Skip to content

Commit

Permalink
Clarify when passphrase callback is called
Browse files Browse the repository at this point in the history
This commit adds a note in SSHClientConnectionOptions and
SSHServerConnectionOptions about when calls are made to a callable
or coroutine passed in as a passphrase.
  • Loading branch information
ronf committed Mar 29, 2024
1 parent a93224f commit 23b3bbf
Showing 1 changed file with 16 additions and 0 deletions.
16 changes: 16 additions & 0 deletions asyncssh/connection.py
Original file line number Diff line number Diff line change
Expand Up @@ -7261,6 +7261,14 @@ class SSHClientConnectionOptions(SSHConnectionOptions):
that file. If not specified, only unencrypted client keys can
be loaded. If the keys passed into client_keys are already
loaded, this argument is ignored.
.. note:: A callable or coroutine passed in as a passphrase
will be called on all filenames configured as
client keys or client host keys each time an
SSHClientConnectionOptions object is instantiated,
even if the keys aren't encrypted or aren't ever
used for authentication.
:param ignore_encrypted: (optional)
Whether or not to ignore encrypted keys when no passphrase is
specified. This defaults to `True` when keys are specified via
Expand Down Expand Up @@ -7925,6 +7933,14 @@ class SSHServerConnectionOptions(SSHConnectionOptions):
that file. If not specified, only unencrypted server host keys
can be loaded. If the keys passed into server_host_keys are
already loaded, this argument is ignored.
.. note:: A callable or coroutine passed in as a passphrase
will be called on all filenames configured as
server host keys each time an
SSHServerConnectionOptions object is instantiated,
even if the keys aren't encrypted or aren't ever
used for server validation.
:param known_client_hosts: (optional)
A list of client hosts which should be trusted to perform
host-based client authentication. If this is not specified,
Expand Down

0 comments on commit 23b3bbf

Please sign in to comment.