发表新帖
发表新帖

Paramiko: “not a valid RSA private key file”

前端 未结
关注
3 1749
情歌与酒
情歌与酒 2020-12-16 18:43

I am trying connect to server using following spinet

ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())

ip = [\'x.x.x.x\']
相关标签:
3条回答
  • 挽巷
    2020-12-16 19:12

    I faced a similar situation and ssh-keygen comes to my help. You should make a copy of id_rsa and convert it to RSA type with ssh-keygen.

    To Convert "BEGIN OPENSSH PRIVATE KEY" to "BEGIN RSA PRIVATE KEY"

    ssh-keygen -p -m PEM -f ~/.ssh/id_rsa
    0 讨论(0)
  • 夕颜
    2020-12-16 19:20

    Recent versions of OpenSSH (7.8 and newer) generate keys in new OpenSSH format by default, which start with:

    -----BEGIN OPENSSH PRIVATE KEY-----

    That format is fully supported by the Paramiko only since version 2.7.1 (2019-12-09).

    If you are stuck with an older version of Paramiko, you can use ssh-keygen to convert the key to the classic OpenSSH format:

    ssh-keygen -p -f file -m pem -P passphrase -N passphrase

    (if the key is not encrypted with a passphrase, use "" instead of passphrase)

    For Windows users: Note that ssh-keygen.exe is now built-in in Windows 10. And can be downloaded from Microsoft Win32-OpenSSH project for older versions of Windows.

    On Windows, you can also use PuTTYgen (from PuTTY package):

    • Start PuTTYgen
    • Load the key
    • Go to Conversions > Export OpenSSH key.
      For RSA keys, it will use the classic format.

    If you are creating a new key with ssh-keygen, just add -m PEM to generate the new key in the classic format:

    ssh-keygen -m PEM
    0 讨论(0)
  • 误落风尘
    2020-12-16 19:22

    The paramiko.RSAKey.from_private_key_file method requires the private key file to be in "PEM" format. Examine the file you're trying to read and see if it begins with a line that says:

    -----BEGIN RSA PRIVATE KEY-----

    If it doesn't have that line then it's not PEM.

    If it's not PEM then you'll have to find some way to create a PEM version of the private key. (EDIT: the original poster used PuTTY's puttygen utility to export the private key into a PEM-format file.)

    Make sure that the new file has the same ownership and limited access permissions that the original id_rsa file has, so that nobody can steal the key by reading the file. Then, obviously, modify your paramiko call to read the key from the new PEM-format file.

    0 讨论(0)
 看不清?
提交回复
热议问题