The shipped version 2.4.2 is old and generates warnings: /usr/lib/python2.7/site-packages/paramiko/ecdsakey.py:164: CryptographyDeprecationWarning: Support for unsafe construction of public numbers from encoded data will be removed in a future version. Please use EllipticCurvePublicKey.from_encoded_point self.ecdsa_curve.curve_class(), pointinfo /usr/lib/python2.7/site-packages/paramiko/kex_ecdh_nist.py:39: CryptographyDeprecationWarning: encode_point has been deprecated on EllipticCurvePublicNumbers and will be removed in a future version. Please use EllipticCurvePublicKey.public_bytes to obtain both compressed and uncompressed point encoding. m.add_string(self.Q_C.public_numbers().encode_point()) /usr/lib/python2.7/site-packages/paramiko/kex_ecdh_nist.py:96: CryptographyDeprecationWarning: Support for unsafe construction of public numbers from encoded data will be removed in a future version. Please use EllipticCurvePublicKey.from_encoded_point self.curve, Q_S_bytes /usr/lib/python2.7/site-packages/paramiko/kex_ecdh_nist.py:111: CryptographyDeprecationWarning: encode_point has been deprecated on EllipticCurvePublicNumbers and will be removed in a future version. Please use EllipticCurvePublicKey.public_bytes to obtain both compressed and uncompressed point encoding. hm.add_string(self.Q_C.public_numbers().encode_point()) /usr/lib/python2.7/site-packages/paramiko/ecdsakey.py:164: CryptographyDeprecationWarning: Support for unsafe construction of public numbers from encoded data will be removed in a future version. Please use EllipticCurvePublicKey.from_encoded_point self.ecdsa_curve.curve_class(), pointinfo /usr/lib/python2.7/site-packages/paramiko/kex_ecdh_nist.py:39: CryptographyDeprecationWarning: encode_point has been deprecated on EllipticCurvePublicNumbers and will be removed in a future version. Please use EllipticCurvePublicKey.public_bytes to obtain both compressed and uncompressed point encoding. m.add_string(self.Q_C.public_numbers().encode_point()) /usr/lib/python2.7/site-packages/paramiko/kex_ecdh_nist.py:96: CryptographyDeprecationWarning: Support for unsafe construction of public numbers from encoded data will be removed in a future version. Please use EllipticCurvePublicKey.from_encoded_point self.curve, Q_S_bytes /usr/lib/python2.7/site-packages/paramiko/kex_ecdh_nist.py:111: CryptographyDeprecationWarning: encode_point has been deprecated on EllipticCurvePublicNumbers and will be removed in a future version. Please use EllipticCurvePublicKey.public_bytes to obtain both compressed and uncompressed point encoding. hm.add_string(self.Q_C.public_numbers().encode_point()) since this is used by e.g. duplicity, I get this mail every hour.
I assume version 2.6.0 fixes this problem (?)
Summary: Old version produces warnings => python-paramiko produces warnings
Please test python-paramiko-2.6.0-1.mga7 in Core/Updates_testing repo!
CC: (none) => geiger.david68210
jepp, that solves the problem! no more log entries :) Thanks!
Assigning to QA now, Advisory: ======================== Our current paramiko package is a quite olg and generates plenty of warnings log. So this updates paramiko to a more recent and maintained release and also fixes this issue. ======================== Packages in 7/core/updates_testing: ======================== python2-paramiko-2.6.0-1.mga7.noarch.rpm python3-paramiko-2.6.0-1.mga7.noarch.rpm Source RPM: ======================== python-paramiko-2.6.0-1.mga7.src.rpm
Assignee: bugsquad => qa-bugs
For x86_64 everythings works well with duplicity.
@ Marc MGA7-64 Plasma on Lenovo B50 No installation issues apart from the fact that python2-paramiko-2.6.0-1 was already on my system. Why, I don't have any idea. Then $ urpmq --whatrequires-recursive python3-paramiko ansible ansible-lint python3-paramiko python3-x2go syntastic-ansible $ urpmq --whatrequires-recursive python2-paramiko python2-paramiko There is no signof duplicity here. Tried my hand at syntastic-ansible, but that is a vim plugin apparently, and I don't play in that league. For the brave however, I found some ansible samples in https://docs.ansible.com/ansible/latest/user_guide/playbooks_intro.html.
CC: (none) => herman.viaene
@Herman regarding comment 6. Strange that; I tried installing duplicity and it picked up python-paramiko. 1/16: python2-gdata ############################################# 2/16: python-lockfile ############################################# 3/16: python2-backports ############################################# 4/16: python2-backports-ssl_match_hostname ############################################# 5/16: python2-urllib3 ############################################# 6/16: python2-requests ############################################# 7/16: python-dropbox ############################################# 8/16: lib64rsync2 ############################################# 9/16: python-boto ############################################# 10/16: python2-monotonic ############################################# 11/16: python2-fasteners ############################################# 12/16: python2-bcrypt ############################################# 13/16: python2-pynacl ############################################# 14/16: python-paramiko ############################################# 15/16: ncftp ############################################# 16/16: duplicity ############################################# Ah. The package name is python-paramiko. $ urpmq --whatrequires-recursive python-paramiko bzrtools cloud-utils deja-dup duplicity fwbackups mysql-workbench noethys patator pyhoca-cli pyhoca-gui python-paramiko python2-x2go No idea about duplicity though. The cli requires two arguments at least. The help command shows usage but without a tutorial that means little. We should go with Marc on that assessment. I shall try to follow up ansible later and then update and test again.
CC: (none) => tarazed25
duplicity is a bit complicated to use, if you just want a test case. In fact it is a backup software. python-paramiko is a reimplementation of the ssh protocol in python. So testing would "just" need a python script using this function.
Thanks Marc. Found just such a script at StackExchange but it was not ideal so now trying the demos at https://github.com/paramiko/paramiko/blob/master/demos/ These are part of the paramiko package but do not appear in /usr/share AFAIKS. Running demo.py enables remote login to a designated host: $ ./demo.py Hostname: canopus /usr/lib/python2.7/site-packages/paramiko/kex_ecdh_nist.py:39: CryptographyDeprecationWarning: encode_point has been deprecated on EllipticCurvePublicNumbers and will be removed in a future version. Please use EllipticCurvePublicKey.public_bytes to obtain both compressed and uncompressed point encoding. m.add_string(self.Q_C.public_numbers().encode_point()) /usr/lib/python2.7/site-packages/paramiko/kex_ecdh_nist.py:96: CryptographyDeprecationWarning: Support for unsafe construction of public numbers from encoded data will be removed in a future version. Please use EllipticCurvePublicKey.from_encoded_point self.curve, Q_S_bytes /usr/lib/python2.7/site-packages/paramiko/kex_ecdh_nist.py:111: CryptographyDeprecationWarning: encode_point has been deprecated on EllipticCurvePublicNumbers and will be removed in a future version. Please use EllipticCurvePublicKey.public_bytes to obtain both compressed and uncompressed point encoding. hm.add_string(self.Q_C.public_numbers().encode_point()) /usr/lib/python2.7/site-packages/paramiko/ecdsakey.py:164: CryptographyDeprecationWarning: Support for unsafe construction of public numbers from encoded data will be removed in a future version. Please use EllipticCurvePublicKey.from_encoded_point self.ecdsa_curve.curve_class(), pointinfo *** WARNING: Unknown host key! Username [lcl]: Trying ssh-agent key 525859e95f4086871509b863a0cf0a3b ... success! *** Here we go! Last login: Sun Jul 28 00:29:43 2019 [lcl@canopus ~]$ $ ./keygen.py -v Generating priv/pub dsa 1024 bits key pair (output/output.pub)...done. Fingerprint: 1024 29:80:7e:ca:6d:81:75:fa:18:2c:85:6c:21:5c:1b:4c output.pub (DSA) $ ./keygen.py --type=rsa Fingerprint: 1024 ec:bd:86:fe:86:50:ca:6c:06:c4:2d:8c:e0:e3:a6:b7 output.pub (RSA) Copied the sample RSA keys fron GitHub and also copied the public key to host canopus. $ python simple.py Hostname: canopus Username [lcl]: Password for lcl@canopus: /usr/lib/python2.7/site-packages/paramiko/ecdsakey.py:164: CryptographyDeprecationWarning: Support for unsafe construction of public numbers from encoded data will be removed in a future version. Please use EllipticCurvePublicKey.from_encoded_point self.ecdsa_curve.curve_class(), pointinfo *** Connecting... This is all before updating, using python2.7 only. Looks like it all sort of works but I do not really know what I am doing. Sorry about the verbosity - more to come!
After the updates: $ python server.py Read key: 60733844cb5186657fdedaa22b5a57d5 Listening for connection ... Don't know what user is supposed to feed to it. $ python simple.py Hostname: canopus Username [lcl]: Password for lcl@canopus: *** Connecting... *** Caught exception: <class 'paramiko.ssh_exception.BadHostKeyException'>: Host key for server 'canopus' does not match: got 'whatever......' Traceback (most recent call last): File "simple.py", line 66, in <module> client.connect(hostname, port, username, password) File "/usr/lib/python2.7/site-packages/paramiko/client.py", line 423, in connect raise BadHostKeyException(hostname, server_key, our_key) BadHostKeyException: Host key for server 'canopus' does not match: got 'whatever.....' $ python demo.py Hostname: canopus *** WARNING: Unknown host key! Username [lcl]: Trying ssh-agent key 525859e95f4086871509b863a0cf0a3b ... success! *** Here we go! Last login: Sun Jul 28 18:42:36 2019 from 192.168.1.103 [lcl@canopus ~]$ exit So, looks like remote host public key needs to be imported first.
With reference to comment 10 and others. I think it all works but you have to have some idea what you are doing. Sending it on.
Whiteboard: (none) => MGA7-64-OK
Keywords: (none) => advisory, validated_updateCC: (none) => tmb, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGAA-2019-0092.html
Status: NEW => RESOLVEDResolution: (none) => FIXED