Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ability to disable algorithms #439

Open
wants to merge 12 commits into
base: master
Choose a base branch
from
Open

Ability to disable algorithms #439

wants to merge 12 commits into from

Conversation

miikaoskari
Copy link

This pull request adds the ability to pass disabled_algorithms when connecting.
Helped me connect to a legacy ssh server.

disabled_algorithms are passed as a dictionary like in paramiko {'pubkeys': ['rsa-sha2-256', 'rsa-sha2-512']}

This PR might need something that I am not aware of. Let me know, I can fix it!

@Noordsestern Noordsestern mentioned this pull request Aug 23, 2024
Closed
@Noordsestern
Copy link
Member

ah, i merged in wrong order... i merged the removal of python 2 and jython first. Could you do the trick again and add a test if this is working? I think, we actually have test cases that fail because old algorithms are used (exactly the ones you mention).

@miikaoskari
Copy link
Author

Yeah sure. I'll check next week and let you know :)

@Noordsestern Noordsestern added this to the v4.0 milestone Aug 29, 2024
@Noordsestern
Copy link
Member

Do you have a test case demonstrating how to use this feature? When i set the disabled_algorithms parameter, i get an error message saying that list does not have a method get

@miikaoskari
Copy link
Author

Hi! Sorry, I have been quite busy and have not had the chance to check the test cases yet. However before the merge I used them like this

VAR    @{pubkeys}   rsa-sha2-512    rsa-sha2-256
VAR    &{disabled_algorithms}    pubkeys=${pubkeys}
Login With Public Key    username=root    keyfile=keyfile    disabled_algorithms=${disabled_algorithms}

I'll give it a shot now and test

@Noordsestern
Copy link
Member

Ok, could you please add the testcase to atest/login.robot and document the parameter in login keyword documentation? In documentation you could reference paramiko-Transport class where the options for disabled-algorithms are listed: https://docs.paramiko.org/en/latest/api/transport.html#paramiko.transport.Transport

@miikaoskari
Copy link
Author

Seems that with the keyfile implementation I am running to this failure. Related to #448

------------------------------------------------------------------------------
Login With Disabled Algorithms And Public Key                         | FAIL |
ValueError: q must be exactly 160, 224, or 256 bits long
------------------------------------------------------------------------------

@Noordsestern
Copy link
Member

The error is misleading (coming from paramiko or even deeper). What the message actually tries to say: the username does not exist in target system.

@miikaoskari
Copy link
Author

Okay I am getting passing tests for disabled algorithms now. The error was because the key was RSA which I had disabled as an algorithm and paramiko fallbacked to DSA? 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v4.0
Development

Successfully merging this pull request may close these issues.
2 participants
@miikaoskari @Noordsestern