Skip to content

Commit

Permalink
feat: Enable using only the SSH agent if asked.
Browse files Browse the repository at this point in the history
  • Loading branch information
gaima8 committed Nov 23, 2023
1 parent 53054ea commit 21fad15
Showing 1 changed file with 23 additions and 11 deletions.
34 changes: 23 additions & 11 deletions lib/jnpr/junos/device.py
Original file line number Diff line number Diff line change
Expand Up @@ -1219,6 +1219,12 @@ def __init__(self, *vargs, **kvargs):
*OPTIONAL* To disable public key authentication.
default is ``None``.
:param bool allow_agent:
*OPTIONAL* If ``True`` then the SSH config file is not parsed by PyEZ
and passed down to ncclient. If ``False`` then the SSH config file will
be parsed by PyEZ. If option is not provided will fallback to default
behavior. This option is passed down to the ncclient as is, if it is
present in the kwargs.
"""

# ----------------------------------------
Expand All @@ -1237,6 +1243,7 @@ def __init__(self, *vargs, **kvargs):
self._huge_tree = kvargs.get("huge_tree", False)
self._conn_open_timeout = kvargs.get("conn_open_timeout", 30)
self._look_for_keys = kvargs.get("look_for_keys", None)
self._allow_agent = kvargs.get('allow_agent', False)
if self._fact_style != "new":
warnings.warn(
"fact-style %s will be removed in a future "
Expand Down Expand Up @@ -1270,12 +1277,15 @@ def __init__(self, *vargs, **kvargs):
self._ssh_config = kvargs.get("ssh_config")
self._sshconf_lkup()
# but if user or private key is explicit from call, then use it.
self._auth_user = (
kvargs.get("user") or self._conf_auth_user or self._auth_user
)
self._ssh_private_key_file = (
kvargs.get("ssh_private_key_file") or self._conf_ssh_private_key_file
)
if self._allow_agent:
self._auth_user = (
kvargs.get('user') or self._auth_user
)
self._ssh_private_key_file = kvargs.get('ssh_private_key_file')
else:
self._ssh_private_key_file = (
kvargs.get("ssh_private_key_file") or self._conf_ssh_private_key_file
)
self._auth_password = kvargs.get("password") or kvargs.get("passwd")

# -----------------------------
Expand Down Expand Up @@ -1354,14 +1364,16 @@ def open(self, *vargs, **kvargs):
try:
ts_start = datetime.datetime.now()

# we want to enable the ssh-agent if-and-only-if we are
# enable the ssh-agent if asked, or if we are
# not given a password or an ssh key file.
# in this condition it means we want to query the agent
# for available ssh keys

allow_agent = bool(
(self._auth_password is None) and (self._ssh_private_key_file is None)
)
if self._allow_agent is False:
allow_agent = bool(
(self._auth_password is None) and (self._ssh_private_key_file is None)
)
else:
allow_agent = self._allow_agent

# option to disable ncclient transport ssh authentication
# using public keys look_for_keys=False
Expand Down

0 comments on commit 21fad15

Please sign in to comment.