[Twisted-Python] conch bytes/str traceback when /etc/ssh/moduli is not present
Aloha
should the case of a missing moduli file be handled more gracefully than
with a traceback or is this a bug?
I was running into this problem when installing on different OSs with
OSX and FreeBSD not having an /etc/ssh/moduli file by default.
Mahalo, Werner
2021-03-04T15:04:51+0100 [builtins.ConchSSHFactory#info] disabling
non-fixed-group key exchange algorithms because we cannot find moduli file
2021-03-04T15:04:51+0100 [builtins.ConchSSHFactory] Unhandled Error
Traceback (most recent call last):
File
"/Users/anon/.pyenv/versions/3.7.10/lib/python3.7/site-packages/twisted/python/log.py",
line 85, in callWithContext
return context.call({ILogContext: newCtx}, func, *args, **kw)
File
"/Users/anon/.pyenv/versions/3.7.10/lib/python3.7/site-packages/twisted/python/context.py",
line 118, in callWithContext
return self.currentContext().callWithContext(ctx, func, *args,
**kw)
File
"/Users/anon/.pyenv/versions/3.7.10/lib/python3.7/site-packages/twisted/python/context.py",
line 83, in callWithContext
return func(*args, **kw)
File
"/Users/anon/.pyenv/versions/3.7.10/lib/python3.7/site-packages/twisted/internet/selectreactor.py",
line 149, in _doReadOrWrite
why = getattr(selectable, method)()
--- ---
File
"/Users/anon/.pyenv/versions/3.7.10/lib/python3.7/site-packages/twisted/internet/tcp.py",
line 1403, in doRead
protocol.makeConnection(transport)
File
"/Users/anon/.pyenv/versions/3.7.10/lib/python3.7/site-packages/twisted/internet/protocol.py",
line 508, in makeConnection
self.connectionMade()
File
"/Users/anon/.pyenv/versions/3.7.10/lib/python3.7/site-packages/twisted/conch/ssh/transport.py",
line 512, in connectionMade
self.sendKexInit()
File
"/Users/anon/.pyenv/versions/3.7.10/lib/python3.7/site-packages/twisted/conch/ssh/transport.py",
line 535, in sendKexInit
NS(b",".join(self.supportedPublicKeys)),
builtins.TypeError: sequence item 0: expected a bytes-like object,
str found
2021-03-04T15:04:51+0100
[twisted.conch.ssh.transport.SSHServerTransport#info] Disconnecting with
error, code 3
reason: b"couldn't match all kex parts"
2021-03-04T15:04:51+0100
[twisted.conch.ssh.transport.SSHServerTransport#info] connection lost
___
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
Re: [Twisted-Python] conch bytes/str traceback when /etc/ssh/moduli is not present
Even if we want a traceback, a TypeError on str/bytes seems like the wrong kind
to have. Please file a bug (and open a PR, if you can :-)).
-g
> On Mar 4, 2021, at 10:24 AM, Werner Thie wrote:
>
> Aloha
>
> should the case of a missing moduli file be handled more gracefully than
> with a traceback or is this a bug?
>
> I was running into this problem when installing on different OSs with
> OSX and FreeBSD not having an /etc/ssh/moduli file by default.
>
> Mahalo, Werner
>
> 2021-03-04T15:04:51+0100 [builtins.ConchSSHFactory#info] disabling
> non-fixed-group key exchange algorithms because we cannot find moduli file
> 2021-03-04T15:04:51+0100 [builtins.ConchSSHFactory] Unhandled Error
> Traceback (most recent call last):
> File
> "/Users/anon/.pyenv/versions/3.7.10/lib/python3.7/site-packages/twisted/python/log.py",
> line 85, in callWithContext
> return context.call({ILogContext: newCtx}, func, *args, **kw)
> File
> "/Users/anon/.pyenv/versions/3.7.10/lib/python3.7/site-packages/twisted/python/context.py",
> line 118, in callWithContext
> return self.currentContext().callWithContext(ctx, func, *args,
> **kw)
> File
> "/Users/anon/.pyenv/versions/3.7.10/lib/python3.7/site-packages/twisted/python/context.py",
> line 83, in callWithContext
> return func(*args, **kw)
> File
> "/Users/anon/.pyenv/versions/3.7.10/lib/python3.7/site-packages/twisted/internet/selectreactor.py",
> line 149, in _doReadOrWrite
> why = getattr(selectable, method)()
> --- ---
> File
> "/Users/anon/.pyenv/versions/3.7.10/lib/python3.7/site-packages/twisted/internet/tcp.py",
> line 1403, in doRead
> protocol.makeConnection(transport)
> File
> "/Users/anon/.pyenv/versions/3.7.10/lib/python3.7/site-packages/twisted/internet/protocol.py",
> line 508, in makeConnection
> self.connectionMade()
> File
> "/Users/anon/.pyenv/versions/3.7.10/lib/python3.7/site-packages/twisted/conch/ssh/transport.py",
> line 512, in connectionMade
> self.sendKexInit()
> File
> "/Users/anon/.pyenv/versions/3.7.10/lib/python3.7/site-packages/twisted/conch/ssh/transport.py",
> line 535, in sendKexInit
> NS(b",".join(self.supportedPublicKeys)),
> builtins.TypeError: sequence item 0: expected a bytes-like object,
> str found
>
> 2021-03-04T15:04:51+0100
> [twisted.conch.ssh.transport.SSHServerTransport#info] Disconnecting with
> error, code 3
> reason: b"couldn't match all kex parts"
> 2021-03-04T15:04:51+0100
> [twisted.conch.ssh.transport.SSHServerTransport#info] connection lost
>
> ___
> Twisted-Python mailing list
> Twisted-Python@twistedmatrix.com
> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
___
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
Re: [Twisted-Python] conch bytes/str traceback when /etc/ssh/moduli is not present
On 3/4/21 08:51, Glyph wrote: > Even if we want a traceback, a TypeError on str/bytes seems like the wrong > kind to have. Please file a bug (and open a PR, if you can :-)). > > -g Investigating I would say that with all the possibilities to configure for the moduli file to be found it is my fault to not have configured it properly for all the platforms I wanted to deploy to. On the other hand the basic assumption that moduli lives on BSDs in the /usr/local/etc/ssh directory seems now to become outdated, so the only change would be changing the default search location for the moduli file which again seems not to be warranted. Mahalo, Werner ___ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
Re: [Twisted-Python] conch bytes/str traceback when /etc/ssh/moduli is not present
> On Mar 4, 2021, at 3:02 PM, Werner Thie wrote: > > On 3/4/21 08:51, Glyph wrote: > >> Even if we want a traceback, a TypeError on str/bytes seems like the wrong >> kind to have. Please file a bug (and open a PR, if you can :-)). >> >> -g > > Investigating I would say that with all the possibilities to configure > for the moduli file to be found it is my fault to not have configured it > properly for all the platforms I wanted to deploy to. On the other hand > the basic assumption that moduli lives on BSDs in the /usr/local/etc/ssh > directory seems now to become outdated, so the only change would be > changing the default search location for the moduli file which again > seems not to be warranted. > > Mahalo, Werner There are a bunch of tickets you could file here: Fixing the search path to comport with modern standards Automatically generating a new one in a writable location if none exists Better handle the case where it really truly doesn't exist and can't be generated (read-only filesystem or no readily discoverable, secure read/write locations) and in fact probably all of these are valid :) -g ___ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
Re: [Twisted-Python] Klein?
Thanks! The trick will be figuring out how to handle Python exception
vs werkzeug exception, and the branched, error handling routes etc.
Currently this is the sort of data structure I'm posting to Data Dog. But I
can make it a pluggable observer-type idiom so anything can receive these
metrics.
tags=[
"path:{}.{}.{}".format(module, className, method),
"blocking:{}".format(isBlocking),
"module:{}".format(module),
"class:{}".format(className),
"method:{}".format(method),
"status_code:{}".format(request_code),
"status_code_class:{}xx".format(status_code_class),
]
metrics.timing("my.rest.endpoint", elapsed, tags=tags)
I don't have it quite right yet. It's hard to get the status code, deal
with unhandled exceptions, etc. But I'll post questions here when I'm
closer.
On Wed, Mar 3, 2021 at 11:13 PM Glyph wrote:
>
>
> On Mar 1, 2021, at 12:51 PM, Robert DiFalco
> wrote:
>
> Is this the right place to ask klein questions?
>
>
> Absolutely, it's a Twisted org project.
>
> I'm writing a metrics plugin for Klein and I can't figure out how to
> inject a metrics handler so that I can get route, path, duration, and
> status code. What I'm doing now sucks because Klein and twisted interact in
> complex ways on Failure and status codes.
>
> # Replace the klein _call with the metrics generating call
> _app._call = _callWithMetrics
>
> Rather than replace _call with my version of _call I was hoping there was
> a cleaner way to get the start and stop with the result code of a route
> invocation. Thoughts?
>
>
> It sounds like you should contribute a patch that makes this an
> explicitly-supported pluggable entrypoint, rather than relying on a hack.
> No need to figure out a way to make it work with existing versions, the
> magic of open source is that you can change it :).
>
> Feel free to ping here when it's done to remind folks to do a review.
>
> -g
> ___
> Twisted-Python mailing list
> Twisted-Python@twistedmatrix.com
> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
>
___
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
Re: [Twisted-Python] Klein?
> On Mar 4, 2021, at 9:01 PM, Robert DiFalco wrote:
>
> Thanks! The trick will be figuring out how to handle Python exception vs
> werkzeug exception, and the branched, error handling routes etc. Currently
> this is the sort of data structure I'm posting to Data Dog. But I can make it
> a pluggable observer-type idiom so anything can receive these metrics.
>
> tags=[
> "path:{}.{}.{}".format(module, className, method),
> "blocking:{}".format(isBlocking),
> "module:{}".format(module),
> "class:{}".format(className),
> "method:{}".format(method),
> "status_code:{}".format(request_code),
> "status_code_class:{}xx".format(status_code_class),
> ]
> metrics.timing("my.rest.endpoint", elapsed, tags=tags)
> I don't have it quite right yet. It's hard to get the status code, deal with
> unhandled exceptions, etc. But I'll post questions here when I'm closer.
>
Nifty. Thanks for working on this. I look forward to your PR!
-g___
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
