0

Paramiko script is running great from interactive terminal using id_rsa. When run as a cron job suddenly it finds the id_rsa to be invalid. Test 777 permissions have been set on all related files to no avail. Logs show that the job is being run as the proper user.

paramiko.ssh_exception.SSHException: not a valid RSA private key file

So, it seems this if statement at end of block is being fulfilled only as cron job: `

  def _read_private_key(self, tag, f, password=None):
            lines = f.readlines()
            start = 0
            beginning_of_key = "-----BEGIN " + tag + " PRIVATE KEY-----"
            while start < len(lines) and lines[start].strip()
                                                 != beginning_of_key:
            start += 1
        if start >= len(lines):
            raise SSHException("not a valid " + tag + " private key file")
`

Any insights appreciated.

EDIT: My code to load key try: client = paramiko.SSHClient() client.load_system_host_keys() client.set_missing_host_key_policy(paramiko.WarningPolicy) client.connect(hostname = '<target>', key_filename = '/home/user/.ssh/id_rsa',username='root')

DocSpiegel
  • 101
  • 11
  • Show us the code that you use to load the key. – Martin Prikryl Dec 17 '18 at 19:54
  • I hope you din't set 777 permissions to your private key! – Martin Prikryl Dec 17 '18 at 19:55
  • Updated with code requested, I copied the private key and moved it to the testing directory and changed the permissions, it is now deleted. This is all in a test environment. – DocSpiegel Dec 17 '18 at 21:00
  • I do not understand what you mean by *"I copied the private key and moved it to the testing directory and changed the permissions, it is now deleted."* - You are loading the key from `/home/user/.ssh`, not a testing directory. Why is the file deleted? + Do you get the same problem, if you generate new RSA key? – Martin Prikryl Dec 18 '18 at 07:37
  • My apologies let me explain. When I was considering it to possibly be a permission issue, instead of playing with permissions on my .ssh directory and the files within, I copied id_rsa and moved it to the directory containing the paramiko script. I adjusted the path in the script to reflect this change. I then adjusted permissions on that file and directory. After this continued to fail I removed the copy of id_rsa and then changed the path in the script back to the .ssh directory where it is now. I will try a new key, just strange key works fine when run in interactive shell. – DocSpiegel Dec 18 '18 at 13:52
  • new RSA key did not solve the issue. same error as before. – DocSpiegel Dec 18 '18 at 14:12
  • Add `with open('/home/user/.ssh/id_rsa', 'r') as fin:` `print fin.read()` to your code and check if the contents it prints when executed from cron matches the contents you expect. – Martin Prikryl Dec 19 '18 at 07:31
  • yes output is exactly as expected with this added. – DocSpiegel Dec 19 '18 at 13:37
  • OK, did you check if cron does not pick up a different version of Python or Paramiko? – Martin Prikryl Dec 19 '18 at 13:38
  • I ran `which python` and then added this full path to the cron job as `/usr/bin/python` when calling python. I also ran `env` and made the cron path match those of my interactive shell exactly. – DocSpiegel Dec 19 '18 at 13:52

1 Answers1

2

I faced the similar situation and ssh-keygen comes to my help. You should make a copy of id_rsa and convert it to RSA type with ssh-keygen and then give that path to "key_filename"

To Convert "BEGIN OPENSSH PRIVATE KEY" to "BEGIN RSA PRIVATE KEY"

ssh-keygen -p -m PEM -f ~/.ssh/id_rsa
ahirapara
  • 1,029
  • 10
  • 9