From f8036d69ff425b81b7070ce91e31252c72bfe632 Mon Sep 17 00:00:00 2001
From: Christopher Papke <chris.papke@imperva.com>
Date: Tue, 5 Apr 2022 14:54:42 -0700
Subject: don't throw exception when comparing PKey to non-PKey

---
 paramiko/pkey.py   | 2 +-
 tests/test_pkey.py | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/paramiko/pkey.py b/paramiko/pkey.py
index 7865a6ea..f494c80e 100644
--- a/paramiko/pkey.py
+++ b/paramiko/pkey.py
@@ -140,7 +140,7 @@ class PKey(object):
         return cmp(self.asbytes(), other.asbytes())  # noqa
 
     def __eq__(self, other):
-        return self._fields == other._fields
+        return isinstance(other, PKey) and self._fields == other._fields
 
     def __hash__(self):
         return hash(self._fields)
diff --git a/tests/test_pkey.py b/tests/test_pkey.py
index e652740c..687e776b 100644
--- a/tests/test_pkey.py
+++ b/tests/test_pkey.py
@@ -622,6 +622,11 @@ class KeyTest(unittest.TestCase):
         for key1, key2 in self.keys():
             assert key1 == key2
 
+    def test_keys_are_not_equal_to_other(self):
+        for value in [None, True, ""]:
+            for key1, _ in self.keys():
+                assert key1 != value
+
     def test_keys_are_hashable(self):
         # NOTE: this isn't a great test due to hashseed randomization under
         # Python 3 preventing use of static values, but it does still prove
-- 
cgit v1.2.1


From d7fe051087fc9bd31dc0c42da63b3ae4852f6d2d Mon Sep 17 00:00:00 2001
From: Jeff Forcier <jeff@bitprophet.org>
Date: Mon, 25 Apr 2022 08:14:06 -0400
Subject: Changelog re #1964, #2024, #2023

---
 sites/www/changelog.rst | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index 358b8d8e..a7c6b2e6 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -2,6 +2,12 @@
 Changelog
 =========
 
+- :bug:`1964` (via :issue:`2024` as also reported in :issue:`2023`)
+  `~paramiko.pkey.PKey` instances' ``__eq__`` did not have the usual safety
+  guard in place to ensure they were being compared to another ``PKey`` object,
+  causing occasional spurious ``BadHostKeyException`` (among other things).
+  This has been fixed. Thanks to Shengdun Hua for the original report/patch and
+  to Christopher Papke for the final version of the fix.
 - :release:`2.9.3 <2022-03-18>`
 - :bug:`1963` (via :issue:`1977`) Certificate-based pubkey auth was
   inadvertently broken when adding SHA2 support; this has been fixed. Reported
-- 
cgit v1.2.1