paramiko

Fails to use pagent on Windows

Bug #736955 reported by Jason R. Coombs
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
paramiko
Confirmed
Medium
Unassigned

Bug Description

Paramiko appears to have support for the Windows PAgent (PuTTY SSH Agent), but when I run a simple script, it gets an error:

import paramiko
client = paramiko.SSHClient()
client.load_system_host_keys()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect(hostname='devjaraco', allow_agent=True)
"""
Traceback (most recent call last):
  File ".\agent-test.py", line 5, in <module>
    client.connect(hostname='devjaraco', allow_agent=True)
  File "c:\python\lib\site-packages\paramiko-1.7.6-py2.7.egg\paramiko\client.py", line 327, in connect
    self._auth(username, password, pkey, key_filenames, allow_agent, look_for_keys)
  File "c:\python\lib\site-packages\paramiko-1.7.6-py2.7.egg\paramiko\client.py", line 435, in _auth
    for key in Agent().get_keys():
  File "c:\python\lib\site-packages\paramiko-1.7.6-py2.7.egg\paramiko\agent.py", line 77, in __init__
    ptype, result = self._send_message(chr(SSH2_AGENTC_REQUEST_IDENTITIES))
  File "c:\python\lib\site-packages\paramiko-1.7.6-py2.7.egg\paramiko\agent.py", line 108, in _send_message
    l = self._read_all(4)
  File "c:\python\lib\site-packages\paramiko-1.7.6-py2.7.egg\paramiko\agent.py", line 116, in _read_all
    raise SSHException('lost ssh-agent')
paramiko.SSHException: lost ssh-agent
"""

Revision history for this message
Jason R. Coombs (jaraco) wrote :

It seems this issue stems from the result from the call to SendMessage in win_pageant:104 or win_pageant:108. The response returned is 0, but _query_pageant fails silently.

Revision history for this message
Jason R. Coombs (jaraco) wrote :

I grabbed the PuTTY source and built it and ran it in debug mode. Turns out that when paramiko calls into the PuTTY agent, it causes an Access Violation at line 1830 of win_pgnt.c:

     cds = (COPYDATASTRUCT *) lParam;
     if (cds->dwData != AGENT_COPYDATA_ID)
  return 0; /* not our message, mate */
     mapname = (char *) cds->lpData;
> if (mapname[cds->cbData - 1] != '\0')
   return 0; /* failure to be ASCIZ! */
#ifdef DEBUG_IPC
     debug(("mapname is :%s:\n", mapname));
#endif

cds->lpData is 0x0.

Revision history for this message
Jason R. Coombs (jaraco) wrote :

Upon further investigation, I found that I did not experience the problem on 32-bit Python. It turns out the problem was with the construction of the COPYDATASTRUCT (cds). The Python code assumes a 32-bit architecture and constructs a byte string based on that structure. On 64-bit, the structure is different.

I've created a patch for the issue in my fork (https://github.com/jaraco/paramiko), butit adds the hard requirement for ctypes. Given that ctypes is part of the standard lib as of Python 2.5 (and available for earlier versions of Python), can paramiko assume ctypes support? If so, I can create a subsequent patch to remove the pywin32 requirement. Otherwise, I can create a pywin32-compatible patch as well.

Revision history for this message
Jason R. Coombs (jaraco) wrote :

This bug persists with 1.7.7.1. I'm going to create a pull request on github.

Revision history for this message
Martin Packman (gz) wrote :

This looks like the reason behind bug 644995 in Bazaar.

Patch by jaraco looks pretty reasonable, but unfortunately it seems upstream isn't responding to pull requests.

Changed in paramiko:
importance: Undecided → Medium
status: New → Confirmed
Revision history for this message
Jason R. Coombs (jaraco) wrote :

Perhaps it's time for someone else to maintain it. I've contacted the maintainer via e-mail to inquire on the status. With any luck, we can move forward with maintenance. If not, we may have to move maintenance to a fork.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.