You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The high-level API, while convenient for simple uses, does not scale well into increased complexity. For example, many ssh options that one might set via "ssh -o" are not available. A common and important ssh tuning parameter is which cipher one wants to use. Setting to arcfour within a fairly secure context can be an effective way to reduce CPU load. As far as I've been able to tell, the only way to do this via paramiko's SSHClient class is to subclass and copy and paste the definition of connect, then modify the Transport object before connection. Eg: copy connect and insert
t.get_security_options().ciphers = ('arcfour128',)
at paramiko/client.py:298.
An inexhaustive list of ways this could be handled more maintainably could include:
initialisation or modification of the Transport is handled by a function that could be independently overridden in a subclass
initialisation of modification the Transport is handled by a callback (possibly via a some registration mechanism)
some sort of configuration dict to be passed around that would allow objects such as Transports to initialise themselves in a generally configurable way
The text was updated successfully, but these errors were encountered:
I just ran into this as well: I'm currently leaning in favor of the third option so you could simple do something like client.connect(transport_options={…}) to pass in kwargs. I'm using this monstrosity::
# See https://github.com/paramiko/paramiko/issues/50 for why we can't do something sane like this:# client.get_transport().get_security_options().ciphers = ciphers# Release the monkey:fromparamiko.transportimportTransportTransport._preferred_ciphers=ciphers+Transport._preferred_ciphers
I think this is definitely something that plagues the library overall - prior development didn't really prioritize being "Pythonic" or otherwise easy to use.
I'm redoing my Fabric library which is a layer on top of Paramiko, soon; when I do so I'll be taking a closer look at the APIs in Paramiko and hopefully rearranging things or at least providing additional glue & ability to override in a non awful fashion.
Leaving this open as kind of a pointer to some basic starting points.
The high-level API, while convenient for simple uses, does not scale well into increased complexity. For example, many ssh options that one might set via "ssh -o" are not available. A common and important ssh tuning parameter is which cipher one wants to use. Setting to arcfour within a fairly secure context can be an effective way to reduce CPU load. As far as I've been able to tell, the only way to do this via paramiko's SSHClient class is to subclass and copy and paste the definition of connect, then modify the Transport object before connection. Eg: copy connect and insert
t.get_security_options().ciphers = ('arcfour128',)
at paramiko/client.py:298.
An inexhaustive list of ways this could be handled more maintainably could include:
The text was updated successfully, but these errors were encountered: