Kami opened a new pull request, #1685: URL: https://github.com/apache/libcloud/pull/1685
This pull request updates paramiko SSH connection related code so it works with paramiko >= 2.9.0 and older OpenSSH server versions which don't support SHA-2 variants of the RSA key verification algorithm. ## Background, Context Paramiko v2.9.0 introduced a change which adds support and prefers SHA-2 variants of the RSA key verification algorithm (https://github.com/paramiko/paramiko/blob/2.9.0/sites/www/changelog.rst#changelog). This change is backward incompatible and won't work it user tries to use paramiko >= 2.9.0 with older OpenSSH servers such as the default setup on Ubuntu 14.04. ## Proposed Soluton In this PR I introduced a change to fall back to the previous / old approach in case "authentication error" is throw when connecting to the server when running paramiko >= 2.9.0. Sadly there is no easy way to catch and retry only on more granular / specific exception. This way the code works and supports older and newer versions of paramiko and OpenSSH servers. ## Note on Security For security reasons, if user knows they will only connect to new OpenSSH versions which support those variants + ``MSG_EXT_INFO`` extension, they are encouraged to disable this compatibility change by setting ``LIBCLOUD_PARAMIKO_SHA2_BACKWARD_COMPATIBILITY`` environment variable to ``false``. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
