[paramiko] alternate ciphers
james bardin
jbardin at bu.edu
Wed Jan 27 06:46:45 PST 2010
On Wed, Jan 27, 2010 at 6:40 AM, Marcin Krol <mrkafk at gmail.com> wrote:
>> ###############
>> import paramiko
>> import socket
>> s = socket.socket()
>> s.connect(('localhost', 22))
>> t = paramiko.Transport(s)
>> t.get_security_options().ciphers = ('arcfour128',)
>> t.connect
>> .....
>
>
> Regardless of what I set as .ciphers in transport (using both = and method
> _set_ciphers), the transport still uses original ciphers tuple.
>
You have to set the ciphers before you connect. You can't change the
cipher once the encryption has already been negotiated.
The above code does work - here's the log output from the server side:
sshd[22168]: debug1: kex: client->server arcfour128 hmac-sha1 none
sshd[22168]: debug1: kex: server->client arcfour128 hmac-sha1 none
> The code:
>
> cph = transport.get_security_options()._get_ciphers()
> print 'orig ciphers', cph
> if 'blowfish-cbc' in cph:
> cph = list(cph)
> cph.remove('blowfish-cbc')
> cph = tuple(['blowfish-cbc'] + cph)
> #transport.get_security_options()._set_ciphers(cph)
> transport.get_security_options().ciphers = cph
> transport.get_security_options().ciphers = ('blowfish-cbc',)
> print 'ciphers', transport.get_security_options()._get_ciphers()
> channel = transport.open_session()
> scpcmd = 'scp -t -v %s\n' % self.rfpath
> try:
> channel.exec_command(scpcmd)
> except paramiko.SSHException, e:
>
More information about the paramiko
mailing list