Debian Bug report logs -
#668239
host key handling broken when port!=22
Reported by: Alexander Zangerl <az@debian.org>
Date: Tue, 10 Apr 2012 02:06:02 UTC
Severity: critical
Tags: upstream
Merged with 682050
Found in versions paramiko/1.7.7.1-2, paramiko/1.7.7.1-3
Fixed in version paramiko/1.7.7.1-3.1
Done: Michael Gilbert <mgilbert@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Jeremy T. Bouse <jbouse@debian.org>:
Bug#668239; Package python-paramiko.
(Tue, 10 Apr 2012 02:06:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Alexander Zangerl <az@debian.org>:
New Bug report received and forwarded. Copy sent to Jeremy T. Bouse <jbouse@debian.org>.
(Tue, 10 Apr 2012 02:06:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: python-paramiko
Version: 1.7.7.1-2
Severity: important
Tags: upstream patch
in lines 307-310 in client.py, the hostname is rewritten
to "[origname]:portnumber" if the port isn't 22.
this serves no useful purpose at all, and it breaks
the lookup for the host key that is attempted on the next few
lines: that now fails as the ssh known hosts format allows
hostnames or ip addresses, nothing else (and certainly
not '[hostname]:port').
result: you get a "unknown server" exception (unless you enable the
only-warn missing host key policy).
the attached patch removes the problematic hostname rewriting.
regards
az
[hostkey.patch (text/plain, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Jeremy T. Bouse <jbouse@debian.org>:
Bug#668239; Package python-paramiko.
(Fri, 04 May 2012 18:45:10 GMT) (full text, mbox, link).
Acknowledgement sent
to Zed Pobre <zed@resonant.org>:
Extra info received and forwarded to list. Copy sent to Jeremy T. Bouse <jbouse@debian.org>.
(Fri, 04 May 2012 18:45:11 GMT) (full text, mbox, link).
Message #10 received at 668239@bugs.debian.org (full text, mbox, reply):
severity 668239 critical
tag 668239 wheezy
thanks
I'm resetting the severity on this bug to critical, because it causes
Duplicity ("unrelated packages on the system") to break. If this is
not fixed, or anyone using a non-standard SSH port with Duplicity will
find that backups no longer work upon upgrade.
Regards,
--
Zed Pobre <zed@resonant.org> a.k.a. Zed Pobre <zed@debian.org>
PGP key and fingerprint available on finger; encrypted mail welcomed.
Severity set to 'critical' from 'important'
Request was from Zed Pobre <zed@resonant.org>
to control@bugs.debian.org.
(Fri, 04 May 2012 18:45:12 GMT) (full text, mbox, link).
Added tag(s) wheezy.
Request was from Zed Pobre <zed@resonant.org>
to control@bugs.debian.org.
(Fri, 04 May 2012 18:45:13 GMT) (full text, mbox, link).
Added tag(s) pending.
Request was from Luk Claes <luk@debian.org>
to control@bugs.debian.org.
(Thu, 05 Jul 2012 01:00:06 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Jeremy T. Bouse <jbouse@debian.org>:
Bug#668239; Package python-paramiko.
(Thu, 05 Jul 2012 01:54:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Luk Claes <luk@debian.org>:
Extra info received and forwarded to list. Copy sent to Jeremy T. Bouse <jbouse@debian.org>.
(Thu, 05 Jul 2012 01:54:03 GMT) (full text, mbox, link).
Message #21 received at 668239@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
tags 668239 + pending
thanks
Dear maintainer,
I've prepared an NMU for paramiko (versioned as 1.7.7.1-2.1) and
will have it uploaded soon.
Cheers
Luk
[paramiko-1.7.7.1-2.1-nmu.diff (text/x-diff, attachment)]
Reply sent
to Luk Claes <luk@debian.org>:
You have taken responsibility.
(Thu, 05 Jul 2012 15:51:08 GMT) (full text, mbox, link).
Notification sent
to Alexander Zangerl <az@debian.org>:
Bug acknowledged by developer.
(Thu, 05 Jul 2012 15:51:08 GMT) (full text, mbox, link).
Message #26 received at 668239-close@bugs.debian.org (full text, mbox, reply):
Source: paramiko
Source-Version: 1.7.7.1-2.1
We believe that the bug you reported is fixed in the latest version of
paramiko, which is due to be installed in the Debian FTP archive:
paramiko_1.7.7.1-2.1.debian.tar.gz
to main/p/paramiko/paramiko_1.7.7.1-2.1.debian.tar.gz
paramiko_1.7.7.1-2.1.dsc
to main/p/paramiko/paramiko_1.7.7.1-2.1.dsc
python-paramiko_1.7.7.1-2.1_all.deb
to main/p/paramiko/python-paramiko_1.7.7.1-2.1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 668239@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luk Claes <luk@debian.org> (supplier of updated paramiko package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 05 Jul 2012 00:38:56 +0000
Source: paramiko
Binary: python-paramiko
Architecture: source all
Version: 1.7.7.1-2.1
Distribution: unstable
Urgency: low
Maintainer: Jeremy T. Bouse <jbouse@debian.org>
Changed-By: Luk Claes <luk@debian.org>
Description:
python-paramiko - Make ssh v2 connections with Python
Closes: 668239
Changes:
paramiko (1.7.7.1-2.1) unstable; urgency=low
.
* Non-maintainer upload.
* Fix broken host key handling when port != 22 (Closes: 668239)
Checksums-Sha1:
4e736544bd4cd8b83cbba0197698356e5f2ef32e 1339 paramiko_1.7.7.1-2.1.dsc
e4aa8c588c5e6f9de3dd85d8147acc2741e13b95 4111 paramiko_1.7.7.1-2.1.debian.tar.gz
ab112e2faf6913b199bb522e527ac653f5b74ec1 799756 python-paramiko_1.7.7.1-2.1_all.deb
Checksums-Sha256:
1f8b76091659144927e6dcbdd87804a2863fe7582aa835ac558f138cdaeaaa12 1339 paramiko_1.7.7.1-2.1.dsc
f397897c5755a1ec8dc7264b17eec8f8878bf32dd1502189a728e2f4d77301a7 4111 paramiko_1.7.7.1-2.1.debian.tar.gz
71375f3c11bd518dc21a5636504fb6fe9aecd62a5913480f5ab8a6816a075154 799756 python-paramiko_1.7.7.1-2.1_all.deb
Files:
c0e386a81509e350b60e3c8de45fcbca 1339 python optional paramiko_1.7.7.1-2.1.dsc
03ba3e5a9c7ce0ff715b33f76160b88f 4111 python optional paramiko_1.7.7.1-2.1.debian.tar.gz
40e568bec76121b3f78712a7501954e8 799756 python optional python-paramiko_1.7.7.1-2.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk/1tCsACgkQ+C5cwEsrK55F9QCeIl+PIIv7CFwIInynNdGA+Vxc
SUMAoISzZJkHTgHjeokQ423dFuzdzLgU
=QcXV
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Jeremy T. Bouse <jbouse@debian.org>:
Bug#668239; Package python-paramiko.
(Thu, 05 Jul 2012 16:39:09 GMT) (full text, mbox, link).
Acknowledgement sent
to "Jeremy T. Bouse" <jbouse@debian.org>:
Extra info received and forwarded to list. Copy sent to Jeremy T. Bouse <jbouse@debian.org>.
(Thu, 05 Jul 2012 16:39:09 GMT) (full text, mbox, link).
Message #31 received at 668239@bugs.debian.org (full text, mbox, reply):
On 07/04/2012 08:57 PM, Luk Claes wrote:
> tags 668239 + pending
> thanks
>
> Dear maintainer,
>
> I've prepared an NMU for paramiko (versioned as 1.7.7.1-2.1) and
> will have it uploaded soon.
>
> Cheers
>
> Luk
Any reason you felt that you couldn't actually follow the process I'd
already established to submit the patch to the VCS that the package is
maintained out of? I purposely put the package maintenance on
git.debian.org within collab-maint so that any DD could submit commits
for the package back. You obviously looked at the BTS so did you not
bother to check out the PTS and see it was in VCS?
Reply sent
to jbouse@debian.org (Jeremy T. Bouse):
You have taken responsibility.
(Mon, 09 Jul 2012 16:21:11 GMT) (full text, mbox, link).
Notification sent
to Alexander Zangerl <az@debian.org>:
Bug acknowledged by developer.
(Mon, 09 Jul 2012 16:21:11 GMT) (full text, mbox, link).
Message #36 received at 668239-close@bugs.debian.org (full text, mbox, reply):
Source: paramiko
Source-Version: 1.7.7.1-3
We believe that the bug you reported is fixed in the latest version of
paramiko, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 668239@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jeremy T. Bouse <jbouse@debian.org> (supplier of updated paramiko package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 09 Jul 2012 11:02:38 -0400
Source: paramiko
Binary: python-paramiko
Architecture: source all
Version: 1.7.7.1-3
Distribution: unstable
Urgency: low
Maintainer: Jeremy T. Bouse <jbouse@debian.org>
Changed-By: Jeremy T. Bouse <jbouse@debian.org>
Description:
python-paramiko - Make ssh v2 connections with Python
Closes: 659007 668239
Changes:
paramiko (1.7.7.1-3) unstable; urgency=low
.
* Accept NMU uploads (Closes: #659007, #668239)
* Update package to clean up lintian findings
* debian/source/local-options: set unapply-patches option
* debian/watch: Don't need to use uupdate with gbp
* debian/control: Upgrade Debian Standard (no changes needed)
Checksums-Sha1:
74419a44318df83a1ea80f2181db1f0073aaf939 1345 paramiko_1.7.7.1-3.dsc
c2872d231ed52d1bb48dc7351d8099376143b020 5357 paramiko_1.7.7.1-3.debian.tar.gz
3ef20f1e8c453c26e6dc33c310d720d57d92d60c 806772 python-paramiko_1.7.7.1-3_all.deb
Checksums-Sha256:
8bf5b2dc47f8069a75cf64f741c99576378d6a538376c82de2142769c6fd0db3 1345 paramiko_1.7.7.1-3.dsc
b0b3d8d8c933a235597fb0a4a43f30e36ba468d590d098a5a5632014f60ae457 5357 paramiko_1.7.7.1-3.debian.tar.gz
749a3e3db2aacb9ebbb44fde63327eeeae6da0cfc83930f090c5ddd05beb5f35 806772 python-paramiko_1.7.7.1-3_all.deb
Files:
3dae5b390b64b5e1ce5f071092359fb2 1345 python optional paramiko_1.7.7.1-3.dsc
94c9e27d03bc91502202cd7ee9596162 5357 python optional paramiko_1.7.7.1-3.debian.tar.gz
b10eae4c9cccc0267541bdb24250aa9f 806772 python optional python-paramiko_1.7.7.1-3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iF4EAREIAAYFAk/7AUgACgkQ8C9U2GaKntdj/gD6A2LkQbDmuewcq8bBpsIbQsOw
gP+FPJWkoRt0zMmvgiQA/0uR7Rqcus16HFy5Aj7h/KwOFlrlR9oSKRoHR/5MRUbZ
=X20d
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Jeremy T. Bouse <jbouse@debian.org>:
Bug#668239; Package python-paramiko.
(Mon, 30 Jul 2012 07:57:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Lars Noschinski <lars@public.noschinski.de>:
Extra info received and forwarded to list. Copy sent to Jeremy T. Bouse <jbouse@debian.org>.
(Mon, 30 Jul 2012 07:57:08 GMT) (full text, mbox, link).
Message #41 received at 668239@bugs.debian.org (full text, mbox, reply):
Package: python-paramiko
Version: 1.7.7.1-3
Followup-For: Bug #668239
Dear Maintainer,
this patch does not fix the issues with duplicity; in fact, I believe this
change is wrong. As of openssh-server-1:6.0p1-2 0, sshd(8) states for the
~/.ssh/known_hosts file:
A hostname or address may optionally be enclosed within ‘[’ and
‘]’
brackets then followed by ‘:’ and a non-standard port number.
And indeed, openssh-client (as of 1:6.0p1-2) uses this format:
$ ssh -v user@HOSTNAME -p 2222
OpenSSH_6.0p1 Debian-2, OpenSSL 1.0.1c 10 May 2012
[...]
debug1: Host '[HOSTNAME]:2222' is known and matches the RSA host key.
debug1: Found key in /home/lars/.ssh/known_hosts:146
[...]
Paramiko does not find this entry and hence throws an
paramiko.SSHException: Unknown server HOSTNAME
If I edit my known_host file by adding an entry for HOSTNAME instead of
[HOSTNAME]:2222, paramiko succeeds.
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (700, 'testing'), (650, 'unstable'), (500, 'stable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages python-paramiko depends on:
ii python 2.7.3~rc2-1
ii python-crypto 2.6-2
python-paramiko recommends no packages.
python-paramiko suggests no packages.
-- no debconf information
Bug reopened
Request was from Lars Noschinski <lars@public.noschinski.de>
to control@bugs.debian.org.
(Mon, 30 Jul 2012 13:48:06 GMT) (full text, mbox, link).
No longer marked as fixed in versions paramiko/1.7.7.1-2.1.
Request was from Lars Noschinski <lars@public.noschinski.de>
to control@bugs.debian.org.
(Mon, 30 Jul 2012 13:48:06 GMT) (full text, mbox, link).
Removed tag(s) wheezy.
Request was from Niels Thykier <niels@thykier.net>
to control@bugs.debian.org.
(Sat, 03 Nov 2012 19:09:03 GMT) (full text, mbox, link).
Removed tag(s) patch.
Request was from gregor herrmann <gregoa@debian.org>
to control@bugs.debian.org.
(Sun, 04 Nov 2012 18:09:08 GMT) (full text, mbox, link).
Merged 668239 682050
Request was from Michael Gilbert <mgilbert@debian.org>
to control@bugs.debian.org.
(Mon, 12 Nov 2012 23:21:09 GMT) (full text, mbox, link).
Message #52 received at 682050-close@bugs.debian.org (full text, mbox, reply):
Source: paramiko
Source-Version: 1.7.7.1-3.1
We believe that the bug you reported is fixed in the latest version of
paramiko, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 682050@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Gilbert <mgilbert@debian.org> (supplier of updated paramiko package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 12 Nov 2012 23:14:26 +0000
Source: paramiko
Binary: python-paramiko
Architecture: source all
Version: 1.7.7.1-3.1
Distribution: unstable
Urgency: medium
Maintainer: Jeremy T. Bouse <jbouse@debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description:
python-paramiko - Make ssh v2 connections with Python
Closes: 682050
Changes:
paramiko (1.7.7.1-3.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Drop problematic hostkey.patch (closes: #682050).
Checksums-Sha1:
5369ff419c8af15288ed0404db4bcd592f095c45 2653 paramiko_1.7.7.1-3.1.dsc
69c42ab51d76f9e28bd0211a053e28323f6569bc 5226 paramiko_1.7.7.1-3.1.debian.tar.gz
91456272bf03dbd8144856e4c60fca9f1129c4c1 809030 python-paramiko_1.7.7.1-3.1_all.deb
Checksums-Sha256:
4ae8a202fe578a035203997eb2f2de005ed4874a4ac67d4b2a91f2b5e111f50e 2653 paramiko_1.7.7.1-3.1.dsc
c3c10d8e49f042db48319749b773e7d80fba70649b03ab63e75d8078344cd189 5226 paramiko_1.7.7.1-3.1.debian.tar.gz
b3fd1b326bac48f1b31c63180d79e0476daf29cc0e454d6e4054b8caf56b19ee 809030 python-paramiko_1.7.7.1-3.1_all.deb
Files:
fe2313eba2e42e89cfc4003371143695 2653 python optional paramiko_1.7.7.1-3.1.dsc
abe52702262cfc9d3b5b05a487487c8c 5226 python optional paramiko_1.7.7.1-3.1.debian.tar.gz
34fbeb61b91584ccd25b6028f2aae144 809030 python optional python-paramiko_1.7.7.1-3.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQQcBAEBCAAGBQJQoYN5AAoJELjWss0C1vRz7R8f/Ax7v+nF0YvfY8Go0ZhKpRJJ
wapJ+O2VvewQDbdWyPWSGckGT5SHSt1Ag0WNeQu1R8PzmKza+dKwvVRfoAYZb+7P
LtINiZ9hUoeX5Hj7SyFjWkacnTCS6FB8y6PPrbnjWtq+TlyVeb2aryOh4oVP6px+
EN3AMOVxXtggfbnl2FND0ks2B783jh1OgDeBiG4JwI2zmfs37eIXEQHAMqT0l1Ed
xGJsCvphDfEYAxh7wJpBH40GeUFxgMkhzQvDR79IVptnjAnAa003YQPKi6G/PtJ1
pLeVO+KVej+wDFkpXkrRqdih4WqD00Mp03NtfxlboN5aaXVC2T4CB7WlNJpUlTWw
UWiRuG5xi3wzUMCuqwVNITW/zVIsUt6srb8+QyvAfSJCGlJGmzxarvYKIKhWylR3
AHK605Dh5Xt59BiPrwMoN2GSIKAYfEaN9yyFOvWy3cBNXczBTBzTezmXmdE1cCbY
uS/qlnZUPeymtD29/EeHosIb4bNT6qrX9zh7z95u0Lxk2QNPuXrhBPuLQf9HsHED
92XG7Y00XyjWof1c3nUtEnuE9/ZXa/BskI2OxLJ19d04jCJLcpzVM6ZQ7IZhW53o
cSVsD5rHKew+aRNW7Up7gVC1yiXnP9kDs7BROyFqvkO8LdQKEQZbzW/i5k2F/8RR
Npr5v4eYAhFfdfJYasbeILr+ZsTmcHKJNc5R4uvobfCEhBgK5YQNvBr22eoXX/Re
GQF6m9/U3MD3TDybgUp5GGY5xKfAehB2bAiVqVOwjuVfZd4nONRgrdQzm9zZRjVY
En3HO8aD0xI7NCyUZsADz2QdvlCcxFpibKCKz1nAMWipbuQPI6+XoIrarx8y1pQK
MHvP3kz/NsbFSyVj1ikxVZxH+XgeED3wJDIjd9ti7Dpw9DJiKH4ol1EVguN+Wmq2
xyWfuj6MwOT9rRrXfaipThV7FKq4B5lvu4DGruNskU0i+R/0Yi1wfNcO8N85iE7Z
rwEtPYDxQsD/svw5SCaHBH42SpS3VVqReBxZ74YQQcm43W0FTsvJuCyUQQZLmd0U
/9XmBOmj0iQ4cw5yP5H4f2YRNFO4o+t2dA1M+2z8zlZQYON7E2ZAXW2jkgCO2RDw
uk+bSseXiUfAPwVlWAhAXknB/xSn19mnABvE7IE46Vq00UxWS+jTViSSrrrwraEI
J60/W3Qa6bxIaoirrDM2TJs+39W7SivFX7hwQkU6wBrxGlbuHxhBSoeSVkg02PJ5
EKpEBc5qVkgA4TQTcZ2DRIqzfFOO4e5DLblj0UWOeWHyU4zT/N1fUK/1vgpFeOE0
aUH7xq0bbXCMPPGN2OQ8V/+xhg+VgsmltFSoiKmgtuAAjth/SlZA2vq84A3TYs0=
=ic0X
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 24 Dec 2012 07:27:23 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sat Mar 25 17:58:17 2023;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.