dorian
/
paramiko
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Hook up ECDSA to hostkeys 

More sophisticated key negotiation is still necessary in the case
where we have an ECDSA key for the server and it offers us both RSA
and ECDSA. In this case, we will pick RSA and fail because we don't
have it. Instead, we should pick ECDSA. Still, this works if you tell
your server to only offer ECDSA keys :)
This commit is contained in:
Ethan Glasser-Camp 2013-03-25 11:40:46 -04:00
parent 632129c427
commit ebdbfae5b1
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
paramiko/hostkeys.py
View File

@ -28,6 +28,7 @@ import UserDict
from paramiko.common import * from paramiko.common import *
from paramiko.dsskey import DSSKey from paramiko.dsskey import DSSKey
from paramiko.rsakey import RSAKey from paramiko.rsakey import RSAKey
from paramiko.ecdsakey import ECDSAKey
class InvalidHostKey(Exception): class InvalidHostKey(Exception):
@ -77,8 +78,11 @@ class HostKeyEntry:
key = RSAKey(data=base64.decodestring(key)) key = RSAKey(data=base64.decodestring(key))
elif keytype == 'ssh-dss': elif keytype == 'ssh-dss':
key = DSSKey(data=base64.decodestring(key)) key = DSSKey(data=base64.decodestring(key))
elif keytype == 'ecdsa-sha2-nistp256':
key = ECDSAKey(data=base64.decodestring(key))
else: else:
return None return None
except binascii.Error, e: except binascii.Error, e:
raise InvalidHostKey(line, e) raise InvalidHostKey(line, e)

4
paramiko/transport.py
View File

@ -42,6 +42,7 @@ from paramiko.message import Message
from paramiko.packet import Packetizer, NeedRekeyException from paramiko.packet import Packetizer, NeedRekeyException
from paramiko.primes import ModulusPack from paramiko.primes import ModulusPack
from paramiko.rsakey import RSAKey from paramiko.rsakey import RSAKey
from paramiko.ecdsakey import ECDSAKey
from paramiko.server import ServerInterface from paramiko.server import ServerInterface
from paramiko.sftp_client import SFTPClient from paramiko.sftp_client import SFTPClient
from paramiko.ssh_exception import (SSHException, BadAuthenticationType, from paramiko.ssh_exception import (SSHException, BadAuthenticationType,
@ -202,7 +203,7 @@ class Transport (threading.Thread):
_preferred_ciphers = ( 'aes128-ctr', 'aes256-ctr', 'aes128-cbc', 'blowfish-cbc', 'aes256-cbc', '3des-cbc', _preferred_ciphers = ( 'aes128-ctr', 'aes256-ctr', 'aes128-cbc', 'blowfish-cbc', 'aes256-cbc', '3des-cbc',
'arcfour128', 'arcfour256' ) 'arcfour128', 'arcfour256' )
_preferred_macs = ( 'hmac-sha1', 'hmac-md5', 'hmac-sha1-96', 'hmac-md5-96' ) _preferred_macs = ( 'hmac-sha1', 'hmac-md5', 'hmac-sha1-96', 'hmac-md5-96' )
_preferred_keys = ( 'ssh-rsa', 'ssh-dss' ) _preferred_keys = ( 'ssh-rsa', 'ssh-dss', 'ecdsa-sha2-nistp256' )
_preferred_kex = ( 'diffie-hellman-group1-sha1', 'diffie-hellman-group-exchange-sha1' ) _preferred_kex = ( 'diffie-hellman-group1-sha1', 'diffie-hellman-group-exchange-sha1' )
_preferred_compression = ( 'none', ) _preferred_compression = ( 'none', )
@ -227,6 +228,7 @@ class Transport (threading.Thread):
_key_info = { _key_info = {
'ssh-rsa': RSAKey, 'ssh-rsa': RSAKey,
'ssh-dss': DSSKey, 'ssh-dss': DSSKey,
'ecdsa-sha2-nistp256': ECDSAKey,
} }
_kex_info = { _kex_info = {