So I traced down into paramiko, and the only place I see the list of allowed authentication types being set is part of:
def _parse_userauth_failure(self, m):
authlist = m.get_list()
partial = m.get_boolean()
if partial: self.transport._log(INFO, 'Authentication continues...') self.transport._log(DEBUG, 'Methods: ' + str(authlist)) self.transport.saved_exception = PartialAuthentication(authlist)
elif self.auth_method not in authlist: self.transport._log(INFO, 'Authentication type (%s) not permitted.' % self.auth_method) self.transport._log(DEBUG, 'Allowed methods: ' + str(authlist)) self.transport.saved_exception = BadAuthenticationType('Bad authentication type', authlist)
else: self.transport._log(INFO, 'Authentication (%s) failed.' % self.auth_method)
Now it would seem that transport.auth_publickey() can raise BadAuthenticationType, which would give us this info. The problem being that it would only do so if 'publickey' was not an allowed type to start with.
Put another way... we only find out that 'password' authentication is not allowed once an authentication attempt has been made and it fails because that method is not allowed.
Now I'm guessing that ssh protocol itself has a way to request the supported authentication methods up front, given that 'ssh -v bazaar.launchpad.net' says:
debug1: Connecting to bazaar.launchpad.net [91.189.90.11] port 22.
debug1: Connection established.
debug1: identity file /home/jameinel/.ssh/identity type -1
...
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
However, looking at paramiko the only thing it seems to support (as a server) is MSG_SERVICE_REQUEST 'ssh-userauth' which returns MSG_SERVICE_ACCEPT 'ssh-userauth'.
Anyway, I don't know the ssh protocol well enough, but I don't see a way in *paramiko* to explicitly query the remote server for a list of allowed authentication protocols. So for now, we only find out after it fails that it really doesn't support that...
So I traced down into paramiko, and the only place I see the list of allowed authentication types being set is part of: userauth_ failure( self, m):
self. transport. _log(INFO, 'Authentication continues...')
self. transport. _log(DEBUG, 'Methods: ' + str(authlist))
self. transport. saved_exception = PartialAuthenti cation( authlist)
self. transport. _log(INFO, 'Authentication type (%s) not permitted.' % self.auth_method)
self. transport. _log(DEBUG, 'Allowed methods: ' + str(authlist))
self. transport. saved_exception = BadAuthenticati onType( 'Bad authentication type', authlist)
self. transport. _log(INFO, 'Authentication (%s) failed.' % self.auth_method)
def _parse_
authlist = m.get_list()
partial = m.get_boolean()
if partial:
elif self.auth_method not in authlist:
else:
Now it would seem that transport. auth_publickey( ) can raise BadAuthenticati onType, which would give us this info. The problem being that it would only do so if 'publickey' was not an allowed type to start with.
Put another way... we only find out that 'password' authentication is not allowed once an authentication attempt has been made and it fails because that method is not allowed.
Now I'm guessing that ssh protocol itself has a way to request the supported authentication methods up front, given that 'ssh -v bazaar. launchpad. net' says: launchpad. net [91.189.90.11] port 22. .ssh/identity type -1 SERVICE_ REQUEST sent SERVICE_ ACCEPT received
debug1: Connecting to bazaar.
debug1: Connection established.
debug1: identity file /home/jameinel/
...
debug1: SSH2_MSG_
debug1: SSH2_MSG_
debug1: Authentications that can continue: publickey
However, looking at paramiko the only thing it seems to support (as a server) is MSG_SERVICE_REQUEST 'ssh-userauth' which returns MSG_SERVICE_ACCEPT 'ssh-userauth'.
Anyway, I don't know the ssh protocol well enough, but I don't see a way in *paramiko* to explicitly query the remote server for a list of allowed authentication protocols. So for now, we only find out after it fails that it really doesn't support that...