Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Support for ECDH Key Exchange #951
Paramiko doesn't support any of the ecdh-sha2-* family of elliptic curve based DH key exchange algorithms. Some hardened servers and the few servers operating in FIPS mode only support ecdh key exchange algorithms. FIPS standard is going to remove
I have tested this with servers only supporting ECDH kex and also client only supporting ECDH kex with paramiko as server.
When we're talking near single digit number of lines in each chunk, for chunks of code which are strongly thematically related, I'm definitely all for minimizing number of files. So I agree with @ploxiln's original assessment.
Sadly, this codebase is nearly 15 years old now (and my personal involvement [I'm a picky bastard] has only been the last ~5, and that at times minimal) so...following existing style doesn't count for quite as much as in some other projects
Thanks for this!
Merged & gussied up w/ changelog, trailing comma, etc. Thanks @shashankv02 !
@ploxiln I figure like with the changes from yesterday, we should strongly consider moving the new kex algos above the older DH ones, so that we match OpenSSH's default ordering - thoughts? As with the host key changes, since this doesn't impact user key selection it feels relatively safe, compatibility wise. (Especially as it is going into 2.2 and not 2.0/2.1.)