You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently login_with_public_key will still pass even if you provide an invalid keyfile as long as you provide the correct user password in the 'password' parameter. According to documentation, 'password' parameter should act as a 'passphrase' for the keyfile if it is needed. Current implementation seems to default to normal log in when invalid keyfile is provided.
I think 'password' should no longer be provided using this keyword since users really intend to login using their provided keyfile and should fail if this is invalid. 'password' argument should also be replaced by 'passphrase' to avoid confusion for provided 'passphrase' for the keyfile.
The text was updated successfully, but these errors were encountered:
cristii006
pushed a commit
to cristii006/SSHLibrary
that referenced
this issue
Oct 5, 2018
PR #267 replaces password argument with passphrase when using Login with Public Key keyword and the behavior is the expected one: The keyword fails when an invalid key is provided regardless of the credentials.
The problem is that passphrase argument was added very recently in paramiko, starting from version 2.4 according to their documentation. SSHLibrary supports all paramiko versions starting from 1.15.3 and merging this PR would make it backward incompatible with almost all older versions.
My proposal would be not to merge this PR for some time, because a lot of people still use older versions of paramiko. I would suggest that at the moment to only update the documentation of this keyword, to explain the current behavior, something along the lines of: the keyword will pass if the credentials are correct even if the supplied keyfile is invalid.
mihaiparvu
changed the title
login_with_public_key login successfully using invalid keyfile
Login With Public Key authenticates successfully using invalid keyfile
Oct 23, 2018
Currently login_with_public_key will still pass even if you provide an invalid keyfile as long as you provide the correct user password in the 'password' parameter. According to documentation, 'password' parameter should act as a 'passphrase' for the keyfile if it is needed. Current implementation seems to default to normal log in when invalid keyfile is provided.
I think 'password' should no longer be provided using this keyword since users really intend to login using their provided keyfile and should fail if this is invalid. 'password' argument should also be replaced by 'passphrase' to avoid confusion for provided 'passphrase' for the keyfile.
The text was updated successfully, but these errors were encountered: