Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Host-based Authentication not available #316

Open
bws opened this issue Apr 17, 2014 · 7 comments
Open

Host-based Authentication not available #316

bws opened this issue Apr 17, 2014 · 7 comments
Labels
Feature

Comments

@bws
Copy link

bws commented Apr 17, 2014

Paramiko doesn't appear to support host-based authentication. We use this extensively in our various enclaves which have onerous passcode requirements. Once in the enclave, we then allow access to machines over multiple networks via shohsts_equiv file (used in conjunction with ssh-keysign).

I haven't dived into the details, but would be interested in seeing a solution briefly outlined even if it isn't in the current paramiko plans to implement. We are using paramiko extensively on our newest Python tools.
@nlmills
Copy link

nlmills commented Apr 21, 2014

I have a working implementation of host-based authentication using openssh's ssh-keysign tool at nlmills/paramiko@a147ad5 in my branch "hostbased".

It will need some work before it can be integrated to the upstream.

@bws
Copy link
Author

bws commented Apr 28, 2014

I've reworked Nick's patch a bit to handle various types of failures during host-based authentication. My work only applies to paramiko 1.13, so not sure how much additional work will be required if you guys want to adopt it.

@bitprophet
Copy link
Member

I'm open to adding support for this, in general. Still going through a few months of unread notifications (sob), if I run across a PR somebody made for this I'll link it, otherwise, please feel free to submit a PR when you have time.

@danielballan
Copy link

@bws Is your reworked patch public somewhere I can try it out?

@bws
Copy link
Author

bws commented Jun 25, 2015

https://github.com/bws/xdd/blob/master/contrib/paramiko-hostbased-auth.diff

We apply that to paramiko 1.13.0. As part of the XDD build.

Cheers,
Brad

On Thu, Jun 25, 2015 at 11:59 AM, Dan Allan notifications@github.com
wrote:

@bws https://github.com/bws Is your reworked patch public somewhere I
can try it out?


Reply to this email directly or view it on GitHub
#316 (comment).

@pete312
Copy link

pete312 commented Oct 6, 2018

I had tried implementing this change from @bws because I am also interested in host based authentication method (which Ansible supports). But it would not run on my checkout of Paramiko and I didnt have time to work it out yet. It would be helpful is this feature was available in Paramiko so we are not stuck with ansible solutions.

@bws
Copy link
Author

bws commented Feb 14, 2019

It looks like we're going to be using paramiko on a new project, so I will fix up the patch to apply to paramiko master and issue a pull request.

@calccrypto calccrypto mentioned this issue Jun 17, 2019
Open
@ploxiln ploxiln mentioned this issue Sep 20, 2019
Open
asomers added a commit to asomers/paramiko that referenced this issue Jul 26, 2022
@asomers
Host based authentication
2811608 
Updated version of paramiko#1456 with
Python 3 support, ecdsa and ed25519 support, and a few other fixes.

Fixes paramiko#316
asomers added a commit to asomers/paramiko that referenced this issue Jul 26, 2022
@asomers
Host based authentication
5f1bbcf 
Updated version of paramiko#1456 with
Python 3 support, ecdsa and ed25519 support, and a few other fixes.

Fixes paramiko#316
asomers added a commit to asomers/paramiko that referenced this issue Jul 26, 2022
@asomers
Host based authentication
40d61f0 
Updated version of paramiko#1456 with
Python 3 support, ecdsa and ed25519 support, and a few other fixes.

Fixes paramiko#316
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@bitprophet @bws @pete312 @nlmills @danielballan