[Twisted-Python] Conch examples give me host key related errors

Discussion:

Oon-Ee Ng

2016-10-10 02:05:32 UTC

My google-fu is failing me (or I'm the only one with a misconfigured
ssh system), but none of the examples on
http://twistedmatrix.com/documents/current/conch/examples/index.html
run for me.

The ConchError I'm mostly getting says ('no host keys, failing',
None), while the simplesshserver.py example fails with a KeyError
'sshKeyDir'

Not sure where twisted-conch expects host keys to be, but my openssh
host keys are fine (I have a running sshd which sources them from
/etc/ssh as per usual). That being said, there's no way twisted-conch
as a python user-process would have access to them (nor should it).

I'm actually just wanting to use twisted-conch-manhole, but running
into this problem first. Is there something I need to configure in my
system?

Amber "Hawkie" Brown

2016-10-10 02:11:11 UTC

Permalink

Hi,

This is most likely because of a security change I made a few versions ago, where conch will no longer use a set of default, hard-coded SSH keys.

You may want to do something like https://github.com/twisted/twisted/blob/trunk/src/twisted/conch/manhole_tap.py#L149 <https://github.com/twisted/twisted/blob/trunk/src/twisted/conch/manhole_tap.py#L149> , and add a key yourself -- we should update these examples to add this, so that they run out of the box again.

- Amber

Post by Oon-Ee Ng
My google-fu is failing me (or I'm the only one with a misconfigured
ssh system), but none of the examples on
http://twistedmatrix.com/documents/current/conch/examples/index.html
run for me.
The ConchError I'm mostly getting says ('no host keys, failing',
None), while the simplesshserver.py example fails with a KeyError
'sshKeyDir'
Not sure where twisted-conch expects host keys to be, but my openssh
host keys are fine (I have a running sshd which sources them from
/etc/ssh as per usual). That being said, there's no way twisted-conch
as a python user-process would have access to them (nor should it).
I'm actually just wanting to use twisted-conch-manhole, but running
into this problem first. Is there something I need to configure in my
system?
_______________________________________________
Twisted-Python mailing list
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

Oon-Ee Ng

2016-10-10 02:55:56 UTC

Permalink

A reply from Amber herself! Thanks for the pointer, I dug into the
code a bit and figured these lines would do it (assuming publicKey and
privateKey are already defined as strings)

f = whatever_is_generating_a_factory(**kwargs)
f.publicKeys[b'ssh-rsa'] = keys.Key.fromString(data=publicKey)
f.privateKeys[b'ssh-rsa'] = keys.Key.fromString(data=privateKey)
reactor.listenTCP(port, f)

It seems keys is deprecated from 15.5.5 though, what's the modern alternative?

On Mon, Oct 10, 2016 at 10:11 AM, Amber "Hawkie" Brown

Post by Amber "Hawkie" Brown
Hi,
This is most likely because of a security change I made a few versions ago,
where conch will no longer use a set of default, hard-coded SSH keys.
You may want to do something like
https://github.com/twisted/twisted/blob/trunk/src/twisted/conch/manhole_tap.py#L149
, and add a key yourself -- we should update these examples to add this, so
that they run out of the box again.
- Amber
My google-fu is failing me (or I'm the only one with a misconfigured
ssh system), but none of the examples on
http://twistedmatrix.com/documents/current/conch/examples/index.html
run for me.
The ConchError I'm mostly getting says ('no host keys, failing',
None), while the simplesshserver.py example fails with a KeyError
'sshKeyDir'
Not sure where twisted-conch expects host keys to be, but my openssh
host keys are fine (I have a running sshd which sources them from
/etc/ssh as per usual). That being said, there's no way twisted-conch
as a python user-process would have access to them (nor should it).
I'm actually just wanting to use twisted-conch-manhole, but running
into this problem first. Is there something I need to configure in my
system?
_______________________________________________
Twisted-Python mailing list
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
_______________________________________________
Twisted-Python mailing list
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

Oon-Ee Ng

2016-10-10 03:11:28 UTC

Permalink

Oh and it seems tab completion was being worked on but that's been
left waiting for a while now -
https://twistedmatrix.com/trac/ticket/6863

Still fantastically useful without though, so no complaints there.

Post by Oon-Ee Ng
A reply from Amber herself! Thanks for the pointer, I dug into the
code a bit and figured these lines would do it (assuming publicKey and
privateKey are already defined as strings)
f = whatever_is_generating_a_factory(**kwargs)
f.publicKeys[b'ssh-rsa'] = keys.Key.fromString(data=publicKey)
f.privateKeys[b'ssh-rsa'] = keys.Key.fromString(data=privateKey)
reactor.listenTCP(port, f)
It seems keys is deprecated from 15.5.5 though, what's the modern alternative?
On Mon, Oct 10, 2016 at 10:11 AM, Amber "Hawkie" Brown