Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSH connection: Ask user before connection to unknown host/add host to known_hosts. #486

Merged
merged 13 commits into from
May 31, 2021
Merged

SSH connection: Ask user before connection to unknown host/add host to known_hosts. #486

merged 13 commits into from
May 31, 2021

Conversation

y0urself
Copy link
Member

@y0urself y0urself commented May 28, 2021
edited
Loading

What:

  • Ask user if he wants to connect to an unknown host
  • Ask user if he wants to add unknown host to known_hosts
  • Use RejectPolicy() instead of AutoAddPolicy()

Why:

  • The paramiko Authetication policy AutoAddPolicy() is insecure because of Man in the middle attacks.

How:

  • Try to build an equivalent to the openssh lib approach.

Checklist:

@codecov
Copy link

codecov bot commented May 28, 2021
edited
Loading

Codecov Report

Merging #486 (569dcc4) into master (98b4601) will decrease coverage by 0.16%.
The diff coverage is 88.88%.

❗ Current head 569dcc4 differs from pull request most recent head 0724918. Consider uploading reports for the commit 0724918 to get more accurate results
Impacted file tree graph

@@            Coverage Diff             @@
##           master     #486      +/-   ##
==========================================
- Coverage   98.98%   98.82%   -0.17%     
==========================================
  Files          54       54              
  Lines        3847     3908      +61     
  Branches      928      933       +5     
==========================================
+ Hits         3808     3862      +54     
- Misses         27       34       +7     
  Partials       12       12
Impacted Files Coverage Δ
gvm/connections.py 87.65% <88.88%> (+0.30%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 98b4601...0724918. Read the comment docs.

@y0urself y0urself changed the title Paramiko. SSH connection: Ask user before connection to unknown host/add host to known_hosts. May 31, 2021
@y0urself y0urself marked this pull request as ready for review May 31, 2021 08:13
@y0urself y0urself requested a review from a team as a code owner May 31, 2021 08:13
bjoernricks
bjoernricks reviewed May 31, 2021
View reviewed changes
tests/connections/test_ssh_connection.py Show resolved Hide resolved
gvm/connections.py Outdated Show resolved Hide resolved
gvm/connections.py Outdated Show resolved Hide resolved
gvm/connections.py Outdated Show resolved Hide resolved
gvm/connections.py Outdated Show resolved Hide resolved
@bjoernricks bjoernricks enabled auto-merge May 31, 2021 12:06
@bjoernricks bjoernricks merged commit 783e612 into greenbone:master May 31, 2021
@y0urself y0urself deleted the paramiko branch May 31, 2021 15:34
@bjoernricks bjoernricks mentioned this pull request Feb 4, 2022
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bjoernricks bjoernricks bjoernricks approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@y0urself @bjoernricks