From ebdbfae5b1fd069f53c13b830fcf737b279977b7 Mon Sep 17 00:00:00 2001
From: Ethan Glasser-Camp <ethan@betacantrips.com>
Date: Mon, 25 Mar 2013 11:40:46 -0400
Subject: [PATCH] Hook up ECDSA to hostkeys

More sophisticated key negotiation is still necessary in the case
where we have an ECDSA key for the server and it offers us both RSA
and ECDSA. In this case, we will pick RSA and fail because we don't
have it. Instead, we should pick ECDSA. Still, this works if you tell
your server to only offer ECDSA keys :)
---
 paramiko/hostkeys.py  | 4 ++++
 paramiko/transport.py | 4 +++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/paramiko/hostkeys.py b/paramiko/hostkeys.py
index e739312..edc9300 100644
--- a/paramiko/hostkeys.py
+++ b/paramiko/hostkeys.py
@@ -28,6 +28,7 @@ import UserDict
 from paramiko.common import *
 from paramiko.dsskey import DSSKey
 from paramiko.rsakey import RSAKey
+from paramiko.ecdsakey import ECDSAKey
 
 
 class InvalidHostKey(Exception):
@@ -77,8 +78,11 @@ class HostKeyEntry:
                 key = RSAKey(data=base64.decodestring(key))
             elif keytype == 'ssh-dss':
                 key = DSSKey(data=base64.decodestring(key))
+            elif keytype == 'ecdsa-sha2-nistp256':
+                key = ECDSAKey(data=base64.decodestring(key))
             else:
                 return None
+
         except binascii.Error, e:
             raise InvalidHostKey(line, e)
 
diff --git a/paramiko/transport.py b/paramiko/transport.py
index fd6dab7..aca51a9 100644
--- a/paramiko/transport.py
+++ b/paramiko/transport.py
@@ -42,6 +42,7 @@ from paramiko.message import Message
 from paramiko.packet import Packetizer, NeedRekeyException
 from paramiko.primes import ModulusPack
 from paramiko.rsakey import RSAKey
+from paramiko.ecdsakey import ECDSAKey
 from paramiko.server import ServerInterface
 from paramiko.sftp_client import SFTPClient
 from paramiko.ssh_exception import (SSHException, BadAuthenticationType,
@@ -202,7 +203,7 @@ class Transport (threading.Thread):
     _preferred_ciphers = ( 'aes128-ctr', 'aes256-ctr', 'aes128-cbc', 'blowfish-cbc', 'aes256-cbc', '3des-cbc',
         'arcfour128', 'arcfour256' )
     _preferred_macs = ( 'hmac-sha1', 'hmac-md5', 'hmac-sha1-96', 'hmac-md5-96' )
-    _preferred_keys = ( 'ssh-rsa', 'ssh-dss' )
+    _preferred_keys = ( 'ssh-rsa', 'ssh-dss', 'ecdsa-sha2-nistp256' )
     _preferred_kex = ( 'diffie-hellman-group1-sha1', 'diffie-hellman-group-exchange-sha1' )
     _preferred_compression = ( 'none', )
 
@@ -227,6 +228,7 @@ class Transport (threading.Thread):
     _key_info = {
         'ssh-rsa': RSAKey,
         'ssh-dss': DSSKey,
+        'ecdsa-sha2-nistp256': ECDSAKey,
         }
 
     _kex_info = {