You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you're connecting as a client, which SSH server are you connecting to?
No response
If you're using paramiko as part of another tool, which tool/version?
No response
Expected/desired behavior
At any moment of a time, paramiko supported set of keys may be less than some new official one, or than one with some proprietary extensions.
OpenSSH server in such cases just ignore authentication attempts with unknown keys, while paramiko forbids and closes connection.
Since client's ssh-agent can contain such unsupported keys, and can attempt them in any order, it is very hard to simultaneously use such agent with paramiko powered servers, and servers that accept "new-kind" keys.
It would be right to just to ignore unknown keys too.
Actual behavior
Paramiko logs: Auth rejected: unsupported or mangled public key (...) and sends _disconnect_no_more_auth to the client.
How to reproduce
Right now I have no good public example, but the case is pretty obvious. As an example (already supported in paramiko) I can give recent lack of support for rsa-sha2-256 kind of keys and certificates.
Anything else?
This code originates from 17 years ago and I found no real reason why it was done so, so I assume it is not intentional behavior, and can safely be changed to match OpenSSH one.
The text was updated successfully, but these errors were encountered:
Are you using paramiko as a client or server?
Server
What feature(s) aren't working right?
Keys/auth
What version(s) of paramiko are you using?
2.8.1 - 3.3.1
What version(s) of Python are you using?
2.7, 3.10.12
What operating system and version are you using?
Ubuntu 22.04
If you're connecting as a client, which SSH server are you connecting to?
No response
If you're using paramiko as part of another tool, which tool/version?
No response
Expected/desired behavior
At any moment of a time, paramiko supported set of keys may be less than some new official one, or than one with some proprietary extensions.
OpenSSH server in such cases just ignore authentication attempts with unknown keys, while paramiko forbids and closes connection.
Since client's ssh-agent can contain such unsupported keys, and can attempt them in any order, it is very hard to simultaneously use such agent with paramiko powered servers, and servers that accept "new-kind" keys.
It would be right to just to ignore unknown keys too.
Actual behavior
Paramiko logs:
Auth rejected: unsupported or mangled public key (...)
and sends_disconnect_no_more_auth
to the client.How to reproduce
Right now I have no good public example, but the case is pretty obvious. As an example (already supported in paramiko) I can give recent lack of support for rsa-sha2-256 kind of keys and certificates.
Anything else?
This code originates from 17 years ago and I found no real reason why it was done so, so I assume it is not intentional behavior, and can safely be changed to match OpenSSH one.
The text was updated successfully, but these errors were encountered: