-
-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make Transport cipher/algorithm choice lists fully user-configurable #2054
Comments
Believe this also covers #2049? |
Sounds to me like it does. |
I've came here after reading #1961, and instead of creating new issues i'm adding comment here.
We having many junos devices in our network, some of them new, some of them old. Not all can be upgraded. And we're using py-junos-eznc with ssh transport to comminicate with those devices. It uses netconf which uses paramiko. After updating to latest
I think paramiko should not default to using first algorithm and fail, but try some other until it works. |
Adds a transport_factory argument to `SSHClient.connect` that allows you to dynamically generate a Transport instance without, and therefore modify inner connection parameters before a connection gets established. This should address some of the issues in paramiko#2054 with minial changes to the API and no changes to Transport while allowing for arbitrary control over Transports API.
Until this issue is resolved, I have a question related to #2049 |
This seems like something that would be good to consider as part of the key/auth overhaul of #387 &c., @bitprophet. From what I understand of the current key/auth implementation, @chet-manley, I suspect this isn't possible right now. Hopefully in the future. |
I'm currently working around it by |
This is an age old problem: users need ability to shuffle the order of, or flat out remove, certain options for kex, hostkey checks, pubkey auth offering, and so forth. This isn't currently possible without editing your Paramiko or doing monkeypatching on your Transport class or instance. A weak bone was thrown to this with
disabled_algorithms
recently but it's just a mediocre band-aid by all accounts.Transport needs updating so that these lists are easy to override/modify/etc:
disabled_algorithms
allows this but is a bit clunky due to use of dicts. Maybe we want stuff likeTransport.remove_algorithms()
or w/e.SecurityOptions
which is an old and crummy attempt at this same problem class. It's actually made things worse by being copypasta that then rots differently from the rest of the code! If we're putting this out as a backwards incompat fashion then such a deletion would go well. Otherwise, deprecate.Related:
The text was updated successfully, but these errors were encountered: