Create gss_auth option for paramiko_ssh connection plugin #71190
- Add a new gss_auth option for the paramiko_ssh connection plugin that will be passed to the upstream paramiko library connect method. This will enable GSS-API authentication for paramiko ssh connections which is required for Kerberos authentication. - Set the default for the gss_auth option in the paramiko_connection section to false to ensure backwards compatibility
- Only pass the gss_auth option to paramiko.SSHClient().connect() if the paramiko version supports it (paramiko added support for GSS-API in 1.15.0)
I couldn't see how to set up a test for it without having a kerberos auth environment configured. It might be possible to test that enabling the option means the ssh client attempts gss-api (but then continues to other options). Do you have any pointers for other auth type option tests I could look at?
That's why I suggested that unit tests might be easier. Setting up kerberos just for a test is probably quite difficult.
You can take a look at