core: asuswrt cannot connect over ssh
Home Assistant release with the issue: 0.86.0b3
Last working Home Assistant release (if known): 0.85.1
Operating environment (Hass.io/Docker/Windows/etc.): Docker raspberrypi3-homeassistant
Component/platform: https://www.home-assistant.io/components/asuswrt/
Description of problem: the asuswrt component can no longer connect over ssh, instead throwing an error about X25519 not being supported on this version of openssl. This applies to both password and key authentication.
Problem-relevant configuration.yaml entries and (fill out even if it seems unimportant):
asuswrt:
host: 192.168.1.1
protocol: ssh
username: user
ssh_key: asuswrt.key
Traceback (if applicable):
2019-01-23 16:07:24 ERROR (MainThread) [homeassistant.setup] Error during setup of component asuswrt
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/homeassistant/setup.py", line 145, in _async_setup_component
hass, processed_config)
File "/usr/local/lib/python3.6/site-packages/homeassistant/components/asuswrt.py", line 61, in async_setup
await api.connection.async_connect()
File "/usr/local/lib/python3.6/site-packages/aioasuswrt/connection.py", line 66, in async_connect
self._client = await asyncssh.connect(self._host, **kwargs)
File "/usr/local/lib/python3.6/site-packages/asyncssh/misc.py", line 182, in __await__
return (yield from self._coro)
File "/usr/local/lib/python3.6/site-packages/asyncssh/connection.py", line 5454, in connect
conn, _ = yield from create_connection(None, host, port, **kwargs)
File "/usr/local/lib/python3.6/site-packages/asyncssh/connection.py", line 5110, in create_connection
yield from auth_waiter
File "/usr/local/lib/python3.6/site-packages/asyncssh/connection.py", line 627, in data_received
while self._inpbuf and self._recv_handler():
File "/usr/local/lib/python3.6/site-packages/asyncssh/connection.py", line 847, in _recv_packet
processed = handler.process_packet(pkttype, seq, packet)
File "/usr/local/lib/python3.6/site-packages/asyncssh/packet.py", line 215, in process_packet
self._packet_handlers[pkttype](self, pkttype, pktid, packet)
File "/usr/local/lib/python3.6/site-packages/asyncssh/connection.py", line 1414, in _process_kexinit
self._kex = get_kex(self, kex_alg)
File "/usr/local/lib/python3.6/site-packages/asyncssh/kex.py", line 122, in get_kex
return handler(alg, conn, hash_alg, *args)
File "/usr/local/lib/python3.6/site-packages/asyncssh/kex_ecdh.py", line 47, in __init__
self._priv = ecdh_class(*args)
File "/usr/local/lib/python3.6/site-packages/asyncssh/crypto/curve25519.py", line 31, in __init__
self._priv_key = x25519.X25519PrivateKey.generate()
File "/usr/local/lib/python3.6/site-packages/cryptography/hazmat/primitives/asymmetric/x25519.py", line 39, in generate
_Reasons.UNSUPPORTED_EXCHANGE_ALGORITHM
cryptography.exceptions.UnsupportedAlgorithm: X25519 is not supported by this version of OpenSSL.
Additional information:
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Reactions: 12
- Comments: 56 (19 by maintainers)
Is it possible this didn’t make it into the build because the status of this issue is set to “Closed”?
Note that the underlying root cause of this is that HASS.io uses alpine:3.8 which is based on musl libc and not glibc. This means
manylinux1wheels do not work. So whilecryptography==2.3.1is installed and does actually supportX25519, the way HASS.io builds it (against an old alpine version of openssl) means some features get turned off. On Debian and Ubuntu themanylinux1wheel is used, so all the features ofcryptography==2.3.1are present and accounted for.Could someone please test
pip install https://github.com/kennedyshead/aioasuswrt/archive/master.zipand check if that version works in your installation. (for SSH bug)It should be fixed, it is merged so hopefully we can get a 0.86.3 release soon with this included.
I have the same error but do not use homekit. Downgrading helped
Please lock this issue, it is taken cared of in hassio!
Note that the underlying root cause of this is that HASS.io uses alpine:3.8 which is based on musl libc and not glibc. This means manylinux1 wheels do not work. So while cryptography==2.3.1 is installed and does actually support X25519, the way HASS.io builds it (against an old alpine version of openssl) means some features get turned off. On Debian and Ubuntu the manylinux1 wheel is used, so all the features of cryptography==2.3.1 are present and accounted for.
me too,not work in 0.86.3
IMO this bug is so severe that latest HA should not been released with it not fixed, as this was reported on RC. Many people use this as location component. Hope for a Quick fix.