Python Paramiko

Python Paramiko - 确定可用的密码和密钥交换算法(Python Paramiko - Determine what ciphers and key-exchange algorithms are available)

我有一个使用Paramiko库用Python编写的自动SFTP程序。 如果我建立连接，我可以显示传输使用的密码和密钥交换算法。 但是，我不确定这与可用的算法和密码是否相同。

例：

>>> import paramiko >>> ssh = paramiko.SSHClient() >>> ssh.load_system_host_keys() >>> ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) >>> ssh.connect("myhost.example.com", 22, username="xyzzy") >>> t = ssh.get_transport() >>> so = t.get_security_options() >>> so.kex ('diffie-hellman-group14-sha1', 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group1-sha1') >>> so.ciphers ('aes128-ctr', 'aes256-ctr', 'aes128-cbc', 'blowfish-cbc', 'aes256-cbc', '3des-cbc', 'arcfour128', 'arcfour256')

这与可用的相同吗？ 如果没有，有没有办法以编程方式确定可用的内容？

I have an automated SFTP program written in Python using the Paramiko library. If I make a connection, I can show what ciphers and key exchange algorithms the transport is using. However, I am not sure this is the same thing as the algorithms and ciphers that are available.

Example:

>>> import paramiko >>> ssh = paramiko.SSHClient() >>> ssh.load_system_host_keys() >>> ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) >>> ssh.connect("myhost.example.com", 22, username="xyzzy") >>> t = ssh.get_transport() >>> so = t.get_security_options() >>> so.kex ('diffie-hellman-group14-sha1', 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group1-sha1') >>> so.ciphers ('aes128-ctr', 'aes256-ctr', 'aes128-cbc', 'blowfish-cbc', 'aes256-cbc', '3des-cbc', 'arcfour128', 'arcfour256')

Is this the same as what is available? If not, is there any way to determine what is available programmatically?

最满意答案

Transport.get_security_options()返回的SecurityOptions类是：

包含ssh传输的安全性首选项的简单对象。 这些是可接受的密码，摘要，密钥类型和密钥交换算法的元组，按优先顺序列出。

因此，它列出了Paramiko库支持的密码和kex算法（或者您已配置/允许的子集）。

是的，你（和Paramiko）正在为连接提供什么。

最终实际使用的是服务器也支持（在您的术语中可用 ）最优选的密码/密钥算法。

The SecurityOptions class returned by the Transport.get_security_options() is :

Simple object containing the security preferences of an ssh transport. These are tuples of acceptable ciphers, digests, key types, and key exchange algorithms, listed in order of preference.

So it lists ciphers and kex algorithms that the Paramiko library supports (or a subset that you have configured/allowed).

It is, what you (and Paramiko) are making available for the connection.

What is actually used in the end is the most preferred cipher/kex algorithm that is also supported (available in your terms) by the server.