From 7adec7c2a4033fd3a4ef6a33bfb236b3d5714a8b Mon Sep 17 00:00:00 2001
From: Kate Case <this.is@katherineca.se>
Date: Fri, 27 Oct 2023 18:15:03 -0400
Subject: [PATCH 1/3] Expose new libssh option publickey_accepted_algorithms

---
 docs/ansible.netcommon.libssh_connection.rst | 23 ++++++++++++++++++++
 plugins/connection/libssh.py                 | 16 ++++++++++++++
 2 files changed, 39 insertions(+)

diff --git a/docs/ansible.netcommon.libssh_connection.rst b/docs/ansible.netcommon.libssh_connection.rst
index 42a5b4628..14843cf4f 100644
--- a/docs/ansible.netcommon.libssh_connection.rst
+++ b/docs/ansible.netcommon.libssh_connection.rst
@@ -220,6 +220,29 @@ Parameters
                         <div>TODO: write it</div>
                 </td>
             </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>publickey_accepted_algorithms</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                        <b>Default:</b><br/><div style="color: blue">""</div>
+                </td>
+                    <td>
+                            <div> ini entries:
+                                    <p>[libssh_connection]<br>publickey_algorithms = </p>
+                            </div>
+                                <div>env:ANSIBLE_LIBSSH_PUBLICKEY_ALGORITHMS</div>
+                                <div>var: ansible_libssh_publickey_algorithms</div>
+                    </td>
+                <td>
+                        <div>List of algorithms to forward to SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES.</div>
+                </td>
+            </tr>
             <tr>
                 <td colspan="1">
                     <div class="ansibleOptionAnchor" id="parameter-"></div>
diff --git a/plugins/connection/libssh.py b/plugins/connection/libssh.py
index 4553c5c48..769b2c0fb 100644
--- a/plugins/connection/libssh.py
+++ b/plugins/connection/libssh.py
@@ -100,6 +100,17 @@
           - section: libssh_connection
             key: pty
         type: boolean
+      publickey_accepted_algorithms:
+        default: ''
+        description:
+            - List of algorithms to forward to SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES.
+        type: string
+        env:
+          - name: ANSIBLE_LIBSSH_PUBLICKEY_ALGORITHMS
+        ini:
+          - {key: publickey_algorithms, section: libssh_connection}
+        vars:
+          - name: ansible_libssh_publickey_algorithms
       host_key_checking:
         description: 'Set this to "False" if you want to avoid host key checking by the underlying tools Ansible uses to connect to the host'
         type: boolean
@@ -401,6 +412,11 @@ def _connect_uncached(self):
                     "Please upgrade to ansible-pylibssh 1.0.0 or newer." % PYLIBSSH_VERSION
                 )
 
+            if self.get_option("publickey_accepted_algorithms"):
+                ssh_connect_kwargs["publickey_accepted_algorithms"] = self.get_option(
+                    "publickey_accepted_algorithms"
+                )
+
             self.ssh.set_missing_host_key_policy(MyAddPolicy(self._new_stdin, self))
 
             self.ssh.connect(

From e3a792c2ec13e98f4d0388e40d71b5479782c132 Mon Sep 17 00:00:00 2001
From: NilashishC <nilashishchakraborty8@gmail.com>
Date: Mon, 30 Oct 2023 20:38:54 +0530
Subject: [PATCH 2/3] Expose preferred hostkeys option

Signed-off-by: NilashishC <nilashishchakraborty8@gmail.com>
---
 docs/ansible.netcommon.libssh_connection.rst | 23 ++++++++++++++++++++
 plugins/connection/libssh.py                 | 13 +++++++++++
 2 files changed, 36 insertions(+)

diff --git a/docs/ansible.netcommon.libssh_connection.rst b/docs/ansible.netcommon.libssh_connection.rst
index 14843cf4f..478f9e3e2 100644
--- a/docs/ansible.netcommon.libssh_connection.rst
+++ b/docs/ansible.netcommon.libssh_connection.rst
@@ -108,6 +108,29 @@ Parameters
                         <div>Set this to &quot;False&quot; if you want to avoid host key checking by the underlying tools Ansible uses to connect to the host</div>
                 </td>
             </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>hostkeys</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                        <b>Default:</b><br/><div style="color: blue">""</div>
+                </td>
+                    <td>
+                            <div> ini entries:
+                                    <p>[libssh_connection]<br>hostkeys = </p>
+                            </div>
+                                <div>env:ANSIBLE_LIBSSH_HOSTKEYS</div>
+                                <div>var: ansible_libssh_hostkeys</div>
+                    </td>
+                <td>
+                        <div>Set the preferred server host key types as a comma-separated list (e.g., ssh-rsa,ssh-dss,ecdh-sha2-nistp256).</div>
+                </td>
+            </tr>
             <tr>
                 <td colspan="1">
                     <div class="ansibleOptionAnchor" id="parameter-"></div>
diff --git a/plugins/connection/libssh.py b/plugins/connection/libssh.py
index 769b2c0fb..acb27612a 100644
--- a/plugins/connection/libssh.py
+++ b/plugins/connection/libssh.py
@@ -111,6 +111,16 @@
           - {key: publickey_algorithms, section: libssh_connection}
         vars:
           - name: ansible_libssh_publickey_algorithms
+      hostkeys:
+        default: ''
+        description: Set the preferred server host key types as a comma-separated list (e.g., ssh-rsa,ssh-dss,ecdh-sha2-nistp256).
+        type: string
+        env:
+          - name: ANSIBLE_LIBSSH_HOSTKEYS
+        ini:
+          - {key: hostkeys, section: libssh_connection}
+        vars:
+          - name: ansible_libssh_hostkeys
       host_key_checking:
         description: 'Set this to "False" if you want to avoid host key checking by the underlying tools Ansible uses to connect to the host'
         type: boolean
@@ -417,6 +427,9 @@ def _connect_uncached(self):
                     "publickey_accepted_algorithms"
                 )
 
+            if self.get_option("hostkeys"):
+                ssh_connect_kwargs["hostkeys"] = self.get_option("hostkeys")
+
             self.ssh.set_missing_host_key_policy(MyAddPolicy(self._new_stdin, self))
 
             self.ssh.connect(

From 27f9135c99875a73de4bd4ca663a121faa272d72 Mon Sep 17 00:00:00 2001
From: NilashishC <nilashishchakraborty8@gmail.com>
Date: Thu, 31 Oct 2024 09:22:13 +0530
Subject: [PATCH 3/3] Add changelog

Signed-off-by: NilashishC <nilashishchakraborty8@gmail.com>
---
 changelogs/fragments/libssh_pubkey_algo.yml | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 changelogs/fragments/libssh_pubkey_algo.yml

diff --git a/changelogs/fragments/libssh_pubkey_algo.yml b/changelogs/fragments/libssh_pubkey_algo.yml
new file mode 100644
index 000000000..7e2ae9f1b
--- /dev/null
+++ b/changelogs/fragments/libssh_pubkey_algo.yml
@@ -0,0 +1,3 @@
+---
+minor_changes:
+  - "Exposes new libssh options to configure publickey_accepted_algorithms and hostkeys. This requires ansible-pylibssh v1.1.0 or higher."