diff options
| author | Jeff Forcier <jeff@bitprophet.org> | 2019-06-21 18:36:50 -0400 |
|---|---|---|
| committer | Jeff Forcier <jeff@bitprophet.org> | 2019-06-21 18:36:50 -0400 |
| commit | b5a7c1c327ffc8a9a798a9dedc97b24f6a6fd586 (patch) | |
| tree | 1dca78dc5f0b1467b32868a13782d436368b0469 | |
| parent | 964c34017fe648df21c9c330887796f14609c59b (diff) | |
Add docstring and signature support for disable_algorithms
| -rw-r--r-- | paramiko/client.py | 6 | ||||
| -rw-r--r-- | paramiko/transport.py | 19 |
2 files changed, 25 insertions, 0 deletions
diff --git a/paramiko/client.py b/paramiko/client.py index a47efbfe..322f5fa9 100644 --- a/paramiko/client.py +++ b/paramiko/client.py @@ -236,6 +236,7 @@ class SSHClient(ClosingContextManager): auth_timeout=None, gss_trust_dns=True, passphrase=None, + disable_algorithms=None, ): """ Connect to an SSH server and authenticate to it. The server's host key @@ -310,6 +311,9 @@ class SSHClient(ClosingContextManager): for the SSH banner to be presented. :param float auth_timeout: an optional timeout (in seconds) to wait for an authentication response. + :param dict disable_algorithms: + an optional dict passed directly to `.Transport` and its keyword + argument of the same name. :raises: `.BadHostKeyException` -- if the server's host key could not be @@ -327,6 +331,8 @@ class SSHClient(ClosingContextManager): Added the ``gss_trust_dns`` argument. .. versionchanged:: 2.4 Added the ``passphrase`` argument. + .. versionchanged:: 2.6 + Added the ``disable_algorithms`` argument. """ if not sock: errors = {} diff --git a/paramiko/transport.py b/paramiko/transport.py index bd145c1e..71d2b4f1 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -306,6 +306,7 @@ class Transport(threading.Thread, ClosingContextManager): default_max_packet_size=DEFAULT_MAX_PACKET_SIZE, gss_kex=False, gss_deleg_creds=True, + disable_algorithms=None, ): """ Create a new SSH session over an existing socket, or socket-like @@ -352,12 +353,30 @@ class Transport(threading.Thread, ClosingContextManager): :param bool gss_deleg_creds: Whether to enable GSSAPI credential delegation when GSSAPI is in play. Default: ``True``. + :param dict disable_algorithms: + If given, must be a dictionary mapping algorithm type to an + iterable of algorithm identifiers, which will be disabled for the + lifetime of the transport. + + Keys should match the last word in the class' builtin algorithm + tuple attributes, such as ``"ciphers"`` to disable names within + ``_preferred_ciphers``; or ``"kex"`` to disable something defined + inside ``_preferred_kex``. Values should exactly match members of + the matching attribute. + + For example, if you need to disable + ``diffie-hellman-group16-sha512`` key exchange (perhaps because + your code talks to a server which implements it differently from + Paramiko), specify ``disable_algorithms={"kex": + ["diffie-hellman-group16-sha512"]}``. .. versionchanged:: 1.15 Added the ``default_window_size`` and ``default_max_packet_size`` arguments. .. versionchanged:: 1.15 Added the ``gss_kex`` and ``gss_deleg_creds`` kwargs. + .. versionchanged:: 2.6 + Added the ``disable_algorithms`` kwarg. """ self.active = False self.hostname = None |