From dc059f666b6f82ee0de5fc6d6236a989d34ba2a7 Mon Sep 17 00:00:00 2001 From: Doug Latornell Date: Tue, 8 Mar 2022 11:22:54 -0800 Subject: [PATCH] Handle legacy ssh servers that don't use rsa-sha2 e.g. orcinus & optimum in Mar-2022 re: issue #96 --- nowcast/ssh_sftp.py | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/nowcast/ssh_sftp.py b/nowcast/ssh_sftp.py index 28fba115..b504dbb3 100644 --- a/nowcast/ssh_sftp.py +++ b/nowcast/ssh_sftp.py @@ -67,10 +67,19 @@ def ssh(host, key_filename, ssh_config_file="~/.ssh/config"): with open(os.path.expanduser(ssh_config_file)) as f: ssh_config.parse(f) host = ssh_config.lookup(host) - ssh_client.connect( - host["hostname"], username=host["user"], key_filename=os.fspath(key_filename), - allow_agent=False, look_for_keys=False, - ) + try: + # Modern ssh server that uses a rsa-sha2 algorithm; e.g. arbutus and graham + ssh_client.connect( + host["hostname"], username=host["user"], key_filename=os.fspath(key_filename), + allow_agent=False, look_for_keys=False, + ) + except paramiko.ssh_exception.SSHException: + # Legacy ssh server that doesn't use rsa-sha2 algorithms; e.g. orcinus and optimum + ssh_client.connect( + host["hostname"], username=host["user"], key_filename=os.fspath(key_filename), + allow_agent=False, look_for_keys=False, + disabled_algorithms={'pubkeys': ['rsa-sha2-512', 'rsa-sha2-256']}, + ) return ssh_client