Hook up ECDSA to hostkeys

More sophisticated key negotiation is still necessary in the case where we have an ECDSA key for the server and it offers us both RSA and ECDSA. In this case, we will pick RSA and fail because we don't have it. Instead, we should pick ECDSA. Still, this works if you tell your server to only offer ECDSA keys :)
2013-03-25 11:40:46 -04:00 · 2013-03-25 11:40:46 -04:00 · ebdbfae5b1
parent 632129c427
commit ebdbfae5b1
2 changed files with 7 additions and 1 deletions
--- a/paramiko/hostkeys.py
+++ b/paramiko/hostkeys.py
@ -28,6 +28,7 @@ import UserDict
 from paramiko.common import *
 from paramiko.dsskey import DSSKey
 from paramiko.rsakey import RSAKey
+from paramiko.ecdsakey import ECDSAKey


 class InvalidHostKey(Exception):
@ -77,8 +78,11 @@ class HostKeyEntry:
                key = RSAKey(data=base64.decodestring(key))
            elif keytype == 'ssh-dss':
                key = DSSKey(data=base64.decodestring(key))
+            elif keytype == 'ecdsa-sha2-nistp256':
+                key = ECDSAKey(data=base64.decodestring(key))
            else:
                return None
+
        except binascii.Error, e:
            raise InvalidHostKey(line, e)

--- a/paramiko/transport.py
+++ b/paramiko/transport.py
@ -42,6 +42,7 @@ from paramiko.message import Message
 from paramiko.packet import Packetizer, NeedRekeyException
 from paramiko.primes import ModulusPack
 from paramiko.rsakey import RSAKey
+from paramiko.ecdsakey import ECDSAKey
 from paramiko.server import ServerInterface
 from paramiko.sftp_client import SFTPClient
 from paramiko.ssh_exception import (SSHException, BadAuthenticationType,
@ -202,7 +203,7 @@ class Transport (threading.Thread):
    _preferred_ciphers = ( 'aes128-ctr', 'aes256-ctr', 'aes128-cbc', 'blowfish-cbc', 'aes256-cbc', '3des-cbc',
        'arcfour128', 'arcfour256' )
    _preferred_macs = ( 'hmac-sha1', 'hmac-md5', 'hmac-sha1-96', 'hmac-md5-96' )
-    _preferred_keys = ( 'ssh-rsa', 'ssh-dss' )
+    _preferred_keys = ( 'ssh-rsa', 'ssh-dss', 'ecdsa-sha2-nistp256' )
    _preferred_kex = ( 'diffie-hellman-group1-sha1', 'diffie-hellman-group-exchange-sha1' )
    _preferred_compression = ( 'none', )

@ -227,6 +228,7 @@ class Transport (threading.Thread):
    _key_info = {
        'ssh-rsa': RSAKey,
        'ssh-dss': DSSKey,
+        'ecdsa-sha2-nistp256': ECDSAKey,
        }

    _kex_info = {