summaryrefslogtreecommitdiff
path: root/paramiko/client.py
diff options
context:
space:
mode:
authorAnselm Kruis <a.kruis@science-computing.de>2017-08-04 19:39:30 +0200
committerAnselm Kruis <a.kruis@science-computing.de>2017-08-04 19:39:30 +0200
commitf1c677d0abeeb27971465b3affed11e70299515d (patch)
tree3aaa97636112c18653dd2adb9ac426b3e0c55dda /paramiko/client.py
parentf58b5b83b202d638ace962ad3ed5a2fbfe696399 (diff)
parenta8b80126ecf6ee6be1a5e1ded8d1025ae2a30474 (diff)
downloadparamiko-f1c677d0abeeb27971465b3affed11e70299515d.tar.gz
Merge branch '2.1-gsskex-hostkeycheck-fix' into 2.2-gsskex-hostkeycheck-fix
Diffstat (limited to 'paramiko/client.py')
-rw-r--r--paramiko/client.py25
1 files changed, 12 insertions, 13 deletions
diff --git a/paramiko/client.py b/paramiko/client.py
index 936693fc..34491230 100644
--- a/paramiko/client.py
+++ b/paramiko/client.py
@@ -350,22 +350,21 @@ class SSHClient (ClosingContextManager):
server_hostkey_name = "[%s]:%d" % (hostname, port)
our_server_keys = None
- # If GSS-API Key Exchange is performed we are not required to check the
- # host key, because the host is authenticated via GSS-API / SSPI as
- # well as our client.
- if not self._transport.use_gss_kex:
- our_server_keys = self._system_host_keys.get(server_hostkey_name)
- if our_server_keys is None:
- our_server_keys = self._host_keys.get(server_hostkey_name)
- if our_server_keys is not None:
- keytype = our_server_keys.keys()[0]
- sec_opts = t.get_security_options()
- other_types = [x for x in sec_opts.key_types if x != keytype]
- sec_opts.key_types = [keytype] + other_types
+ our_server_keys = self._system_host_keys.get(server_hostkey_name)
+ if our_server_keys is None:
+ our_server_keys = self._host_keys.get(server_hostkey_name)
+ if our_server_keys is not None:
+ keytype = our_server_keys.keys()[0]
+ sec_opts = t.get_security_options()
+ other_types = [x for x in sec_opts.key_types if x != keytype]
+ sec_opts.key_types = [keytype] + other_types
t.start_client(timeout=timeout)
- if not self._transport.use_gss_kex:
+ # If GSS-API Key Exchange is performed we are not required to check the
+ # host key, because the host is authenticated via GSS-API / SSPI as
+ # well as our client.
+ if not self._transport.gss_kex_used:
server_key = t.get_remote_server_key()
if our_server_keys is None:
# will raise exception if the key is rejected
View Lorry Controller Status