Paramiko 是否支持基于证书的身份验证

Question

Paramiko 是否支持基于证书的身份验证？ connect方法中的key_filename提到它同时支持私钥和证书，这里的证书是指基于证书的身份验证吗？

key_filename (str) – the filename, or list of filenames, of optional private key(s) and/or certs to try for authentication

connect(hostname, port=22, username=None, password=None, pkey=None, 
    key_filename=None, timeout=None, allow_agent=True, 
    look_for_keys=True, compress=False, sock=None, gss_auth=False, 
    gss_kex=False, gss_deleg_creds=True, gss_host=None, 
    banner_timeout=None, auth_timeout=None, gss_trust_dns=True, 
    passphrase=None, disabled_algorithms=None)

Answer 1

Paramiko 支持 proprietary OpenSSH public key algorithms supporting certificates.

SSHClient.connect method 的文档对此更清楚（比 key_filename 参数本身的文档）：

key_filename may contain OpenSSH public certificate paths as well as regular private-key paths;