Ability to disable algorithms

MarketSquare / SSHLibrary

Robot Framework test library for SSH and SFTP

http://marketsquare.github.io/SSHLibrary/

Other

158 stars 139 forks source link

Ability to disable algorithms #439

Open miikaoskari opened 7 months ago

miikaoskari commented 7 months ago

This pull request adds the ability to pass disabled_algorithms when connecting. Helped me connect to a legacy ssh server.

disabled_algorithms are passed as a dictionary like in paramiko {'pubkeys': ['rsa-sha2-256', 'rsa-sha2-512']}

This PR might need something that I am not aware of. Let me know, I can fix it!

Noordsestern commented 3 months ago

ah, i merged in wrong order... i merged the removal of python 2 and jython first. Could you do the trick again and add a test if this is working? I think, we actually have test cases that fail because old algorithms are used (exactly the ones you mention).

miikaoskari commented 3 months ago

Yeah sure. I'll check next week and let you know :)

Noordsestern commented 2 months ago

Do you have a test case demonstrating how to use this feature? When i set the disabled_algorithms parameter, i get an error message saying that list does not have a method get

miikaoskari commented 2 months ago

Hi! Sorry, I have been quite busy and have not had the chance to check the test cases yet. However before the merge I used them like this

VAR    @{pubkeys}   rsa-sha2-512    rsa-sha2-256
VAR    &{disabled_algorithms}    pubkeys=${pubkeys}
Login With Public Key    username=root    keyfile=keyfile    disabled_algorithms=${disabled_algorithms}

I'll give it a shot now and test

Noordsestern commented 2 months ago

Ok, could you please add the testcase to atest/login.robot and document the parameter in login keyword documentation? In documentation you could reference paramiko-Transport class where the options for disabled-algorithms are listed: https://docs.paramiko.org/en/latest/api/transport.html#paramiko.transport.Transport

miikaoskari commented 2 months ago

Seems that with the keyfile implementation I am running to this failure. Related to #448

------------------------------------------------------------------------------
Login With Disabled Algorithms And Public Key                         | FAIL |
ValueError: q must be exactly 160, 224, or 256 bits long
------------------------------------------------------------------------------

Noordsestern commented 2 months ago

The error is misleading (coming from paramiko or even deeper). What the message actually tries to say: the username does not exist in target system.

miikaoskari commented 2 months ago

Okay I am getting passing tests for disabled algorithms now. The error was because the key was RSA which I had disabled as an algorithm and paramiko fallbacked to DSA? :smile: