Comment 9 for bug 375867

So... good and bad. It turns out that we should be able to do:

try:
  t.auth_none(username)
except paramiko.BadAuthenticationType, e:
  supported_types = e.allowed_types

And that does, indeed say ['publickey']

The bad is that the default code for paramiko's auth handling has:
        else:
            self.transport._log(INFO, 'Authentication (%s) failed.' % self.auth_method)

Which means that on every connect you would see:
  Connected (version 2.0, client Twisted)
  Authentication type (none) not permitted.

I suppose if we know that, we could use something from logging to temporarily disable INFO level logging. Something like:

logger = logging.getLogger('bzr.paramiko')
old_level = logger.level
logger.setLevel(logging.CRITICAL)
try:
  t.auth_none(username)
except paramiko.BadAuthenticationType, e:
  supported_types = e.allowed_types
else:
  return # We seem to have succeeded at authenticating without a password or ssh key
logger.setLevel(old_level)

And then we have the supported types list, without printing out cruft.

We can chose how we want to treat it from there, but I think all of that can be nicely encapsulated into
bzrlib/transport/ssh.py _paramiko_auth()

Someone just needs to write up the final patch for it.