NotImplementedError: ECDSA certificates with unnamed curves are unsupported at this time
NotImplementedError: ECDSA certificates with unnamed curves are unsupported at this time
代码片段:
from paramiko import SSHClient, AutoAddPolicy
from scp import SCPClient
ssh = SSHClient()
ssh.load_system_host_keys()
ssh.set_missing_host_key_policy(AutoAddPolicy())
ssh.connect(target_ip_addr, 22, username, password)
scp = SCPClient(ssh.get_transport())
scp.get(src_filepath, dest_dir)
失败:
43 20200715 222952 [.] [ERROR] * /usr/software/pkgs/Python-3.7.1/lib/python3.7/site-packages/paramiko-2.4.2-py3.7.egg/paramiko/client.py:437: in connect
44 20200715 222952 [.] [ERROR] * passphrase,
45 20200715 222952 [.] [ERROR] * /usr/software/pkgs/Python-3.7.1/lib/python3.7/site-packages/paramiko-2.4.2-py3.7.egg/paramiko/client.py:720: in _auth
46 20200715 222952 [.] [ERROR] * filename, pkey_class, passphrase
47 20200715 222952 [.] [ERROR] * /usr/software/pkgs/Python-3.7.1/lib/python3.7/site-packages/paramiko-2.4.2-py3.7.egg/paramiko/client.py:571: in _key_from_filepath
48 20200715 222952 [.] [ERROR] * key = klass.from_private_key_file(key_path, password)
49 20200715 222952 [.] [ERROR] * /usr/software/pkgs/Python-3.7.1/lib/python3.7/site-packages/paramiko-2.4.2-py3.7.egg/paramiko/pkey.py:206: in from_private_key_file
50 20200715 222952 [.] [ERROR] * key = cls(filename=filename, password=password)
51 20200715 222952 [.] [ERROR] * /usr/software/pkgs/Python-3.7.1/lib/python3.7/site-packages/paramiko-2.4.2-py3.7.egg/paramiko/ecdsakey.py:126: in __init__
52 20200715 222952 [.] [ERROR] * self._from_private_key_file(filename, password)
53 20200715 222952 [.] [ERROR] * /usr/software/pkgs/Python-3.7.1/lib/python3.7/site-packages/paramiko-2.4.2-py3.7.egg/paramiko/ecdsakey.py:279: in _from_private_key_file
54 20200715 222952 [.] [ERROR] * self._decode_key(data)
55 20200715 222952 [.] [ERROR] * /usr/software/pkgs/Python-3.7.1/lib/python3.7/site-packages/paramiko-2.4.2-py3.7.egg/paramiko/ecdsakey.py:288: in _decode_key
56 20200715 222952 [.] [ERROR] * data, password=None, backend=default_backend()
57 20200715 222952 [.] [ERROR] * usr/software/pkgs/Python-3.7.1/lib/python3.7/site-packages/cryptography-2.3.1-py3.7-linux-x86_64.egg/cryptography/hazmat/primitives/serialization.py:32: in load_der_private_key
58 20200715 222952 [.] [ERROR] * return backend.load_der_private_key(data, password)
59 20200715 222952 [.] [ERROR] * usr/software/pkgs/Python-3.7.1/lib/python3.7/site-packages/cryptography-2.3.1-py3.7-linux-x86_64.egg/cryptography/hazmat/backends/openssl/backend.py:1061: in load_der_private_key
60 20200715 222952 [.] [ERROR] * return self._evp_pkey_to_private_key(key)
61 20200715 222952 [.] [ERROR] * usr/software/pkgs/Python-3.7.1/lib/python3.7/site-packages/cryptography-2.3.1-py3.7-linux-x86_64.egg/cryptography/hazmat/backends/openssl/backend.py:488: in _evp_pkey_to_private_key
62 20200715 222952 [.] [ERROR] * return _EllipticCurvePrivateKey(self, ec_cdata, evp_pkey)
63 20200715 222952 [.] [ERROR] * usr/software/pkgs/Python-3.7.1/lib/python3.7/site-packages/cryptography-2.3.1-py3.7-linux-x86_64.egg/cryptography/hazmat/backends/openssl/ec.py:134: in __init__
64 20200715 222952 [.] [ERROR] * sn = _ec_key_curve_sn(backend, ec_key_cdata)
65 20200715 222952 [.] [ERROR] * _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
66 20200715 222952 [.] [ERROR] *
67 20200715 222952 [.] [ERROR] * backend = <cryptography.hazmat.backends.openssl.backend.Backend object at 0x7fbe4feb0400>
68 20200715 222952 [.] [ERROR] * ec_key = <cdata 'EC_KEY *' 0x1d64c40>
69 20200715 222952 [.] [ERROR] *
70 20200715 222952 [.] [ERROR] * def _ec_key_curve_sn(backend, ec_key):
71 20200715 222952 [.] [ERROR] * group = backend._lib.EC_KEY_get0_group(ec_key)
72 20200715 222952 [.] [ERROR] * backend.openssl_assert(group != backend._ffi.NULL)
73 20200715 222952 [.] [ERROR] *
74 20200715 222952 [.] [ERROR] * nid = backend._lib.EC_GROUP_get_curve_name(group)
75 20200715 222952 [.] [ERROR] * # The following check is to find EC keys with unnamed curves and raise
76 20200715 222952 [.] [ERROR] * # an error for now.
77 20200715 222952 [.] [ERROR] * if nid == backend._lib.NID_undef:
78 20200715 222952 [.] [ERROR] * raise NotImplementedError(
79 20200715 222952 [.] [ERROR] * > "ECDSA certificates with unnamed curves are unsupported "
80 20200715 222952 [.] [ERROR] * "at this time"
81 20200715 222952 [.] [ERROR] * )
82 20200715 222952 [.] [ERROR] * E NotImplementedError: ECDSA certificates with unnamed curves are unsupported at this time
83 20200715 222952 [.] [ERROR] *
84 20200715 222952 [.] [ERROR] * usr/software/pkgs/Python-3.7.1/lib/python3.7/site-packages/cryptography-2.3.1-py3.7-linux-x86_64.egg/cryptography/hazmat/backends/openssl/ec.py:37: NotImplementedError
不确定如何修复此错误。有什么建议吗?
cryptography
库(paramiko
所依赖)不支持未命名的 EC 曲线(也称为具有显式参数的曲线)。看起来此代码路径中存在导致此异常的 EC 密钥。如果你控制它,你应该生成使用命名曲线的新密钥(未命名的曲线通常是不明智的)。
代码片段:
from paramiko import SSHClient, AutoAddPolicy
from scp import SCPClient
ssh = SSHClient()
ssh.load_system_host_keys()
ssh.set_missing_host_key_policy(AutoAddPolicy())
ssh.connect(target_ip_addr, 22, username, password)
scp = SCPClient(ssh.get_transport())
scp.get(src_filepath, dest_dir)
失败:
43 20200715 222952 [.] [ERROR] * /usr/software/pkgs/Python-3.7.1/lib/python3.7/site-packages/paramiko-2.4.2-py3.7.egg/paramiko/client.py:437: in connect
44 20200715 222952 [.] [ERROR] * passphrase,
45 20200715 222952 [.] [ERROR] * /usr/software/pkgs/Python-3.7.1/lib/python3.7/site-packages/paramiko-2.4.2-py3.7.egg/paramiko/client.py:720: in _auth
46 20200715 222952 [.] [ERROR] * filename, pkey_class, passphrase
47 20200715 222952 [.] [ERROR] * /usr/software/pkgs/Python-3.7.1/lib/python3.7/site-packages/paramiko-2.4.2-py3.7.egg/paramiko/client.py:571: in _key_from_filepath
48 20200715 222952 [.] [ERROR] * key = klass.from_private_key_file(key_path, password)
49 20200715 222952 [.] [ERROR] * /usr/software/pkgs/Python-3.7.1/lib/python3.7/site-packages/paramiko-2.4.2-py3.7.egg/paramiko/pkey.py:206: in from_private_key_file
50 20200715 222952 [.] [ERROR] * key = cls(filename=filename, password=password)
51 20200715 222952 [.] [ERROR] * /usr/software/pkgs/Python-3.7.1/lib/python3.7/site-packages/paramiko-2.4.2-py3.7.egg/paramiko/ecdsakey.py:126: in __init__
52 20200715 222952 [.] [ERROR] * self._from_private_key_file(filename, password)
53 20200715 222952 [.] [ERROR] * /usr/software/pkgs/Python-3.7.1/lib/python3.7/site-packages/paramiko-2.4.2-py3.7.egg/paramiko/ecdsakey.py:279: in _from_private_key_file
54 20200715 222952 [.] [ERROR] * self._decode_key(data)
55 20200715 222952 [.] [ERROR] * /usr/software/pkgs/Python-3.7.1/lib/python3.7/site-packages/paramiko-2.4.2-py3.7.egg/paramiko/ecdsakey.py:288: in _decode_key
56 20200715 222952 [.] [ERROR] * data, password=None, backend=default_backend()
57 20200715 222952 [.] [ERROR] * usr/software/pkgs/Python-3.7.1/lib/python3.7/site-packages/cryptography-2.3.1-py3.7-linux-x86_64.egg/cryptography/hazmat/primitives/serialization.py:32: in load_der_private_key
58 20200715 222952 [.] [ERROR] * return backend.load_der_private_key(data, password)
59 20200715 222952 [.] [ERROR] * usr/software/pkgs/Python-3.7.1/lib/python3.7/site-packages/cryptography-2.3.1-py3.7-linux-x86_64.egg/cryptography/hazmat/backends/openssl/backend.py:1061: in load_der_private_key
60 20200715 222952 [.] [ERROR] * return self._evp_pkey_to_private_key(key)
61 20200715 222952 [.] [ERROR] * usr/software/pkgs/Python-3.7.1/lib/python3.7/site-packages/cryptography-2.3.1-py3.7-linux-x86_64.egg/cryptography/hazmat/backends/openssl/backend.py:488: in _evp_pkey_to_private_key
62 20200715 222952 [.] [ERROR] * return _EllipticCurvePrivateKey(self, ec_cdata, evp_pkey)
63 20200715 222952 [.] [ERROR] * usr/software/pkgs/Python-3.7.1/lib/python3.7/site-packages/cryptography-2.3.1-py3.7-linux-x86_64.egg/cryptography/hazmat/backends/openssl/ec.py:134: in __init__
64 20200715 222952 [.] [ERROR] * sn = _ec_key_curve_sn(backend, ec_key_cdata)
65 20200715 222952 [.] [ERROR] * _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
66 20200715 222952 [.] [ERROR] *
67 20200715 222952 [.] [ERROR] * backend = <cryptography.hazmat.backends.openssl.backend.Backend object at 0x7fbe4feb0400>
68 20200715 222952 [.] [ERROR] * ec_key = <cdata 'EC_KEY *' 0x1d64c40>
69 20200715 222952 [.] [ERROR] *
70 20200715 222952 [.] [ERROR] * def _ec_key_curve_sn(backend, ec_key):
71 20200715 222952 [.] [ERROR] * group = backend._lib.EC_KEY_get0_group(ec_key)
72 20200715 222952 [.] [ERROR] * backend.openssl_assert(group != backend._ffi.NULL)
73 20200715 222952 [.] [ERROR] *
74 20200715 222952 [.] [ERROR] * nid = backend._lib.EC_GROUP_get_curve_name(group)
75 20200715 222952 [.] [ERROR] * # The following check is to find EC keys with unnamed curves and raise
76 20200715 222952 [.] [ERROR] * # an error for now.
77 20200715 222952 [.] [ERROR] * if nid == backend._lib.NID_undef:
78 20200715 222952 [.] [ERROR] * raise NotImplementedError(
79 20200715 222952 [.] [ERROR] * > "ECDSA certificates with unnamed curves are unsupported "
80 20200715 222952 [.] [ERROR] * "at this time"
81 20200715 222952 [.] [ERROR] * )
82 20200715 222952 [.] [ERROR] * E NotImplementedError: ECDSA certificates with unnamed curves are unsupported at this time
83 20200715 222952 [.] [ERROR] *
84 20200715 222952 [.] [ERROR] * usr/software/pkgs/Python-3.7.1/lib/python3.7/site-packages/cryptography-2.3.1-py3.7-linux-x86_64.egg/cryptography/hazmat/backends/openssl/ec.py:37: NotImplementedError
不确定如何修复此错误。有什么建议吗?
cryptography
库(paramiko
所依赖)不支持未命名的 EC 曲线(也称为具有显式参数的曲线)。看起来此代码路径中存在导致此异常的 EC 密钥。如果你控制它,你应该生成使用命名曲线的新密钥(未命名的曲线通常是不明智的)。