Merge branch '2.0-gsskex-hostkeycheck-fix' into 2.1-gsskex-hostkeycheck-fix

author: Anselm Kruis <a.kruis@science-computing.de> 2017-08-04 17:05:27 +0200
committer: Anselm Kruis <a.kruis@science-computing.de> 2017-08-04 17:05:27 +0200
commit: a8b80126ecf6ee6be1a5e1ded8d1025ae2a30474 (patch)
tree: 15535b4b445d9064cd5ba1497b7868d2a57bad7e /paramiko/client.py
parent: 9969ad493a1a95420039fdd597f47932d9f83ea8 (diff)
parent: 1b2697b3418cdf8e76831b7c02da848123d3f606 (diff)
download: paramiko-a8b80126ecf6ee6be1a5e1ded8d1025ae2a30474.tar.gz
1 files changed, 12 insertions, 13 deletions
diff --git a/paramiko/client.py b/paramiko/client.py
index c832c578..ae7186c3 100644
--- a/paramiko/client.py
+++ b/paramiko/client.py
@@ -347,22 +347,21 @@ class SSHClient (ClosingContextManager):
             server_hostkey_name = "[%s]:%d" % (hostname, port)
         our_server_keys = None
 
-        # If GSS-API Key Exchange is performed we are not required to check the
-        # host key, because the host is authenticated via GSS-API / SSPI as
-        # well as our client.
-        if not self._transport.use_gss_kex:
-            our_server_keys = self._system_host_keys.get(server_hostkey_name)
-            if our_server_keys is None:
-                our_server_keys = self._host_keys.get(server_hostkey_name)
-            if our_server_keys is not None:
-                keytype = our_server_keys.keys()[0]
-                sec_opts = t.get_security_options()
-                other_types = [x for x in sec_opts.key_types if x != keytype]
-                sec_opts.key_types = [keytype] + other_types
+        our_server_keys = self._system_host_keys.get(server_hostkey_name)
+        if our_server_keys is None:
+            our_server_keys = self._host_keys.get(server_hostkey_name)
+        if our_server_keys is not None:
+            keytype = our_server_keys.keys()[0]
+            sec_opts = t.get_security_options()
+            other_types = [x for x in sec_opts.key_types if x != keytype]
+            sec_opts.key_types = [keytype] + other_types
 
         t.start_client(timeout=timeout)
 
-        if not self._transport.use_gss_kex:
+        # If GSS-API Key Exchange is performed we are not required to check the
+        # host key, because the host is authenticated via GSS-API / SSPI as
+        # well as our client.
+        if not self._transport.gss_kex_used:
             server_key = t.get_remote_server_key()
             if our_server_keys is None:
                 # will raise exception if the key is rejected
author	Anselm Kruis <a.kruis@science-computing.de>	2017-08-04 17:05:27 +0200
committer	Anselm Kruis <a.kruis@science-computing.de>	2017-08-04 17:05:27 +0200
commit	a8b80126ecf6ee6be1a5e1ded8d1025ae2a30474 (patch)
tree	15535b4b445d9064cd5ba1497b7868d2a57bad7e /paramiko/client.py
parent	9969ad493a1a95420039fdd597f47932d9f83ea8 (diff)
parent	1b2697b3418cdf8e76831b7c02da848123d3f606 (diff)
download	paramiko-a8b80126ecf6ee6be1a5e1ded8d1025ae2a30474.tar.gz