pythonsshparamikopublic-keyopenssh

Does Paramiko support certificate based authentication


Does Paramiko support certificate based authentication? The key_filename from the connect method mentioned that it supports both private keys and certs, is the certs here means Certificate-Based Authentication?

key_filename (str) – the filename, or list of filenames, of optional private key(s) and/or certs to try for authentication

connect(hostname, port=22, username=None, password=None, pkey=None, 
    key_filename=None, timeout=None, allow_agent=True, 
    look_for_keys=True, compress=False, sock=None, gss_auth=False, 
    gss_kex=False, gss_deleg_creds=True, gss_host=None, 
    banner_timeout=None, auth_timeout=None, gss_trust_dns=True, 
    passphrase=None, disabled_algorithms=None)

Solution

  • Paramiko supports proprietary OpenSSH public key algorithms supporting certificates.

    The documentation of the SSHClient.connect method is more clear about it (than the documentation of the key_filename parameter itself):

    key_filename may contain OpenSSH public certificate paths as well as regular private-key paths;