From 7a2c84afaada7a513ee482ba36e8848528b6f5f3 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 22 Apr 2022 19:11:03 -0400 Subject: Add -cert-v01@openssh.com variants to accepted host key algorithms Solves #2035 --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 067a73ba..eb1e0704 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +- :bug:`2035` Servers offering certificate variants of hostkey algorithms (eg + ``ssh-rsa-cert-v01@openssh.com``) could not have their host keys verified by + Paramiko clients, as it only ever considered non-cert key types for that part + of connection handshaking. This has been fixed. - :release:`2.10.3 <2022-03-18>` - :release:`2.9.3 <2022-03-18>` - :bug:`1963` (via :issue:`1977`) Certificate-based pubkey auth was -- cgit v1.2.1 From d7fe051087fc9bd31dc0c42da63b3ae4852f6d2d Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 25 Apr 2022 08:14:06 -0400 Subject: Changelog re #1964, #2024, #2023 --- sites/www/changelog.rst | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'sites') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 358b8d8e..a7c6b2e6 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,12 @@ Changelog ========= +- :bug:`1964` (via :issue:`2024` as also reported in :issue:`2023`) + `~paramiko.pkey.PKey` instances' ``__eq__`` did not have the usual safety + guard in place to ensure they were being compared to another ``PKey`` object, + causing occasional spurious ``BadHostKeyException`` (among other things). + This has been fixed. Thanks to Shengdun Hua for the original report/patch and + to Christopher Papke for the final version of the fix. - :release:`2.9.3 <2022-03-18>` - :bug:`1963` (via :issue:`1977`) Certificate-based pubkey auth was inadvertently broken when adding SHA2 support; this has been fixed. Reported -- cgit v1.2.1