How do use paramiko.RSAKey.from_private_key()?

Question

Any idea how I can use the paramiko.RSAKey.from_private_key() function?

I know there is a from_private_key_file(), but I'm interested in using a function to parse a private key (like below) and use that private key for SSHClient.

Private key (sample):

Code I wanted to run:

import paramiko
ssh = paramiko.SSHClient()
# how do I pass in the private_key, when my private_key (shown above) is in string?
mykey = paramiko.RSAKey.from_private_key(private_key) 
ssh.connect('192.168.1.2', username = 'vinod', pkey = mykey)

Many thanks.

score 24 · Answer 1 · answered Dec 05 '13 at 19:26

24

Lev's method worked for me:

>>> import paramiko
>>> f = open('/path/to/key.pem','r')
>>> s = f.read()
>>> import StringIO
>>> keyfile = StringIO.StringIO(s)
>>> mykey = paramiko.RSAKey.from_private_key(keyfile)
>>> ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
>>> ssh.connect('myserver.compute-1.amazonaws.com', username='ubuntu', pkey=mykey)
>>> stdin, stdout, stderr = ssh.exec_command('uptime')
>>> stdout.readlines()
[' 19:21:10 up 24 days, 42 min,  1 user,  load average: 0.14, 0.06, 0.05\n']

answered Dec 05 '13 at 19:26

Paul Zielinski

460
3
7

3

Even easier with `paramiko.RSAKey.from_private_key_file(filename)`, see http://docs.paramiko.org/en/1.15/api/keys.html#paramiko.pkey.PKey.from_private_key_file – ezdazuzena Oct 27 '15 at 12:05
1

@ezdazuzena, sometimes you have only string in memory, not a file. – odiszapc Oct 29 '15 at 05:43
6

for python3, use io instead of StringIO – 3pitt Mar 05 '18 at 12:20
I do it and get `paramiko.ssh_exception.SSHException: No existing session`. – mercury Dec 08 '22 at 04:46

score 10 · Answer 2 · answered Jan 25 '17 at 21:51

This should do it:

import io
import paramiko

private_key_file = io.StringIO()
private_key_file.write('-----BEGIN RSA PRIVATE KEY-----\nlskjdflk\n...\n-----END RSA PRIVATE KEY-----\n')
private_key_file.seek(0)
private_key = paramiko.RSAKey.from_private_key(private_key_file)

score 8 · Answer 3 · answered Apr 01 '12 at 09:49

from_private_key() apparently takes a file object:

from_private_key(cls, file_obj, password=None)

Create a key object by reading a private key from a file (or file-like) object. If the private key is encrypted and password is not None, the given password will be used to decrypt the key (otherwise PasswordRequiredException is thrown).

Parameters:

file_obj (file) - the file to read from password (str) - an optional password to use to decrypt the key, if it's encrypted

Returns: PKey

a new key object based on the given private key

Raises:

IOError - if there was an error reading the key

PasswordRequiredException - if the private key file is encrypted, and password is None

SSHException - if the key file is invalid

So to feed it a key as a string you can use StringIO, something like:

private_key = StringIO.StringIO(key_string)
mykey = paramiko.RSAKey.from_private_key(private_key)

I have not tested this, though.

Doesn't work. `key_string` is the private key as string. I get this exception: `SSHException: not a valid RSA private key file` — zengr, Aug 23 '13 at 21:19

score 3 · Answer 4 · answered Jul 14 '16 at 04:12

Here is where 'duck typing' comes in handy - it does not have to BE a duck (=file), it just has to BEHAVE like one.

A little experimentation shows that, any object that has a valid readlines() method is fine.

I faked it with:

def myfakefile(keystring):
    myfakefile.readlines=lambda: keystring.split("\n")
    return myfakefile

mykey = paramiko.RSAKey.from_private_key(myfakefile(keystring))

This is incredibly hacky, but it works.

What this does, is, when you call myfakefile(keystring), it creates myfakefile.readlines, which returns the (split) contents of keystrings.

Then, it returns the function.

The same function is passed to from_private_key. from_private_key, thinking it is a file, calls myfakefile.readlines(). This calls the newly created (lambda) function, which returns the sort of thing you would expect from file.readlines() - or, close enough, anyway.

Note that, saving the results will not work as expected:

k1=myfakefile(keystring1)
k2=myfakefile(keystring2)

 # This will return keystring2, not keystring1!
paramkiko.RSAKey.from_private_keyfile(k1.readlines())

There are more robust methods of getting this to work as it should, but not worth the effort - just use StringIO if your needs are more complicated.

whilst I like this style, I'm not sure I'd recommend this (paramiko _may_ change it's API). — Andy Hayden, Oct 19 '16 at 07:04

user1093043 · Answer 5 · 2017-10-02T18:53:24.033

-2

Very old question, but in case it helps some unfortunate soul: my sol'n to this problem was to generate a new key with default options, using

ssh-keygen -t rsa

My previous key was generated using

ssh-keygen -t rsa -b 4096 -a 100

which paramiko complained about as it did for OP.

edited Oct 02 '17 at 18:53

answered Aug 26 '16 at 06:17

user1093043

25
3

Paramiko complained was because the -o flag saved the key in the OpenSSH format, and *not* the RSA format paramiko expects. If you drop the -o flag when generating the key paramiko should work with the resultant key. – KiwiMartin Oct 18 '16 at 01:46

How do use paramiko.RSAKey.from_private_key()?

5 Answers5

Linked