talnicolas opened a new issue #22194:
URL: https://github.com/apache/airflow/issues/22194
### Apache Airflow version
2.2.4 (latest released)
### What happened
After upgrading from 2.2.3 to 2.2.4 the Paramiko library upgraded from 2.8.1
to 2.9.2. After that change one of our SSH connections started to fail with the
following error:
```
File
"/usr/local/lib/python3.9/site-packages/airflow/models/taskinstance.py", line
1334, in _run_raw_task
self._execute_task_with_callbacks(context)
File
"/usr/local/lib/python3.9/site-packages/airflow/models/taskinstance.py", line
1460, in _execute_task_with_callbacks
result = self._execute_task(context, self.task)
File
"/usr/local/lib/python3.9/site-packages/airflow/models/taskinstance.py", line
1516, in _execute_task
result = execute_callable(context=context)
File
"/usr/local/lib/python3.9/site-packages/airflow/providers/ssh/operators/ssh.py",
line 175, in execute
raise AirflowException(f"SSH operator error: {str(e)}")
airflow.exceptions.AirflowException: SSH operator error: encountered RSA
key, expected OPENSSH key
```
After looking at [Paramiko
changelog](https://github.com/paramiko/paramiko/blob/main/sites/www/changelog.rst#id17)
we saw that since 2.9.0 they have made non-backward compatible changes to the
way they manage algorithms. In our case we are trying to connect to a server
that has the following version of openssh and openssl : OpenSSH_5.3p1, OpenSSL
1.0.1e-fips 11 Feb 2013.
### What you expected to happen
Our existing SSH connections to keep working regardless of the version of
OpenSSH used.
### How to reproduce
Connect through the 2.2.4 SSHOperator to a server that do not support either
RSA2 or the ``server-sig-algs`` protocol extension.
### Operating System
Debian GNU/Linux 11 (bullseye)
### Versions of Apache Airflow Providers
apache-airflow-providers-ssh==1!2.4.0
### Deployment
Astronomer
### Deployment details
_No response_
### Anything else
In their
[changelog](https://github.com/paramiko/paramiko/blob/main/sites/www/changelog.rst#id17)
Paramiko indicates that to workaround that issue it is possible to specify
``disabled_algorithms={'keys': ['rsa-sha2-256', 'rsa-sha2-512']}`` in either
SSHClient <paramiko.client.SSHClient.__init__> or Transport
<paramiko.transport.Transport.__init__>.
I'm wondering what could be the impact to add this to the
[SSHClient](https://github.com/apache/airflow/blob/ee9049c0566b2539a247687de05f9cffa008f871/airflow/providers/ssh/hooks/ssh.py#L260)?
### Are you willing to submit PR?
- [X] Yes I am willing to submit a PR!
### Code of Conduct
- [X] I agree to follow this project's [Code of
Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
