diff --git a/changelogs/fragments/libssh_pubkey_algo.yml b/changelogs/fragments/libssh_pubkey_algo.yml
new file mode 100644
index 000000000..7e2ae9f1b
--- /dev/null
+++ b/changelogs/fragments/libssh_pubkey_algo.yml
@@ -0,0 +1,3 @@
+---
+minor_changes:
+ - "Exposes new libssh options to configure publickey_accepted_algorithms and hostkeys. This requires ansible-pylibssh v1.1.0 or higher."
diff --git a/docs/ansible.netcommon.libssh_connection.rst b/docs/ansible.netcommon.libssh_connection.rst
index 42a5b4628..478f9e3e2 100644
--- a/docs/ansible.netcommon.libssh_connection.rst
+++ b/docs/ansible.netcommon.libssh_connection.rst
@@ -108,6 +108,29 @@ Parameters
Set this to "False" if you want to avoid host key checking by the underlying tools Ansible uses to connect to the host
+
+ |
+
+ hostkeys
+
+
+ string
+
+ |
+
+ Default:
""
+ |
+
+ ini entries:
+ [libssh_connection]
hostkeys =
+ env:ANSIBLE_LIBSSH_HOSTKEYS
+ var: ansible_libssh_hostkeys
+ |
+
+ Set the preferred server host key types as a comma-separated list (e.g., ssh-rsa,ssh-dss,ecdh-sha2-nistp256).
+ |
+
|
@@ -220,6 +243,29 @@ Parameters
TODO: write it
|
+
+ |
+
+ publickey_accepted_algorithms
+
+
+ string
+
+ |
+
+ Default:
""
+ |
+
+ ini entries:
+ [libssh_connection]
publickey_algorithms =
+ env:ANSIBLE_LIBSSH_PUBLICKEY_ALGORITHMS
+ var: ansible_libssh_publickey_algorithms
+ |
+
+ List of algorithms to forward to SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES.
+ |
+
|
diff --git a/plugins/connection/libssh.py b/plugins/connection/libssh.py
index 4553c5c48..acb27612a 100644
--- a/plugins/connection/libssh.py
+++ b/plugins/connection/libssh.py
@@ -100,6 +100,27 @@
- section: libssh_connection
key: pty
type: boolean
+ publickey_accepted_algorithms:
+ default: ''
+ description:
+ - List of algorithms to forward to SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES.
+ type: string
+ env:
+ - name: ANSIBLE_LIBSSH_PUBLICKEY_ALGORITHMS
+ ini:
+ - {key: publickey_algorithms, section: libssh_connection}
+ vars:
+ - name: ansible_libssh_publickey_algorithms
+ hostkeys:
+ default: ''
+ description: Set the preferred server host key types as a comma-separated list (e.g., ssh-rsa,ssh-dss,ecdh-sha2-nistp256).
+ type: string
+ env:
+ - name: ANSIBLE_LIBSSH_HOSTKEYS
+ ini:
+ - {key: hostkeys, section: libssh_connection}
+ vars:
+ - name: ansible_libssh_hostkeys
host_key_checking:
description: 'Set this to "False" if you want to avoid host key checking by the underlying tools Ansible uses to connect to the host'
type: boolean
@@ -401,6 +422,14 @@ def _connect_uncached(self):
"Please upgrade to ansible-pylibssh 1.0.0 or newer." % PYLIBSSH_VERSION
)
+ if self.get_option("publickey_accepted_algorithms"):
+ ssh_connect_kwargs["publickey_accepted_algorithms"] = self.get_option(
+ "publickey_accepted_algorithms"
+ )
+
+ if self.get_option("hostkeys"):
+ ssh_connect_kwargs["hostkeys"] = self.get_option("hostkeys")
+
self.ssh.set_missing_host_key_policy(MyAddPolicy(self._new_stdin, self))
self.ssh.connect(
|