diff options
author | Anselm Kruis <a.kruis@science-computing.de> | 2017-08-04 17:05:27 +0200 |
---|---|---|
committer | Anselm Kruis <a.kruis@science-computing.de> | 2017-08-04 17:05:27 +0200 |
commit | a8b80126ecf6ee6be1a5e1ded8d1025ae2a30474 (patch) | |
tree | 15535b4b445d9064cd5ba1497b7868d2a57bad7e /paramiko/client.py | |
parent | 9969ad493a1a95420039fdd597f47932d9f83ea8 (diff) | |
parent | 1b2697b3418cdf8e76831b7c02da848123d3f606 (diff) | |
download | paramiko-a8b80126ecf6ee6be1a5e1ded8d1025ae2a30474.tar.gz |
Merge branch '2.0-gsskex-hostkeycheck-fix' into 2.1-gsskex-hostkeycheck-fix
Diffstat (limited to 'paramiko/client.py')
-rw-r--r-- | paramiko/client.py | 25 |
1 files changed, 12 insertions, 13 deletions
diff --git a/paramiko/client.py b/paramiko/client.py index c832c578..ae7186c3 100644 --- a/paramiko/client.py +++ b/paramiko/client.py @@ -347,22 +347,21 @@ class SSHClient (ClosingContextManager): server_hostkey_name = "[%s]:%d" % (hostname, port) our_server_keys = None - # If GSS-API Key Exchange is performed we are not required to check the - # host key, because the host is authenticated via GSS-API / SSPI as - # well as our client. - if not self._transport.use_gss_kex: - our_server_keys = self._system_host_keys.get(server_hostkey_name) - if our_server_keys is None: - our_server_keys = self._host_keys.get(server_hostkey_name) - if our_server_keys is not None: - keytype = our_server_keys.keys()[0] - sec_opts = t.get_security_options() - other_types = [x for x in sec_opts.key_types if x != keytype] - sec_opts.key_types = [keytype] + other_types + our_server_keys = self._system_host_keys.get(server_hostkey_name) + if our_server_keys is None: + our_server_keys = self._host_keys.get(server_hostkey_name) + if our_server_keys is not None: + keytype = our_server_keys.keys()[0] + sec_opts = t.get_security_options() + other_types = [x for x in sec_opts.key_types if x != keytype] + sec_opts.key_types = [keytype] + other_types t.start_client(timeout=timeout) - if not self._transport.use_gss_kex: + # If GSS-API Key Exchange is performed we are not required to check the + # host key, because the host is authenticated via GSS-API / SSPI as + # well as our client. + if not self._transport.gss_kex_used: server_key = t.get_remote_server_key() if our_server_keys is None: # will raise exception if the key is rejected |