0

I am attempting to set up a generic method in Robot Framework using SSHLibrary that will let me specify an IP on my network and then execute an arbitrary command using the Execute Command keyword. I want to do this using my ssh keys, as I am avoiding exposing network passwords for security reasons. I've run into the problem that the keys simply do not seem to work, and I feel like I'm missing something. Here's a snippet of the code that matters:

Execute Command over SSH
    [Arguments]    ${host}    ${username}    ${command}

    Enable Ssh Logging    sshlog.txt
    Open Connection    ${host}
    Login With Public Key    username=${username}    keyfile=%{HOME}/.ssh/id_rsa

As it stands now, execution fails at Login With Public Key with this failure message: Login with public key failed for user 'user'. I've investigated several avenues for an answer but all have turned up short. What I've considered thus far:

  • SSH to the server in question is functional. I have executed this same code using the Login keyword in place of this existing one (the one requiring username and password). The result was a successful login to the expected ip with the expected user.
  • My keys should be the correct format. I have seen several articles and Stack Overflow threads (in particular, this one) that ran into issues with Paramiko key format. However, the issues all seemed to be resolved by ensuring the keys used were in an RSA format and executing ssh-keygen to that end. Upon inspection, I can confirm that my ssh key is in an RSA format as it begins with this line: -----BEGIN RSA PRIVATE KEY-----. I will, however, note that the key does not have a file extension while its pair has the extension .pub, if that means anything.
  • I have tried generating fresh ssh keys in case the one I had had some issue with it. I am confident that I regenerated the keys correctly because I had to perform a new ssh-copy-id to each of the devices on the network for which I use passwordless ssh.
  • I have verified that the user executing Robot Framework is indeed my own, and thus should be expected to use my ssh setup and credentials.
  • I attempted to use the keyword’s look_for_keys parameter to discover my ssh key just in case my filepath was wrong somehow.
  • I separately verified that the filepath to the keyfile was accurate and that look_for_keys discovered the key.
  • The destination server has the public key for the user in question based on a manual check of the user's .ssh/id_rsa.pub file
  • I have not attempted to involve the ssh agent in my attempts to solve this, mainly because it does not start as active when I log into the testing system from my remote desktop. (That's another thing: This is all being executed from a remote server that I am logging into from elsewhere.)
  • I have double-checked the versions of the libraries on the device executing the tests. I am running on a CentOS OS and I have openssh v7.4, python v3.7.3, paramiko v2.6.0, robotframework v5.0, scp v 0.13.2, and sshlibrary v3.8. I believe these libraries are sufficiently updated to be able to execute SSHLibrary as expected.
  • As a last-ditch effort, I tried referencing the config file I use for my ssh aliases using the read_config parameter. It gave the same result, although I'm surprised the connect statement was able to work and I'm curious as to why. [obligatory "my code works and I don't know why" joke]

The following is the output sent to sshlog.txt. The results are consistent across different attempts at execution. The output presented is at the INFO level. If truly necessary, I can modify to include debug info upon request:

# all lines are prepended with [LogLv] [datetime] [thread#] paramiko.transport:
Connected (version 2.0, client OpenSSH_8.0)
Authentication (publickey) failed.
Authentication (password) failed.
Unknown exception: 'NoneType' object has no attribute 'public_blob'
Traceback (most recent call last):
   File "/home/user/venv/lib/python3.7/site-packages/paramiko/transport.py", line 2109, in run
     handler(self.auth_handler, m)
   File "/home/user/venv/lib/python3.7/site-packages/paramiko/auth_handler.py", line 289, in _parse_service_accept
     if self.private_key.public_blob:
AttributeError: 'NoneType' object has no attribute 'public_blob'

I suppose, at the end of the day, my ultimate question is: how am I intended to set up my ssh keys and the network to support the use of ssh keys in Robot Framework? If there’s something I’m not understanding here, an explanation or a resource would be greatly appreciated as my research has not yielded much of use and, as you can imagine, I’ve exhausted any of the paths to a solution that I can imagine.

remington howell
  • 148
  • 1
  • 2
  • 13
  • 1
    did you try using ssh directly in the shell with the given private key and user combo ? you mentioned 7.2 sshd - it is rather old and it might not support the generated key if you have done it with newer ssh since, rsa sha1 signature was deprecated .. – rasjani Oct 14 '22 at 09:37
  • and 99% the time, if the machine you are connnecting *TO* doesnt have right permissions of ~/.ssh/authorized_keys -key based auth does not work. – rasjani Oct 14 '22 at 09:38
  • And one question: did you create the key with or without passphrase ? – rasjani Oct 14 '22 at 09:39
  • Yes, I have been able to log into the server in the terminal using ssh with the key and user combo. I am also fairly confident that the target system has the keys, though I am not sure how to check if key-based authorization would work in this context. What command can I use to check? The key was created without a passphrase. – remington howell Oct 14 '22 at 14:53

1 Answers1

0

I had the same problem and changed my private key file format to PEM and it fixed.

a PEM key file starts with

—–BEGIN RSA PRIVATE KEY—–

And a RFC4716 starts with:

—–BEGIN OPENSSH PRIVATE KEY—–

so I run :~/.ssh$ ssh-keygen -p -f id_rsa -m PEM, then could connect via RSA key.

Iman Darabi
  • 11
  • 3