Paramiko "UnicodeDecodeError" when authenticating with key from Pageant

Question

Experiencing an issue when attempting to connect to a server using Paramiko and SSH agent Pageant. The error indicates that the script is failing during the connection attempt, specifically when Paramiko tries to interact with the SSH agent (Pageant) and processes the key data. The error message suggests that Paramiko is encountering non-UTF-8 byte sequences when it expects UTF-8 encoded data:

"utf-8' codec can't decode byte 0x82 in position 1: invalid start byte"

However, decoding does not fix the problem.

Traceback (most recent call last):
File: “c:../ssh_little.py”, line 11, in module,
    client.connect(hostname=hostname, username=username)
File “c:/..../conda/Lib/site-package/paramiko/agent.py, line 415, in __init__ self.connect(conn)
File “c:/..../conda/Lib/site-package/paramiko/agent.py, line 89, in _connect AgentKey(
File “c:/..../conda/Lib/site-package/paramiko/agent.py, line 443, in __init__ self.name = msg.get_text()
File “c:/..../conda/Lib/site-package/paramiko/message.py, line 184, in get_text return u(self.get_string())
File “c:/..../conda/Lib/site-package/paramiko/util.py, line 333, in u return s.decode(encoding)
UnicodeDecodeError: ‘utf-8’ codec can’t decode byte 0x82 in position1: invalid start byte

Here is the used code:

import paramiko

hostname = 'host.com'
username = 'user'

client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect(hostname=hostname, username=username)

On the other hand, I can connect manually to that server using PuTTY and Pageant with the same key.

Any idea, please? Thanks!

Answer 1

On macOS I can reproduce the same exception (with ssh-agent and ssh-add) with a \x82 char in the private key's comment:

$ ssh-add -l
1024 SHA256:DFZU0tLv5WaWOkqqOrMQSF/hSyYxU+rYnv8sP4OU2P0 foobar (RSA)
$ ssh-add -l | hexdump -C
00000000  31 30 32 34 20 53 48 41  32 35 36 3a 44 46 5a 55  |1024 SHA256:DFZU|
00000010  30 74 4c 76 35 57 61 57  4f 6b 71 71 4f 72 4d 51  |0tLv5WaWOkqqOrMQ|
00000020  53 46 2f 68 53 79 59 78  55 2b 72 59 6e 76 38 73  |SF/hSyYxU+rYnv8s|
00000030  50 34 4f 55 32 50 30 20  66 6f 6f 82 62 61 72 20  |P4OU2P0 foo.bar |
00000040  28 52 53 41 29 0a                                 |(RSA).|
00000046
$ python3 ssh_little.py
Traceback (most recent call last):
  File "/private/tmp/ssh_little.py", line 9, in <module>
    client.connect(hostname=hostname, username=username, port=port)
  File "/usr/local/lib/python3.11/site-packages/paramiko/client.py", line 485, in connect
    self._auth(
  File "/usr/local/lib/python3.11/site-packages/paramiko/client.py", line 745, in _auth
    self._agent = Agent()
                  ^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/paramiko/agent.py", line 415, in __init__
    self._connect(conn)
  File "/usr/local/lib/python3.11/site-packages/paramiko/agent.py", line 92, in _connect
    comment=result.get_text(),
            ^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/paramiko/message.py", line 184, in get_text
    return u(self.get_string())
           ^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/paramiko/util.py", line 333, in u
    return s.decode(encoding)
           ^^^^^^^^^^^^^^^^^^
UnicodeDecodeError: 'utf-8' codec can't decode byte 0x82 in position 3: invalid start byte

In the above hexdump output we can see there's a \x82 between foo and bar.

---

On Windows I have a PuTTY .ppk ^{(I assume your private key is generated by PuTTY since you are using Pageant)} and the content is like:

$ cat rsa.ppk
PuTTY-User-Key-File-2: ssh-rsa
Encryption: aes256-cbc
Comment: putty-keygen-pageant-2020-07-01
... ...
... ...

Here it has a Comment: section. So check your private key file to see if there are non-UTF8 chars.