From 9eb79a2deb64d1be0a84b802ad7e8e14ff717165 Mon Sep 17 00:00:00 2001
From: Min RK <benjaminrk@gmail.com>
Date: Fri, 30 Jul 2021 11:05:13 +0200
Subject: [PATCH] support configurable paramiko host key policy

adds support for AutoAdd, Warning, Reject via user input

default is Reject, AutoAdd is probably what most folks want, but should be opt-in
---
 zmq/ssh/tunnel.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/zmq/ssh/tunnel.py b/zmq/ssh/tunnel.py
index cca4b0571..befdb99cf 100644
--- a/zmq/ssh/tunnel.py
+++ b/zmq/ssh/tunnel.py
@@ -122,8 +122,16 @@ def _try_passwordless_paramiko(server, keyfile):
         raise ImportError(msg)
     username, server, port = _split_server(server)
     client = paramiko.SSHClient()
-    client.load_system_host_keys()
-    client.set_missing_host_key_policy(paramiko.WarningPolicy())
+    known_hosts = os.path.expanduser("~/.ssh/known_hosts")
+    try:
+        client.load_host_keys(known_hosts)
+    except FileNotFoundError:
+        pass
+
+    policy_name = os.environ.get("PYZMQ_PARAMIKO_HOST_KEY_POLICY", None)
+    if policy_name:
+        policy = getattr(paramiko, f"{policy_name}Policy")
+        client.set_missing_host_key_policy(policy())
     try:
         client.connect(
             server, port, username=username, key_filename=keyfile, look_for_keys=True