SSHClient: request host key type from known_hosts #910
Nah, at this point anything that makes backporting to 1.x hard is a good argument for "don't bother".
If someone who's stuck on 1.x (despite the security concerns, which was one reason we even did the backend switch in 2.0) is super upset they don't have such a change, they can submit their own PR :D
Added proper tests for this. If I run them against the 2.1 branch (without this PR), the ones which I expect to fail do so:
If we have a host keys that will be checked, we need to negotiate for the type we have. Commonly, openssh could have saved an ecdsa key in known_hosts, but SSHClient will let the Transport negotiate for an rsa key. Then it would consider a key of a non-corresponding type to be "missing". That situation is also now a BadHostKeyException. Before this change, a man-in-the-middle attack on the paramiko ssh client was possible by having only a host key type which differs from what the client has in known_hosts (and then giving any key of that type).