diff --git a/paramiko/pkey.py b/paramiko/pkey.py
index d2377c53a0dcf2e29a4c682d689ed149304fe40b_cGFyYW1pa28vcGtleS5weQ==..c39cd6de5d760c4d4814ea732ce4683635fccaa0_cGFyYW1pa28vcGtleS5weQ== 100644
--- a/paramiko/pkey.py
+++ b/paramiko/pkey.py
@@ -324,6 +324,8 @@
def _read_private_key(self, tag, f, password=None):
lines = f.readlines()
+ if not lines:
+ raise SSHException("no lines in {} private key file".format(tag))
# find the BEGIN tag
start = 0
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index d2377c53a0dcf2e29a4c682d689ed149304fe40b_c2l0ZXMvd3d3L2NoYW5nZWxvZy5yc3Q=..c39cd6de5d760c4d4814ea732ce4683635fccaa0_c2l0ZXMvd3d3L2NoYW5nZWxvZy5yc3Q= 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -2,6 +2,10 @@
Changelog
=========
+- bug:`1637` (via :issue:`1599`) Raise `SSHException` explicitly when blank
+ private key data is loaded, instead of the natural result of ``IndexError``.
+ This should help more bits of Paramiko or Paramiko-adjacent codebases to
+ correctly handle this class of error. Credit: Nicholas Dietz.
- :release:`2.11.0 <2022-05-16>`
- :release:`2.10.5 <2022-05-16>`
- :release:`2.9.5 <2022-05-16>`
diff --git a/tests/blank_rsa.key b/tests/blank_rsa.key
new file mode 100644
diff --git a/tests/test_pkey.py b/tests/test_pkey.py
index d2377c53a0dcf2e29a4c682d689ed149304fe40b_dGVzdHMvdGVzdF9wa2V5LnB5..c39cd6de5d760c4d4814ea732ce4683635fccaa0_dGVzdHMvdGVzdF9wa2V5LnB5 100644
--- a/tests/test_pkey.py
+++ b/tests/test_pkey.py
@@ -186,6 +186,11 @@
with pytest.raises(SSHException, match=str(exception)):
RSAKey.from_private_key_file(_support("test_rsa.key"))
+ def test_loading_empty_keys_errors_usefully(self):
+ # #1599 - raise SSHException instead of IndexError
+ with pytest.raises(SSHException, match="no lines"):
+ RSAKey.from_private_key_file(_support("blank_rsa.key"))
+
def test_load_rsa_password(self):
key = RSAKey.from_private_key_file(
_support("test_rsa_password.key"), "television"