Leveraging it is a simple matter of presenting the server with the SSH2_MSG_USERAUTH_SUCCESS message, which shows that the login already occurred without a problem. The server expects the message SSH2_MSG_USERAUTH_REQUEST to start the authentication procedure, but by skipping it an attacker can log in without showing any credentials.
Secsh channel 0 open FAILED: : Administratively prohibited
Traceback (most recent call last):
File "ssh.py", line 21, in
cmd_channel = transport.open_session()
File "/usr/local/lib/python3.6/dist-packages/paramiko/transport.py", line 806, in open_session
timeout=timeout,
File "/usr/local/lib/python3.6/dist-packages/paramiko/transport.py", line 944, in open_channel
raise e
paramiko.ssh_exception.ChannelException: (1, 'Administratively prohibited')