SSH keys should not be used when logging in with username and password

[yanne]

I need to have the ability to pass arguments to paramiko when creating the connection.

I ran into a problem with "SSHD-CORE-0.6.0" which is a java based SSHD server.

DEBUG:paramiko.transport:userauth is OK DEBUG:paramiko.transport:Authentication type (publickey) not permitted. DEBUG:paramiko.transport:Allowed methods: ['password'] INFO:paramiko.transport:Disconnect (code 2): Protocol error: expected packet SSH_MSG_USERAUTH_REQUEST, got SSH_MSG_SERVICE_REQUEST

I'm not sure if the Java based SSHD client is doing it wrong or paramiko. I found that using look_for_keys=False in the paramiko.SSHClient.connect() method bypasses the publickey attempt and logs in successfully.

The SSHLibrary.login does not allow paramiko otpions to be passed to the connection, I've attached a patch that will allow for a user to passing in Key/Value pairs when calling login.

thanks

This issue was originally opened at Google Code on Mar 7, 2013.

[yanne]

Original comment by anssi.sy...@eficode.com on Aug 1, 2013.

Searching for key files when authenticating with username and password (Login keyword) is now disabled by https://code.google.com/p/robotframework-sshlibrary/source/detail?r=8487b4ae59f1eaf736c624ec834fb954cb078e6e .

Please verify that this fixes the problem.

[yanne]

Original comment by m...@terzo.org on Aug 2, 2013.

Not sure why you want to limit it to just look for keys. What if there is a different option that needs to be used?

[yanne]

Original comment by anssi.sy...@eficode.com on Aug 14, 2013.

Looking for keys is still not configurable, i.e. it is still not possible to pass Paramiko options directly as arguments to Login or Login With Public Key keywords.

The change done is a workaround to make Paramiko to not look for keys when using Login keyword, i.e. when authenticating with username and password and not with any key. Did this workaround fix your problem?

I see your point, but the problem here is that there are no common connection options that would apply both for Paramiko and Trilead SSH Library. Some authentication parameters can be configured when creating a new connection with Paramiko but Trilead SSH library is very limited at least in this sense.

Do you have some particular connection or login options in mind, that are likely needed to be changed?

[yanne]

Original comment by pekka.klarck on Oct 17, 2013.

Not using SSH keys at all when logging with username/password definitely makes sense. The related change looks good too.

I agree with Anssi that supporting connection options in general is problematic because Paramiko and Trilead have different API. If there are special needs, we obviously can add configuration parameters, even if they would only work with one of these tools. Alternatively we could just accept **config and pass it directly to Paramiko/Trilead. This would be flexible, but would require pretty good knowledge on Paramiko/Trilead API. Anyway, any enhancements related to this need to be submitted as separate issues.