diff options
author | Anselm Kruis <a.kruis@science-computing.de> | 2017-08-04 19:39:30 +0200 |
---|---|---|
committer | Anselm Kruis <a.kruis@science-computing.de> | 2017-08-04 19:39:30 +0200 |
commit | f1c677d0abeeb27971465b3affed11e70299515d (patch) | |
tree | 3aaa97636112c18653dd2adb9ac426b3e0c55dda /paramiko/client.py | |
parent | f58b5b83b202d638ace962ad3ed5a2fbfe696399 (diff) | |
parent | a8b80126ecf6ee6be1a5e1ded8d1025ae2a30474 (diff) | |
download | paramiko-f1c677d0abeeb27971465b3affed11e70299515d.tar.gz |
Merge branch '2.1-gsskex-hostkeycheck-fix' into 2.2-gsskex-hostkeycheck-fix
Diffstat (limited to 'paramiko/client.py')
-rw-r--r-- | paramiko/client.py | 25 |
1 files changed, 12 insertions, 13 deletions
diff --git a/paramiko/client.py b/paramiko/client.py index 936693fc..34491230 100644 --- a/paramiko/client.py +++ b/paramiko/client.py @@ -350,22 +350,21 @@ class SSHClient (ClosingContextManager): server_hostkey_name = "[%s]:%d" % (hostname, port) our_server_keys = None - # If GSS-API Key Exchange is performed we are not required to check the - # host key, because the host is authenticated via GSS-API / SSPI as - # well as our client. - if not self._transport.use_gss_kex: - our_server_keys = self._system_host_keys.get(server_hostkey_name) - if our_server_keys is None: - our_server_keys = self._host_keys.get(server_hostkey_name) - if our_server_keys is not None: - keytype = our_server_keys.keys()[0] - sec_opts = t.get_security_options() - other_types = [x for x in sec_opts.key_types if x != keytype] - sec_opts.key_types = [keytype] + other_types + our_server_keys = self._system_host_keys.get(server_hostkey_name) + if our_server_keys is None: + our_server_keys = self._host_keys.get(server_hostkey_name) + if our_server_keys is not None: + keytype = our_server_keys.keys()[0] + sec_opts = t.get_security_options() + other_types = [x for x in sec_opts.key_types if x != keytype] + sec_opts.key_types = [keytype] + other_types t.start_client(timeout=timeout) - if not self._transport.use_gss_kex: + # If GSS-API Key Exchange is performed we are not required to check the + # host key, because the host is authenticated via GSS-API / SSPI as + # well as our client. + if not self._transport.gss_kex_used: server_key = t.get_remote_server_key() if our_server_keys is None: # will raise exception if the key is rejected |