summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2017-08-28flake8Jeff Forcier
2017-08-23Merge branch 'master' into 1042-intJeff Forcier
2017-08-23Changelog re #1041Jeff Forcier
2017-08-23Pull in count-errors from invocationsJeff Forcier
2017-08-22string slice instead of rstrip, thanks ploxilnPaul Kapp
2017-08-22Add certificate filenames to look_for_keysPaul Kapp
2017-08-22amendmentPaul Kapp
Forgot about AgentKey, and put ECDSA line in wrong __init__. That’s what I get for only screening with test_pkey…
2017-08-22Generic certificate supportPaul Kapp
Roll agnostic certificate support into PKey, and tweak publickey authentication to use it only if set. Requires explicit call to PKey.load_certificate() in order to alter the authentication behavior.
2017-08-18Common up break out of Transport.run() loopPaul Kapp
Can’t seem to reason out any advantage of clearing self.active and calling self.packetizer.close() in these situations instead of simply breaking out of loop and allowing the additional conditional cleanups to be done. Currently looking into tackling some needed cleanup in auth_handler, and not having the auth_handler.abort() called on server disconnect feels like a bug - who knows?
2017-08-08Adding changelog for slow compression improvementDrNeutron
2017-08-08Update compress.pyDrNeutron
The previous setting of the compression level to 9 is a poor trade off in CPU and time used for compression vs the size gain over the default level of compression in zlib which is 6.
2017-08-04Transport gssapi-keyex: set the gss_kex_used flag lateAnselm Kruis
Set the flag gss_kex_used only after a gssapi-keyex has been successfully completed. This change prevents a wrong value in case of exceptions during the gssapi-keyex handshake.
2017-08-04Merge branch '2.1-gsskex-hostkeycheck-fix' into 2.2-gsskex-hostkeycheck-fixAnselm Kruis
2017-08-04AuthHandler: handle local "gssapi-with-mic" errors in client modeAnselm Kruis
Paramiko now tries other authentication methods, if "gssapi-with-mic" authentication may fails for a local reason (i.e. no kerberos ticket). Befor this change, any exception from the GSSAPI/SSPI caused the transport to be closed.
2017-08-04AuthHandler: fix the server-mode "gssapi-with-mic" logicAnselm Kruis
A paramiko server is now able to handle a restart of the user authentication during the GSS-API token exchange. This may occur, if the client detects a local GSSAPI problem (e.g. a missing kerberos ticket) and continues with another authentication method. The added test case test_2_auth_trickledown still fails, because the paramiko client contains a bug too.
2017-08-04Added paramiko.GSS_EXCEPTIONS: exception types used by GSSAPIAnselm Kruis
This new constant is a tuple of the exception types used by the underlying GSSAPI/SSPI implementation.
2017-08-04Merge branch '2.0-gsskex-hostkeycheck-fix' into 2.1-gsskex-hostkeycheck-fixAnselm Kruis
2017-08-04SSHClient: fix the host key testAnselm Kruis
Skip the host key check only, if the transport actually used gssapi-keyex. Add tests for the missing-host-key RejectPolicy. Before this change, a man-in-the-middle attack on the paramiko ssh client with gss_kex=True was possible by having a server that does not support gssapi-keyex and gives any or no host key.
2017-08-03Transport: fix the preferred KEX algorithms for gssapi-keyexAnselm Kruis
Add additional KEX algorithms for gssapi-keyex in front of the default preferred KEX algorithms, if gssapi-keyex is enabled. Before this change, Transport used a hard coded (and out-dated) list of algorithms, if gssapi-keyex was enabled.
2017-07-28Trigger TravisMichal Kuffa
2017-07-28Move assertions outside of the open context managerMichal Kuffa
2017-07-28Add file_obj handling to the Ed25519Key constructorMichal Kuffa
2017-07-13Merge branch '2.2'Jeff Forcier
2017-07-13Changelog re #1012, re #1016Jeff Forcier
2017-07-13Merge branch '2.2'Jeff Forcier
2017-07-13Enhance SFTP client & server docs re: posix_rename and its relation to renameJeff Forcier
Fixes #1016, re #1012
2017-07-06server: Support pre-authentication bannersDennis Kaarsemaker
The ssh protocol allows for the server to send a pre-authentication banner. It may be sent any time between the start of authentication and successful authentication. This commit allow ServerInterface subclasses to define messages which we'll send right right at the start of authentication before we send the supported authentication methods.
2017-06-25Merge branch 'master' into one-shot-methodsPaul Kehrer
2017-06-15Merge branch '2.0' into 2.1Jeff Forcier
2017-06-15Merge branch '2.2'Jeff Forcier
2017-06-15Merge branch '2.1' into 2.2Jeff Forcier
2017-06-15Merge pull request #997 from ploxiln/travis_pypy_updateJeff Forcier
travis-ci: update pypy test run
2017-06-14travis-ci: update pypy test run to use pypy-5.6.0Pierce Lopez
2017-06-13Merge branch '2.2'Jeff Forcier
2017-06-13Cut 2.2.1Jeff Forcier
2017-06-13Merge branch '2.2'Jeff Forcier
2017-06-13WhitespaceJeff Forcier
2017-06-13Changelog language tweaksJeff Forcier
2017-06-13changelog: update for #990 and #993Pierce Lopez
2017-06-13implement __hash__() method for Ed25519KeyPierce Lopez
makes Ed25519Key objs comparable, needed for host keys
2017-06-13need bcrypt >= 3.1.3 for kdf() ignore_few_rounds kwargPierce Lopez
2017-06-12Merge branch '2.2'Jeff Forcier
2017-06-12Merge branch '2.1' into 2.2Jeff Forcier
2017-06-12Merge branch '2.0' into 2.1Jeff Forcier
2017-06-12Add Python 3.6 to classifiersFelix Yan
2017-06-12Merge pull request #991 from felixonmars/patch-1Jeff Forcier
Add Python 3.6 to classifiers
2017-06-11Add Python 3.6 to classifiersFelix Yan
2017-06-09Cut 2.2.0Jeff Forcier
2017-06-09Merge branch '2.1'Jeff Forcier
2017-06-09Cut 2.1.3Jeff Forcier
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-10 13:29:45 +0000