Too difficult to change ciphers, set ssh options in high-level API #50
Milestone
Comments
|
I just ran into this as well: I'm currently leaning in favor of the third option so you could simple do something like # See https://github.com/paramiko/paramiko/issues/50 for why we can't do something sane like this:
# client.get_transport().get_security_options().ciphers = ciphers
# Release the monkey:
from paramiko.transport import Transport
Transport._preferred_ciphers = ciphers + Transport._preferred_ciphers |
|
I think this is definitely something that plagues the library overall - prior development didn't really prioritize being "Pythonic" or otherwise easy to use. I'm redoing my Fabric library which is a layer on top of Paramiko, soon; when I do so I'll be taking a closer look at the APIs in Paramiko and hopefully rearranging things or at least providing additional glue & ability to override in a non awful fashion. Leaving this open as kind of a pointer to some basic starting points. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The high-level API, while convenient for simple uses, does not scale well into increased complexity. For example, many ssh options that one might set via "ssh -o" are not available. A common and important ssh tuning parameter is which cipher one wants to use. Setting to arcfour within a fairly secure context can be an effective way to reduce CPU load. As far as I've been able to tell, the only way to do this via paramiko's SSHClient class is to subclass and copy and paste the definition of connect, then modify the Transport object before connection. Eg: copy connect and insert
t.get_security_options().ciphers = ('arcfour128',)
at paramiko/client.py:298.
An inexhaustive list of ways this could be handled more maintainably could include:
The text was updated successfully, but these errors were encountered: