Compression agreed: none
DEBUG:paramiko.transport:Got server p (2048 bits)
ERROR:paramiko.transport:Unknown exception: p must be exactly 1024, 2048, or 3072 bits long
ERROR:paramiko.transport:Traceback (most recent call last):
ERROR:paramiko.transport:  File "/usr/local/lib/python2.7/dist-packages/paramiko/transport.py", line 2002, in run
ERROR:paramiko.transport:    self.kex_engine.parse_next(ptype, m)
ERROR:paramiko.transport:  File "/usr/local/lib/python2.7/dist-packages/paramiko/kex_gex.py", line 101, in parse_next
ERROR:paramiko.transport:    return self._parse_kexdh_gex_reply(m)
ERROR:paramiko.transport:  File "/usr/local/lib/python2.7/dist-packages/paramiko/kex_gex.py", line 281, in _parse_kexdh_gex_reply
ERROR:paramiko.transport:    self.transport._verify_key(host_key, sig)
ERROR:paramiko.transport:  File "/usr/local/lib/python2.7/dist-packages/paramiko/transport.py", line 1813, in _verify_key
ERROR:paramiko.transport:    if not key.verify_ssh_sig(self.H, Message(sig)):
ERROR:paramiko.transport:  File "/usr/local/lib/python2.7/dist-packages/paramiko/dsskey.py", line 153, in verify_ssh_sig
ERROR:paramiko.transport:    ).public_key(backend=default_backend())
ERROR:paramiko.transport:  File "/usr/lib/python2.7/dist-packages/cryptography/hazmat/primitives/asymmetric/dsa.py", line 206, in public_key
ERROR:paramiko.transport:    return backend.load_dsa_public_numbers(self)
ERROR:paramiko.transport:  File "/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.py", line 665, in load_dsa_public_numbers
ERROR:paramiko.transport:    dsa._check_dsa_parameters(numbers.parameter_numbers)
ERROR:paramiko.transport:  File "/usr/lib/python2.7/dist-packages/cryptography/hazmat/primitives/asymmetric/dsa.py", line 132, in _check_dsa_parameters
ERROR:paramiko.transport:    raise ValueError("p must be exactly 1024, 2048, or 3072 bits long")
ERROR:paramiko.transport:ValueError: p must be exactly 1024, 2048, or 3072 bits long
ERROR:paramiko.transport:

Does someone could explain me what is the problem ?

Version of netmiko :

python 
Python 2.7.16 (default, Apr  6 2019, 01:42:57) 
[GCC 8.3.0] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import netmiko
>>> netmiko.__version__
u'2.3.3'
>>>

Many thanks for your help

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:15 (7 by maintainers)

github_iconTop GitHub Comments

1reaction
plegrand1commented, Nov 13, 2019

It’s my post !! 😉

0reactions
ktbyerscommented, Oct 20, 2022

There are references to fixing this issue without changing the key here:

https://github.com/paramiko/paramiko/issues/750

In the comments by Natrinicle

Read more comments on GitHub >

github_iconTop Results From Across the Web

ValueError: p must be exactly 1024, 2048, or 3072 bits long
I am trying to connect SFTP using Python script. I'm unable to connect due to "p error" ...
Read more >
anyone know how to get configuration to show in python on ...
I get error about "Unknown exception: p must be exactly 1024, 2048, 3072, or 4096 bits long" =====netmiko=====
Read more >
Ansible ssh-dss workaround for AOS6 - Paulierco's Blog!
... discovered_interpreter_python: /usr/bin/python3 module_stderr: |- Unknown exception: p must be exactly 1024, 2048, or 3072 bits long ...
Read more >
Unable to start migration in Plesk: Failed to connect to the ...
Failed to check SSH connection to the source server 'source' (203.0.113.2): p must be exactly 1024, 2048, or 3072 bits long.
Read more >
Source code for cryptography.hazmat.primitives.asymmetric.dsa
... def key_size(self): """ The bit length of the prime modulus. """ ... 2048, 3072]: raise ValueError("p must be exactly 1024, 2048, or...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Netmiko should strip whitespace from host and IP fields

Next page

Unable to SCP using Windows