Paramiko and 'not a valid RSA private key'

I had a requirement to check whether one of my Data Center server is having a ssh access and if so what is the 'uptime' of the machine. Now we have a lot of these machines and this job was coming up every other in my day to day job so I figured maybe I should integrate this in my existing 'Mothership sanity check script' written in python. So every time I am troubleshooting what is wrong with this server I can just run this and get a proper report of the ssh and uptime of server ( and info that I may need in future ) in my automated checks ... And since I was using python to do a lot of automatic checks for me, I figured I could use 'Paramiko' (A native Python SSHv2 protocol library.) for this. I had worked with Paramiko before so I thought it'd be easy.

Well, I had hard time while making it work this time. It looked so simple. But the trouble was when I used my ssh private key (Generated with ssh-keygen -t rsa) with Paramiko  I was told I was having an 'Invalid RSA key'.

Here is simple sample code:

#!/usr/bin/python3

import sys
import os
import paramiko

### Declatre the 
host_ip='10.32.10.100'
host_port=22
username='nos'
### KeyFile path
pkey_path="/Users/hardikkumar.db/.ssh/id_rsa"

### creating RSAKey object
key=paramiko.RSAKey.from_private_key_file(pkey_path)

### Create ssh client
ssh=paramiko.SSHClient()
### Automatically add the host to varified host file
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
### Make a connection
ssh.connect(hostname=host_ip, username=username, pkey=key)
### Run commands
stdin, stdout, stderr=ssh.exec_command('ls -al')
### Print the stdout
print(stdout.read())
### Close the client
ssh.close()

If you run this you'll get an error similar to this:

SSHException: not a valid RSA private key file

The issue is also discussed here ...

I couldn't generate new ssh keys again 'cause all the servers were already configured to use this key. And giving up is not an option ;)

So after two hours of troubleshooting and googling I found a solution:

puttygen !!!

In their own words puttygen is :

PuTTYgen is a tool used for generating public and private SSH keys which are its fundamental function. Though it collects keys in its own file format i.e. .ppk files, keys can also be transformed to any other file format quickly. It is available for the various operating system, i.e. Windows, Linux, Mac, etc. PuTTYgen.exe is the graphical tool on Windows OS. While on the other side, Linux OS has the only command-line version.

Installing it was easy. Brew did it for me in mac. And installing in linux is pretty straight forward too.

How I used puttygen to convert my key to 'private-openssh' key type:

puttygen id_rsa -O private-openssh -o new.key

-O flag tells puttygen which format to convert the key to.
-o flag specifies the output file. So the new key will be called 'new.key'

Now using the newly created key we can use the same code given above successfully. Here is the test with our freshly converted 'new.key' ...

pkey_path="/Users/hardikkumar.db/.ssh/new.key"

And you get the Output:

b' 14:08:09 up  3:52,  0 users,  load average: 0.01, 0.04, 0.05\n'

If you want to explore more about 'Paramiko', you can google it or read some of my introductory posts about paramiko (If they are not there than they are on their way). Its an awesome module to work with. SSH is already powerful and this makes it even more useful on very complex systems where automation is the requirement of the hour.

That is it.

Cheers !!!

Comments: