Add -cert-v01@openssh.com variants to accepted host key algorithms

Solves #2035
author: Jeff Forcier <jeff@bitprophet.org> 2022-04-22 19:11:03 -0400
committer: Jeff Forcier <jeff@bitprophet.org> 2022-04-22 19:12:32 -0400
commit: 7a2c84afaada7a513ee482ba36e8848528b6f5f3 (patch)
tree: 2494ec3ce75a1360800531deb33e3593198e6377 /paramiko/transport.py
parent: 239d2bd7a620be5cdaaa26f981ea72f5f55c9050 (diff)
download: paramiko-7a2c84afaada7a513ee482ba36e8848528b6f5f3.tar.gz
1 files changed, 9 insertions, 1 deletions
diff --git a/paramiko/transport.py b/paramiko/transport.py
index b99b3278..83cedbf6 100644
--- a/paramiko/transport.py
+++ b/paramiko/transport.py
@@ -549,7 +549,15 @@ class Transport(threading.Thread, ClosingContextManager):
 
     @property
     def preferred_keys(self):
-        return self._filter_algorithm("keys")
+        # Interleave cert variants here; resistant to various background
+        # overwriting of _preferred_keys, and necessary as hostkeys can't use
+        # the logic pubkey auth does re: injecting/checking for certs at
+        # runtime
+        filtered = self._filter_algorithm("keys")
+        return tuple(
+            filtered
+            + tuple("{}-cert-v01@openssh.com".format(x) for x in filtered)
+        )
 
     @property
     def preferred_pubkeys(self):
author	Jeff Forcier <jeff@bitprophet.org>	2022-04-22 19:11:03 -0400
committer	Jeff Forcier <jeff@bitprophet.org>	2022-04-22 19:12:32 -0400
commit	7a2c84afaada7a513ee482ba36e8848528b6f5f3 (patch)
tree	2494ec3ce75a1360800531deb33e3593198e6377 /paramiko/transport.py
parent	239d2bd7a620be5cdaaa26f981ea72f5f55c9050 (diff)
download	paramiko-7a2c84afaada7a513ee482ba36e8848528b6f5f3.tar.gz