-
Notifications
You must be signed in to change notification settings - Fork 23.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add use_rsa_sha2_algorithms
option for paramiko
#78789
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is definitely the low-friction and easy fix. If we assume we're not making significant investments in paramiko in the future, this is probably sufficient (vs more configurable explicit lists of enabled/disabled algos, or a "single algo" (per type) override that would allow us to be specific without monkeypatching. I'm +1 for this as-is, other than probably switching the default for security over convenience. 😆
/azp run |
Azure Pipelines successfully started running 1 pipeline(s). |
Co-authored-by: Matt Clay <matt@mystile.com>
Co-authored-by: Matt Clay <matt@mystile.com>
…rsa_sha2_algorithms=no
This comment was marked as resolved.
This comment was marked as resolved.
The test
|
|
use_rsa_sha2_algorithms
option, disable rsa-sha2 by defaultuse_rsa_sha2_algorithms
option for paramiko
…ble#78789) Fixes ansible#76737 Fixes ansible#77673 Co-authored-by: Matt Clay <matt@mystile.com> (cherry picked from commit 76b7466) Co-authored-by: Matt Martz <matt@sivel.net>
SUMMARY
Add
use_rsa_sha2_algorithms
option, keep rsa-sha2 enabled by defaultISSUE TYPE
COMPONENT NAME
lib/ansible/plugins/connection/paramiko_ssh.py
ADDITIONAL INFORMATION