我使用的是 python3.4,一切都按预期运行,直到我安装 Spirent STC(甚至 Avalanche)。这些是流量生成器,有自己的 PYTHONPATH 需要更新。我只是保留了原来的 PYTHONPATH,并在环境导出期间合并了这个。真正困扰我的是,Spirent 开始正常工作,而与任何其他设备的 SSH 连接开始失败。请参阅下面的日志。
2017-01-06T10:18:53: %ROOT-INFO: | Connecting to iLinux |
2017-01-06T10:18:53: %ROOT-INFO: +************************************************************************************************************+
2017-01-06T10:18:53: %ROOT-INFO:
2017-01-06T10:18:53: %PARAMIKO-DEBUG: starting thread (client mode): 0xf47751ec
2017-01-06T10:18:53: %PARAMIKO-DEBUG: Local version/idstring: SSH-2.0-paramiko_2.0.2
2017-01-06T10:18:53: %PARAMIKO-DEBUG: Remote version/idstring: SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u2
2017-01-06T10:18:53: %PARAMIKO-INFO: Connected (version 2.0, client OpenSSH_6.7p1)
2017-01-06T10:18:53: %PARAMIKO-DEBUG: kex algos:['[email protected]', 'ecdh-sha2-nistp256', 'ecdh-sha2-nistp384', 'ecdh-sha2-nistp521', 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group14-sha1'] server key:['ssh-rsa', 'ssh-dss', 'ecdsa-sha2-nistp256', 'ssh-ed25519'] client encrypt:['aes128-ctr', 'aes192-ctr', 'aes256-ctr', '[email protected]', '[email protected]', '[email protected]'] server encrypt:['aes128-ctr', 'aes192-ctr', 'aes256-ctr', '[email protected]', '[email protected]', '[email protected]'] client mac:['[email protected]', '[email protected]', '[email protected]', '[email protected]', '[email protected]', '[email protected]', '[email protected]', 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-sha1'] server mac:['[email protected]', '[email protected]', '[email protected]', '[email protected]', '[email protected]', '[email protected]', '[email protected]', 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-sha1'] client compress:['none', '[email protected]'] server compress:['none', '[email protected]'] client lang:[''] server lang:[''] kex follows?False
2017-01-06T10:18:53: %PARAMIKO-DEBUG: Kex agreed: diffie-hellman-group14-sha1
2017-01-06T10:18:53: %PARAMIKO-DEBUG: Cipher agreed: aes128-ctr
2017-01-06T10:18:53: %PARAMIKO-DEBUG: MAC agreed: hmac-sha2-256
2017-01-06T10:18:53: %PARAMIKO-DEBUG: Compression agreed: none
2017-01-06T10:18:54: %PARAMIKO-ERROR: Unknown exception: /ws/pusnaik-bgl/ssp_pyAts/lib/python3.4/site-packages/cryptography/hazmat/bindings/_openssl.cpython-34m.so: symbol SSL_SESSION_set1_id_context, version libssl.so.10 not defined in file libssl.so.10 with link time reference
2017-01-06T10:18:54: %PARAMIKO-ERROR: Traceback (most recent call last):
2017-01-06T10:18:54: %PARAMIKO-ERROR: File "/ws/pusnaik-bgl/ssp_pyAts/lib/python3.4/site-packages/paramiko/transport.py", line 1774, in run
2017-01-06T10:18:54: %PARAMIKO-ERROR: self.kex_engine.parse_next(ptype, m)
2017-01-06T10:18:54: %PARAMIKO-ERROR: File "/ws/pusnaik-bgl/ssp_pyAts/lib/python3.4/site-packages/paramiko/kex_group1.py", line 75, in parse_next
2017-01-06T10:18:54: %PARAMIKO-ERROR: return self._parse_kexdh_reply(m)
2017-01-06T10:18:54: %PARAMIKO-ERROR: File "/ws/pusnaik-bgl/ssp_pyAts/lib/python3.4/site-packages/paramiko/kex_group1.py", line 111, in _parse_kexdh_reply
2017-01-06T10:18:54: %PARAMIKO-ERROR: self.transport._verify_key(host_key, sig)
2017-01-06T10:18:54: %PARAMIKO-ERROR: File "/ws/pusnaik-bgl/ssp_pyAts/lib/python3.4/site-packages/paramiko/transport.py", line 1619, in _verify_key
2017-01-06T10:18:54: %PARAMIKO-ERROR: key = self._key_info[self.host_key_type](Message(host_key))
2017-01-06T10:18:54: %PARAMIKO-ERROR: File "/ws/pusnaik-bgl/ssp_pyAts/lib/python3.4/site-packages/paramiko/rsakey.py", line 58, in __init__
2017-01-06T10:18:54: %PARAMIKO-ERROR: ).public_key(default_backend())
2017-01-06T10:18:54: %PARAMIKO-ERROR: File "/ws/pusnaik-bgl/ssp_pyAts/lib/python3.4/site-packages/cryptography/hazmat/backends/__init__.py", line 41, in default_backend
2017-01-06T10:18:54: %PARAMIKO-ERROR: _default_backend = MultiBackend(_available_backends())
2017-01-06T10:18:54: %PARAMIKO-ERROR: File "/ws/pusnaik-bgl/ssp_pyAts/lib/python3.4/site-packages/cryptography/hazmat/backends/__init__.py", line 28, in _available_backends
2017-01-06T10:18:54: %PARAMIKO-ERROR: "cryptography.backends"
2017-01-06T10:18:54: %PARAMIKO-ERROR: File "/ws/pusnaik-bgl/ssp_pyAts/lib/python3.4/site-packages/cryptography/hazmat/backends/__init__.py", line 27, in <listcomp>
2017-01-06T10:18:54: %PARAMIKO-ERROR: for ep in pkg_resources.iter_entry_points(
2017-01-06T10:18:54: %PARAMIKO-ERROR: File "/ws/pusnaik-bgl/ssp_pyAts/lib/python3.4/site-packages/pkg_resources/__init__.py", line 2235, in resolve
2017-01-06T10:18:54: %PARAMIKO-ERROR: module = __import__(self.module_name, fromlist=['__name__'], level=0)
2017-01-06T10:18:54: %PARAMIKO-ERROR: File "/ws/pusnaik-bgl/ssp_pyAts/lib/python3.4/site-packages/cryptography/hazmat/backends/openssl/__init__.py", line 7, in <module>
2017-01-06T10:18:54: %PARAMIKO-ERROR: from cryptography.hazmat.backends.openssl.backend import backend
2017-01-06T10:18:54: %PARAMIKO-ERROR: File "/ws/pusnaik-bgl/ssp_pyAts/lib/python3.4/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 46, in <module>
2017-01-06T10:18:54: %PARAMIKO-ERROR: from cryptography.hazmat.bindings._openssl import ffi as _ffi
2017-01-06T10:18:54: %PARAMIKO-ERROR: ImportError: /ws/pusnaik-bgl/ssp_pyAts/lib/python3.4/site-packages/cryptography/hazmat/bindings/_openssl.cpython-34m.so: symbol SSL_SESSION_set1_id_context, version libssl.so.10 not defined in file libssl.so.10 with link time reference
我正在使用 CentOS 版本 6.8(最终版) uname -a 1-photon SMP Fri Apr 22 22:28:32 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
(ssp_pyAts) [pusnaik@pusnaik-40042-prod STC_Scripts]$ rpm -qa | grep openssl
openssl-1.0.1e-48.el6_8.3.x86_64
openssl-devel-1.0.1e-48.el6_8.3.i686
openssl-devel-1.0.1e-48.el6_8.3.x86_64
openssl-1.0.1e-48.el6_8.3.i686
我也注意到了这一点:
1) 建议使用 openssl 而不是 openssl10(我的系统中已经安装了)。 2) 完全更新 openssl 和 openssl-devil(我已经更新了) 3) 编辑 etc/yum.repos.d/ius-archive.repo 以启用 ius 存档,但我们在上述路径中没有 ius 存档引用。 4) yum install yum-plugin-replace(工作区) [root@pusnaik-40042-prod ~]# yum replace openssl --replace-with openssl10 已加载插件:fastestmirror、ovl、refresh-packagekit 用法:yum [options] 命令
我可以知道我是否真的遗漏了什么吗?当我设置 Spirent 路径时,所有这些都开始发生。
答案1
openssl10 比普通的 openssl 更老,使用它几乎没有任何好处。它不再维护(因此被保存在 IUS 档案中),并且有多个已知漏洞,包括 heartbleed。
看来您尝试使用的应用程序是针对较新的原装 openssl 构建的,它具有已弃用的 openssl10 所不具备的附加功能。切换回原装 openssl 应该可以解决您的问题。