From b343753f1cd68f1890e501ea1c0e897ae6701ef8 Mon Sep 17 00:00:00 2001 From: chidanandpujar Date: Tue, 3 Sep 2024 12:58:00 +0530 Subject: [PATCH] Option to enable SSH known host key verification --- lib/jnpr/junos/device.py | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/lib/jnpr/junos/device.py b/lib/jnpr/junos/device.py index 641806803..6042cd5ef 100644 --- a/lib/jnpr/junos/device.py +++ b/lib/jnpr/junos/device.py @@ -1216,6 +1216,10 @@ def __init__(self, *vargs, **kvargs): *OPTIONAL* To disable public key authentication. default is ``None``. + :param bool hostkey_verify: + *OPTIONAL* To enable ssh_known hostkey verify + default is ``False``. + """ # ---------------------------------------- @@ -1234,6 +1238,7 @@ def __init__(self, *vargs, **kvargs): self._huge_tree = kvargs.get("huge_tree", False) self._conn_open_timeout = kvargs.get("conn_open_timeout", 30) self._look_for_keys = kvargs.get("look_for_keys", None) + self._hostkey_verify = kvargs.get("hostkey_verify", False) if self._fact_style != "new": warnings.warn( "fact-style %s will be removed in a future " @@ -1367,6 +1372,14 @@ def open(self, *vargs, **kvargs): else: look_for_keys = self._look_for_keys + # option to enable ssh_known hosts key verification + # using hostkey_verify=True + # Default is disabled with hostkey_verify=False + if self._hostkey_verify is None: + hostkey_verify = False + else: + hostkey_verify = self._hostkey_verify + # open connection using ncclient transport self._conn = netconf_ssh.connect( host=self._hostname, @@ -1374,7 +1387,7 @@ def open(self, *vargs, **kvargs): sock_fd=self._sock_fd, username=self._auth_user, password=self._auth_password, - hostkey_verify=False, + hostkey_verify=hostkey_verify, key_filename=self._ssh_private_key_file, allow_agent=allow_agent, look_for_keys=look_for_keys,