Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docker failing with error - Invalid private key #163

Open
ansiblejunky opened this issue May 24, 2021 · 1 comment
Open

Docker failing with error - Invalid private key #163

ansiblejunky opened this issue May 24, 2021 · 1 comment

Comments

@ansiblejunky
Copy link

Running the suggested docker command docker run -P -d internap/fake-switches results in failure. Using latest version/code/branch.

/usr/local/lib/python2.7/site-packages/twisted/conch/ssh/transport.py:22: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in the next release.
  from cryptography.exceptions import UnsupportedAlgorithm
Traceback (most recent call last):
  File "/usr/local/bin/fake-switches", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/python2.7/site-packages/fake_switches/cmd/main.py", line 39, in main
    ssh_service.hook_to_reactor(reactor)
  File "/usr/local/lib/python2.7/site-packages/fake_switches/transports/ssh_service.py", line 121, in hook_to_reactor
    b'ssh-rsa': keys.Key.fromString(data=host_private_key.encode())}
  File "/usr/local/lib/python2.7/site-packages/twisted/conch/ssh/keys.py", line 199, in fromString
    return method(data, passphrase)
  File "/usr/local/lib/python2.7/site-packages/twisted/conch/ssh/keys.py", line 450, in _fromString_PRIVATE_OPENSSH
    ).private_key(default_backend())
  File "/usr/local/lib/python2.7/site-packages/cryptography/hazmat/primitives/asymmetric/rsa.py", line 317, in private_key
    return backend.load_rsa_private_numbers(self)
  File "/usr/local/lib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 629, in load_rsa_private_numbers
    return _RSAPrivateKey(self, rsa_cdata, evp_pkey)
  File "/usr/local/lib/python2.7/site-packages/cryptography/hazmat/backends/openssl/rsa.py", line 361, in __init__
    raise ValueError("Invalid private key", errors)
ValueError: ('Invalid private key', [_OpenSSLErrorWithText(code=67764348L, lib=4, func=160, reason=124, reason_text='error:040A007C:rsa routines:RSA_check_key_ex:dmp1 not congruent to d'), _OpenSSLErrorWithText(code=67764349L, lib=4, func=160, reason=125, reason_text='error:040A007D:rsa routines:RSA_check_key_ex:dmq1 not congruent to d'), _OpenSSLErrorWithText(code=67764350L, lib=4, func=160, reason=126, reason_text='error:040A007E:rsa routines:RSA_check_key_ex:iqmp not inverse of q')])
@ansiblejunky
Copy link
Author

Modifying the Dockerfile to force installation of a higher version of cryptography fixes the problem. This is a minimal fix, but ultimately the whole repo needs to be updated to use python3 instead and adjust the Dockerfile appropriately. I tested with docker base image python:3.8-alpha and some adjustments to the requirements.txt and ran the pip-compile command to regenerate the constraints.txt. The docker image built fine, but running the fake-switches got a prompt but when I tried enable command it asked for admin password and even though I provided it, it did not accept it. So something in the code needs further fixes.

For now, here's the Dockerfile change you need. Add the cryptography requirement to the file, right above the pip install command that exists.

RUN pip install cryptography==3.0
RUN pip install --no-cache-dir -r requirements.txt

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ansiblejunky