Search code examples
pythonpython-3.xsshparamikoprivate-key

Trying to specify key for paramiko SSHClient, error: Could not deserialize key data

I'm trying to create a Python script, to ssh to multiple servers and execute bash commands.

For this, I'm using Paramiko, and this has led to some problems.

  1. For some reason, my OpenSSH SSH key doesn't work, but this I have solved by creating a new one, with a different format.

  2. This has led to me having to specify which key I want to use, to start with I tried to connect without a password specified, but then Paramiko couldn't decrypt the key.

    password = "somepassword"
pkey_path = "/Users/user1/.ssh/id_rsa_copy"
key = RSAKey.from_private_key_file(pkey_path,password=password)

c = SSHClient()
c.set_missing_host_key_policy(AutoAddPolicy())

c.connect('somesite.com',password=password,pkey=key,look_for_keys=False)
stdin, stdout, stderr = c.exec_command('uptime')
c.close()

When executing the script, I receive the following error:

Traceback (most recent call last):
  File "/Users/user1/projects/my_first_venv/lib/python3.7/site-packages/paramiko/rsakey.py", line 185, in _decode_key
    data, password=None, backend=default_backend()
  File "/Users/user1/projects/my_first_venv/lib/python3.7/site-packages/cryptography/hazmat/primitives/serialization/base.py", line 28, in load_der_private_key
    return backend.load_der_private_key(data, password)
  File "/Users/user1/projects/my_first_venv/lib/python3.7/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1106, in load_der_private_key
    password,
  File "/Users/user1/projects/my_first_venv/lib/python3.7/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1277, in _load_key
    self._handle_key_loading_error()
  File "/Users/user1/projects/my_first_venv/lib/python3.7/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1335, in _handle_key_loading_error
    raise ValueError("Could not deserialize key data.")
ValueError: Could not deserialize key data.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/Users/user1/projects/python/paramiko-puppet.py", line 7, in <module>
    key = RSAKey.from_private_key_file(pkey_path,password=password)
  File "/Users/user1/projects/my_first_venv/lib/python3.7/site-packages/paramiko/pkey.py", line 206, in from_private_key_file
    key = cls(filename=filename, password=password)
  File "/Users/user1/projects/my_first_venv/lib/python3.7/site-packages/paramiko/rsakey.py", line 55, in __init__
    self._from_private_key_file(filename, password)
  File "/Users/user1/projects/my_first_venv/lib/python3.7/site-packages/paramiko/rsakey.py", line 176, in _from_private_key_file
    self._decode_key(data)
  File "/Users/user1/projects/my_first_venv/lib/python3.7/site-packages/paramiko/rsakey.py", line 188, in _decode_key
    raise SSHException(str(e))
paramiko.ssh_exception.SSHException: Could not deserialize key data.

Here is the command which I used to generate a new SSH key, and what a key looks like when generated.

First I copied my current SSH key and then "transformed" it.

ssh-keygen -p -m PEM -f ~/.ssh/id_rsa_copy

New key:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,E48A0313BF686BDA7EB6B7F26B10BCC0

jeMD8Eh4g5cpq5YkFKMN5EbquJEVwser2NV6QI/ysO7wPs0SVy3HzoRjaOT4Iox+
gOX90VX5pml3v8S7UmYNzvI+sJMIo/pNpG3qai9OkL9/Z0DJRbTOBXY0nJhkvSVl
W41ojZOot/KWlgrHfPkYZ/Q9L4JJbmP/ChEi1SKFhSByjI9oZnmIHPTEinPib8AZ
j7Wd8S5tF6rJtuapVBPEz8NZLDOsTIME9iql3AxURRbMdQz3IfbWMuSP69ZO8ibe
PFnlHC0u6CjYpZ01axegDSw09xDFuywe0tRfCb0eK7NJQxfeLL3IoKz36+74De2Y
QA5jrJ/Yz/HIIWoOYh+M3wXBIBMSQ5I9/K9twEtyJ/zVOLaXEbJlBiWRPcXzbPXf
NwbfUUNc5ylI729FMB+cE3NuPqen3Hw+FlyKAKu2+E8I56THJIjwsZy3xEY4qkdO
pFukD7UiubB11mJUdT2RkNlI8/0zKCfTjzhRD8lEXFtMu/1OSdPdmaNu62XsXMcq
StA+TqnzMFQ+20vde6NgrZagC/jK3yMJgYSTf9uMLhone+SLVXh0AqPNmuvbHPN7
DvGcYTFlNt340of2Pi9myeOPNdZniLZtq7Oz+Z+2hs/3NxciHbO6MbMpK1Uk2pZK
wovw7+nt71IYjWrzfpVbFI2F7Rw+0rTzmIpe56gv1CtlWZ6pXYbnSakyEKXtCTh8
7CJ4ofSChp4vkCtx6wwjZK/1ysLL1i6pY9Y7TMHumKLTjN+iK0oK//h0/EJIUVVn
3HzX/qwYyTLBJrsr/wvWK6AjYRbUjncDC6fyGVSa25tlcgbo7rsTUaEsiBzhxBK/
zolpRjlBiHU4W64niXJShdU9RGANvPe9jiL1dmg58ZpaKRD4mN6qzxfG8TTBxMLS
+VmMgIFwcFVg2PtQgnoaqqcGFUlRlkoZX8rZ7xktg7ghPTRKxoxaeu0WKYrQzowi
hatyNhQbQ6h8zWb0Mt1+EVcatjAPHp8N/wosTX8QkYtyC82/uFXiz3eQr7RBZl4Z
hd2GkGZLvPPgP6dtXwHeqgGabsDCuFAKYhqnvlXeB6TURqgN9z0uBrRf/JzQV3n2
QZkHCoLKxqK86dw5/yjT+gS/kH8QBvvk/qJEh2tLWRrntD2if6KUXWWaFenq3v/U
ZNb3+ZnJKQMm8ujOJ0gzJo+SC2xDNJFOUMJbi7YVZ2JJSOcZ/Tcfbl8/VriKv+wD
kt2Ksv2vtSYXAqmItUnKcZMPVwujmmr+zpO6Nya+v4+nTfb7lgYYlVR/SxipELm4
HCgTFkQ0bQHURz+WikvSP8EvYqc/DpuvBu4m7yTcbKoJk4iozxzG6K3ligo8QT5o
uF2AFcNLOImo4E3sFUAW6FsDxUV+AuOD16XckRUiz+jYIhh6pbXNhfsYLC0bDaSf
3bC5O9IH7vVWzj8FfcuVxRCzHOoMRROrtTa983KV96YHEAzhIzb9GKEAvFkCN6wE
7a2m3MpTszPa+wnFA4CVuXmLsB5jCmzq0CcPE4SKmX03buN9v+oEOTHDUoAyMebg
RPurPnPkZfJT9RH0MNZ2HaavhJ/eXfALveYgSZBdiY6YiseQr5kKZJItKRZWBwR+
-----END RSA PRIVATE KEY-----
Solution

  • If I do exactly the same, it works for me.

    But if I use a wrong passphrase in password=password, I get the same error as you get. So double check that you use the correct passphrase.

    The password argument of from_private_key_file is your private key passphrase, not your account password.

    In general you should not even need any account password, if you use private key, so I'm not sure why you pass password in the connect call – but that's not the immediate issue now.