diff options
| author | Ethan Glasser-Camp <ethan@betacantrips.com> | 2013-03-25 11:40:46 -0400 |
|---|---|---|
| committer | Ethan Glasser-Camp <ethan@betacantrips.com> | 2013-03-25 12:19:29 -0400 |
| commit | ebdbfae5b1fd069f53c13b830fcf737b279977b7 (patch) | |
| tree | 6abc7631561b9305b5fd2a7114537e1892e032ac | |
| parent | 632129c427fb912f6fdca9aa37418e828c75b87f (diff) | |
Hook up ECDSA to hostkeys
More sophisticated key negotiation is still necessary in the case
where we have an ECDSA key for the server and it offers us both RSA
and ECDSA. In this case, we will pick RSA and fail because we don't
have it. Instead, we should pick ECDSA. Still, this works if you tell
your server to only offer ECDSA keys :)
| -rw-r--r-- | paramiko/hostkeys.py | 4 | ||||
| -rw-r--r-- | paramiko/transport.py | 4 |
2 files changed, 7 insertions, 1 deletions
diff --git a/paramiko/hostkeys.py b/paramiko/hostkeys.py index e739312a..edc9300f 100644 --- a/paramiko/hostkeys.py +++ b/paramiko/hostkeys.py @@ -28,6 +28,7 @@ import UserDict from paramiko.common import * from paramiko.dsskey import DSSKey from paramiko.rsakey import RSAKey +from paramiko.ecdsakey import ECDSAKey class InvalidHostKey(Exception): @@ -77,8 +78,11 @@ class HostKeyEntry: key = RSAKey(data=base64.decodestring(key)) elif keytype == 'ssh-dss': key = DSSKey(data=base64.decodestring(key)) + elif keytype == 'ecdsa-sha2-nistp256': + key = ECDSAKey(data=base64.decodestring(key)) else: return None + except binascii.Error, e: raise InvalidHostKey(line, e) diff --git a/paramiko/transport.py b/paramiko/transport.py index fd6dab76..aca51a94 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -42,6 +42,7 @@ from paramiko.message import Message from paramiko.packet import Packetizer, NeedRekeyException from paramiko.primes import ModulusPack from paramiko.rsakey import RSAKey +from paramiko.ecdsakey import ECDSAKey from paramiko.server import ServerInterface from paramiko.sftp_client import SFTPClient from paramiko.ssh_exception import (SSHException, BadAuthenticationType, @@ -202,7 +203,7 @@ class Transport (threading.Thread): _preferred_ciphers = ( 'aes128-ctr', 'aes256-ctr', 'aes128-cbc', 'blowfish-cbc', 'aes256-cbc', '3des-cbc', 'arcfour128', 'arcfour256' ) _preferred_macs = ( 'hmac-sha1', 'hmac-md5', 'hmac-sha1-96', 'hmac-md5-96' ) - _preferred_keys = ( 'ssh-rsa', 'ssh-dss' ) + _preferred_keys = ( 'ssh-rsa', 'ssh-dss', 'ecdsa-sha2-nistp256' ) _preferred_kex = ( 'diffie-hellman-group1-sha1', 'diffie-hellman-group-exchange-sha1' ) _preferred_compression = ( 'none', ) @@ -227,6 +228,7 @@ class Transport (threading.Thread): _key_info = { 'ssh-rsa': RSAKey, 'ssh-dss': DSSKey, + 'ecdsa-sha2-nistp256': ECDSAKey, } _kex_info = { |