Expose new libssh option publickey_accepted_algorithms (#597)

* Expose new libssh option publickey_accepted_algorithms --------- Signed-off-by: NilashishC <[email protected]> Co-authored-by: NilashishC <[email protected]>
ansible-collections · Oct 31, 2024 · dd530df · dd530df
1 parent 35be779
commit dd530df
Show file tree

Hide file tree

Showing 3 changed files with 78 additions and 0 deletions.
diff --git a/changelogs/fragments/libssh_pubkey_algo.yml b/changelogs/fragments/libssh_pubkey_algo.yml
@@ -0,0 +1,3 @@
+---
+minor_changes:
+  - "Exposes new libssh options to configure publickey_accepted_algorithms and hostkeys. This requires ansible-pylibssh v1.1.0 or higher."
diff --git a/docs/ansible.netcommon.libssh_connection.rst b/docs/ansible.netcommon.libssh_connection.rst
@@ -108,6 +108,29 @@ Parameters
                         <div>Set this to &quot;False&quot; if you want to avoid host key checking by the underlying tools Ansible uses to connect to the host</div>
                 </td>
             </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>hostkeys</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                        <b>Default:</b><br/><div style="color: blue">""</div>
+                </td>
+                    <td>
+                            <div> ini entries:
+                                    <p>[libssh_connection]<br>hostkeys = </p>
+                            </div>
+                                <div>env:ANSIBLE_LIBSSH_HOSTKEYS</div>
+                                <div>var: ansible_libssh_hostkeys</div>
+                    </td>
+                <td>
+                        <div>Set the preferred server host key types as a comma-separated list (e.g., ssh-rsa,ssh-dss,ecdh-sha2-nistp256).</div>
+                </td>
+            </tr>
             <tr>
                 <td colspan="1">
                     <div class="ansibleOptionAnchor" id="parameter-"></div>
@@ -220,6 +243,29 @@ Parameters
                         <div>TODO: write it</div>
                 </td>
             </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>publickey_accepted_algorithms</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                        <b>Default:</b><br/><div style="color: blue">""</div>
+                </td>
+                    <td>
+                            <div> ini entries:
+                                    <p>[libssh_connection]<br>publickey_algorithms = </p>
+                            </div>
+                                <div>env:ANSIBLE_LIBSSH_PUBLICKEY_ALGORITHMS</div>
+                                <div>var: ansible_libssh_publickey_algorithms</div>
+                    </td>
+                <td>
+                        <div>List of algorithms to forward to SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES.</div>
+                </td>
+            </tr>
             <tr>
                 <td colspan="1">
                     <div class="ansibleOptionAnchor" id="parameter-"></div>

diff --git a/plugins/connection/libssh.py b/plugins/connection/libssh.py
@@ -100,6 +100,27 @@
           - section: libssh_connection
             key: pty
         type: boolean
+      publickey_accepted_algorithms:
+        default: ''
+        description:
+            - List of algorithms to forward to SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES.
+        type: string
+        env:
+          - name: ANSIBLE_LIBSSH_PUBLICKEY_ALGORITHMS
+        ini:
+          - {key: publickey_algorithms, section: libssh_connection}
+        vars:
+          - name: ansible_libssh_publickey_algorithms
+      hostkeys:
+        default: ''
+        description: Set the preferred server host key types as a comma-separated list (e.g., ssh-rsa,ssh-dss,ecdh-sha2-nistp256).
+        type: string
+        env:
+          - name: ANSIBLE_LIBSSH_HOSTKEYS
+        ini:
+          - {key: hostkeys, section: libssh_connection}
+        vars:
+          - name: ansible_libssh_hostkeys
       host_key_checking:
         description: 'Set this to "False" if you want to avoid host key checking by the underlying tools Ansible uses to connect to the host'
         type: boolean
@@ -401,6 +422,14 @@ def _connect_uncached(self):
                     "Please upgrade to ansible-pylibssh 1.0.0 or newer." % PYLIBSSH_VERSION
                 )
 
+            if self.get_option("publickey_accepted_algorithms"):
+                ssh_connect_kwargs["publickey_accepted_algorithms"] = self.get_option(
+                    "publickey_accepted_algorithms"
+                )
+
+            if self.get_option("hostkeys"):
+                ssh_connect_kwargs["hostkeys"] = self.get_option("hostkeys")
+
             self.ssh.set_missing_host_key_policy(MyAddPolicy(self._new_stdin, self))
 
             self.ssh.connect(