SSH disabled algorithms (#2648)

* Add support for SSH disabled_algorithms parameter introduced in Paramiko 2.6.0 * Fixing test issue; adding Zyxel platform to docs as forgot to add it earlier * Simplifying type hints Co-authored-by: Baptiste Jonglez <baptiste.jonglez@inria.fr>

SSH disabled algorithms (#2648)
4e0928e0 · Kirk Byers · GitHub · b843a7a0 · 4e0928e0 · 4e0928e0
Unverified Commit 4e0928e0 authored 3 years ago by Kirk Byers Committed by GitHub 3 years ago
--- a/PLATFORMS.md
+++ b/PLATFORMS.md
@@ -91,6 +91,7 @@
 - Ubiquiti Unifi Switch
 - Versa Networks FlexVNF
 - Watchguard Firebox
+- Zyxel NOS
 - 6WIND TurboRouter

 ###### Supported SSH device_type values
@@ -207,6 +208,7 @@
 - watchguard_fireware
 - yamaha
 - zte_zxros
+- zyxel_os
 
 ###### Supported Telnet device_type values
 

--- a/netmiko/base_connection.py
+++ b/netmiko/base_connection.py
@@ -145,6 +145,7 @@ class BaseConnection:
        key_file: Optional[str] = None,
        pkey: Optional[paramiko.PKey] = None,
        passphrase: Optional[str] = None,
+        disabled_algorithms: Optional[Dict[str, Any]] = None,
        allow_agent: bool = False,
        ssh_strict: bool = False,
        system_host_keys: bool = False,
@@ -214,6 +215,9 @@ class BaseConnection:
        :param passphrase: Passphrase to use for encrypted key; password will be used for key
                decryption if not specified.

+        :param disabled_algorithms: Dictionary of SSH algorithms to disable. Refer to the Paramiko
+                documentation for a description of the expected format.
+
        :param allow_agent: Enable use of SSH key-agent.

        :param ssh_strict: Automatically reject unknown SSH host keys (default: False, which
@@ -419,6 +423,7 @@ class BaseConnection:
            self.system_host_keys = system_host_keys
            self.alt_host_keys = alt_host_keys
            self.alt_key_file = alt_key_file
+            self.disabled_algorithms = disabled_algorithms or {}

            # For SSH proxy support
            self.ssh_config_file = ssh_config_file
@@ -954,6 +959,7 @@ You can look at the Netmiko session_log or debug log for more information.
            "key_filename": self.key_file,
            "pkey": self.pkey,
            "passphrase": self.passphrase,
+            "disabled_algorithms": self.disabled_algorithms,
            "timeout": self.conn_timeout,
            "auth_timeout": self.auth_timeout,
            "banner_timeout": self.banner_timeout,

--- a/tests/unit/test_base_connection.py
+++ b/tests/unit/test_base_connection.py
@@ -56,6 +56,7 @@ def test_use_ssh_file():
        timeout=60,
        pkey=None,
        passphrase=None,
+        disabled_algorithms=None,
        auth_timeout=None,
        banner_timeout=10,
        conn_timeout=5,
@@ -76,6 +77,7 @@ def test_use_ssh_file():
        "timeout": 5,
        "pkey": None,
        "passphrase": None,
+        "disabled_algorithms": None,
        "auth_timeout": None,
        "banner_timeout": 10,
    }
@@ -101,6 +103,7 @@ def test_use_ssh_file_proxyjump():
        timeout=60,
        pkey=None,
        passphrase=None,
+        disabled_algorithms=None,
        auth_timeout=None,
        conn_timeout=5,
        banner_timeout=10,
@@ -121,6 +124,7 @@ def test_use_ssh_file_proxyjump():
        "timeout": 5,
        "pkey": None,
        "passphrase": None,
+        "disabled_algorithms": None,
        "auth_timeout": None,
        "banner_timeout": 10,
    }
@@ -145,6 +149,7 @@ def test_connect_params_dict():
        timeout=60,
        pkey=None,
        passphrase=None,
+        disabled_algorithms=None,
        auth_timeout=None,
        banner_timeout=10,
        conn_timeout=3,
@@ -163,6 +168,7 @@ def test_connect_params_dict():
        "timeout": 3,
        "pkey": None,
        "passphrase": None,
+        "disabled_algorithms": None,
        "auth_timeout": None,
        "banner_timeout": 10,
        "sock": None,