Explore Enterprise Education Gitee Premium Gitee AI AI teammates
Fetch the repository succeeded.
Donate
Please sign in before you donate.
Scan WeChat QR to Pay
Cancel
Complete
Prompt
Switch to Alipay.
OK
Cancel
1 Star 0 Fork 31

xu_ping/python-paramiko

forked from src-openEuler/python-paramiko
Closed
Create your Gitee Account
Explore and code with more than 14 million developers,Free private repositories !:)
Sign up
Already have an account? Sign in
文件
master
Branches (50)
Tags (21)
master
openEuler-22.03-LTS-SP4
openEuler-22.03-LTS-SP3
openEuler-24.03-LTS-Next
openEuler-24.03-LTS-SP1
openEuler-24.09
openEuler-24.03-LTS
openEuler-22.03-LTS-SP1
openEuler-20.03-LTS-SP4
openEuler-22.03-LTS-SP2
openEuler-22.03-LTS-Next
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
openEuler-23.09
Multi-Version_OpenStack-Train_openEuler-22.03-LTS-SP1
Multi-Version_OpenStack-Antelope_openEuler-24.03-LTS
Multi-Version_OpenStack-Antelope_openEuler-24.03-LTS-Next
Multi-Version_OpenStack-Antelope_openEuler-24.03-LTS-SP1
openEuler-22.09
openEuler-24.03-LTS-SP1-release
openEuler-22.03-LTS-SP4-release
openEuler-24.09-release
openEuler-24.03-LTS-release
openEuler-22.03-LTS-SP3-release
openEuler-23.09-rc5
openEuler-22.03-LTS-SP1-release
openEuler-22.09-release
openEuler-22.09-rc5
openEuler-22.09-20220829
openEuler-22.03-LTS-20220331
openEuler-22.03-LTS-round5
openEuler-22.03-LTS-round3
openEuler-22.03-LTS-round2
openEuler-22.03-LTS-round1
openEuler-20.03-LTS-SP3-release
openEuler-20.03-LTS-SP2-20210624
openEuler-21.03-20210330
openEuler-20.09-20200928
openEuler-20.03-LTS-20200606
This repository doesn't specify license. Please pay attention to the specific project description and its upstream code dependency when using it.
The license selected for the repository is subject to the license used by the main branch of the repository.
master
Branches (50)
Tags (21)
master
openEuler-22.03-LTS-SP4
openEuler-22.03-LTS-SP3
openEuler-24.03-LTS-Next
openEuler-24.03-LTS-SP1
openEuler-24.09
openEuler-24.03-LTS
openEuler-22.03-LTS-SP1
openEuler-20.03-LTS-SP4
openEuler-22.03-LTS-SP2
openEuler-22.03-LTS-Next
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
openEuler-23.09
Multi-Version_OpenStack-Train_openEuler-22.03-LTS-SP1
Multi-Version_OpenStack-Antelope_openEuler-24.03-LTS
Multi-Version_OpenStack-Antelope_openEuler-24.03-LTS-Next
Multi-Version_OpenStack-Antelope_openEuler-24.03-LTS-SP1
openEuler-22.09
openEuler-24.03-LTS-SP1-release
openEuler-22.03-LTS-SP4-release
openEuler-24.09-release
openEuler-24.03-LTS-release
openEuler-22.03-LTS-SP3-release
openEuler-23.09-rc5
openEuler-22.03-LTS-SP1-release
openEuler-22.09-release
openEuler-22.09-rc5
openEuler-22.09-20220829
openEuler-22.03-LTS-20220331
openEuler-22.03-LTS-round5
openEuler-22.03-LTS-round3
openEuler-22.03-LTS-round2
openEuler-22.03-LTS-round1
openEuler-20.03-LTS-SP3-release
openEuler-20.03-LTS-SP2-20210624
openEuler-21.03-20210330
openEuler-20.09-20200928
openEuler-20.03-LTS-20200606
Clone or Download
Clone/Download
Prompt
To download the code, please copy the following command and execute it in the terminal
To ensure that your submitted code identity is correctly recognized by Gitee, please execute the following command.
When using the SSH protocol for the first time to clone or push code, follow the prompts below to complete the SSH configuration.
1 Generate RSA keys.
2 Obtain the content of the RSA public key and configure it in SSH Public Keys
To use SVN on Gitee, please visit the usage guide
When using the HTTPS protocol, the command line will prompt for account and password verification as follows. For security reasons, Gitee recommends configure and use personal access tokens instead of login passwords for cloning, pushing, and other operations.
Username for 'https://gitee.com': userName
Password for 'https://userName@gitee.com': # Private Token
master
Branches (50)
Tags (21)
master
openEuler-22.03-LTS-SP4
openEuler-22.03-LTS-SP3
openEuler-24.03-LTS-Next
openEuler-24.03-LTS-SP1
openEuler-24.09
openEuler-24.03-LTS
openEuler-22.03-LTS-SP1
openEuler-20.03-LTS-SP4
openEuler-22.03-LTS-SP2
openEuler-22.03-LTS-Next
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
openEuler-23.09
Multi-Version_OpenStack-Train_openEuler-22.03-LTS-SP1
Multi-Version_OpenStack-Antelope_openEuler-24.03-LTS
Multi-Version_OpenStack-Antelope_openEuler-24.03-LTS-Next
Multi-Version_OpenStack-Antelope_openEuler-24.03-LTS-SP1
openEuler-22.09
openEuler-24.03-LTS-SP1-release
openEuler-22.03-LTS-SP4-release
openEuler-24.09-release
openEuler-24.03-LTS-release
openEuler-22.03-LTS-SP3-release
openEuler-23.09-rc5
openEuler-22.03-LTS-SP1-release
openEuler-22.09-release
openEuler-22.09-rc5
openEuler-22.09-20220829
openEuler-22.03-LTS-20220331
openEuler-22.03-LTS-round5
openEuler-22.03-LTS-round3
openEuler-22.03-LTS-round2
openEuler-22.03-LTS-round1
openEuler-20.03-LTS-SP3-release
openEuler-20.03-LTS-SP2-20210624
openEuler-21.03-20210330
openEuler-20.09-20200928
openEuler-20.03-LTS-20200606
python-paramiko
/
add-insecure-algorithm-log.patch
python-paramiko
/
add-insecure-algorithm-log.patch
add-insecure-algorithm-log.patch 4.57 KB
Copy Edit Raw Blame History
pand authored 2024年06月25日 14:51 +08:00 . add insecure algorithm log
From 6c4f54130d892f5034ac40d139ff27b8bb4d1927 Mon Sep 17 00:00:00 2001
From: zhangpan <zhangpan103@h-partners.com>
Date: 2024年4月12日 12:47:45 +0800
Subject: [PATCH] Add Insecure Algorithm Logs
---
paramiko/auth_handler.py | 5 ++++
paramiko/transport.py | 65 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 70 insertions(+)
diff --git a/paramiko/auth_handler.py b/paramiko/auth_handler.py
index db89670..0454358 100644
--- a/paramiko/auth_handler.py
+++ b/paramiko/auth_handler.py
@@ -384,6 +384,11 @@ class AuthHandler(object):
m.add_boolean(True)
key_type, bits = self._get_key_type_and_bits(self.private_key)
algorithm = self._finalize_pubkey_algorithm(key_type)
+ if not list (
+ filter(
+ algorithm.__contains__,
+ self.transport._whitelist_pubkeys)):
+ self._log(WARNING, "Insecure PubKey algorithm may be used: {}".format(algorithm))
m.add_string(algorithm)
m.add_string(bits)
blob = self._get_session_blob(
diff --git a/paramiko/transport.py b/paramiko/transport.py
index 5265e09..e8ff0e0 100644
--- a/paramiko/transport.py
+++ b/paramiko/transport.py
@@ -213,6 +213,43 @@ class Transport(threading.Thread, ClosingContextManager):
)
_preferred_compression = ("none",)
+ _whitelist_ciphers = (
+ "aes128-ctr",
+ "aes192-ctr",
+ "aes256-ctr",
+ "chacha20-poly1305@openssh.com",
+ "aes128-gcm@openssh.com",
+ "aes256-gcm@openssh.com",
+ )
+
+ _whitelist_macs = (
+ "hmac-sha2-512",
+ "hmac-sha2-512-etm@openssh.com",
+ "hmac-sha2-256",
+ "hmac-sha2-256-etm@openssh.com",
+ )
+
+ _whitelist_keys = (
+ "ssh-ed25519",
+ "ecdsa-sha2-nistp256",
+ "ssh-ed25519-cert-v01@openssh.com",
+ "rsa-sha2-256",
+ "rsa-sha2-512",
+ )
+
+ _whitelist_pubkeys = (
+ "ssh-ed25519",
+ "ssh-ed25519-cert-v01@openssh.com",
+ "rsa-sha2-256",
+ "rsa-sha2-512",
+ )
+
+ _whitelist_kex = (
+ "curve25519-sha256",
+ "curve25519-sha256@libssh.org",
+ "diffie-hellman-group-exchange-sha256",
+ )
+
_cipher_info = {
"aes128-ctr": {
"class": algorithms.AES,
@@ -2507,6 +2544,13 @@ class Transport(threading.Thread, ClosingContextManager):
"Incompatible ssh peer (no acceptable kex algorithm)"
) # noqa
self.kex_engine = self._kex_info[agreed_kex[0]](self)
+
+ if not list (
+ filter(
+ agreed_kex[0].__contains__,
+ self._whitelist_kex)):
+ self._log(WARNING, "Insecure Kex algorithm may be used: {}".format(agreed_kex[0]))
+
self._log(DEBUG, "Kex: {}".format(agreed_kex[0]))
if self.server_mode:
@@ -2534,6 +2578,13 @@ class Transport(threading.Thread, ClosingContextManager):
raise IncompatiblePeer(
"Incompatible ssh peer (can't match requested host key type)"
) # noqa
+
+ if not list (
+ filter(
+ self.host_key_type.__contains__,
+ self._whitelist_keys)):
+ self._log(WARNING, "Insecure HostKey algorithm may be used: {}".format(self.host_key_type))
+
self._log_agreement("HostKey", agreed_keys[0], agreed_keys[0])
if self.server_mode:
@@ -2568,6 +2619,13 @@ class Transport(threading.Thread, ClosingContextManager):
) # noqa
self.local_cipher = agreed_local_ciphers[0]
self.remote_cipher = agreed_remote_ciphers[0]
+
+ if not list (
+ filter(
+ self.local_cipher.__contains__,
+ self._whitelist_ciphers)):
+ self._log(WARNING, "Insecure Cipher algorithm may be used: {}".format(self.local_cipher))
+
self._log_agreement(
"Cipher", local=self.local_cipher, remote=self.remote_cipher
)
@@ -2592,6 +2650,13 @@ class Transport(threading.Thread, ClosingContextManager):
)
self.local_mac = agreed_local_macs[0]
self.remote_mac = agreed_remote_macs[0]
+
+ if not list (
+ filter(
+ self.local_mac.__contains__,
+ self._whitelist_macs)):
+ self._log(WARNING, "Insecure Mac algorithm may be used: {}".format(self.local_mac))
+
self._log_agreement(
"MAC", local=self.local_mac, remote=self.remote_mac
)
--
2.33.0
Loading...
Report
Report success
We will send you the feedback within 2 working days through the letter!
Please fill in the reason for the report carefully. Provide as detailed a description as possible.
Please select a report type
Cancel
Send
误判申诉

此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。

如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。

取消
提交

Releases

No release

Contributors

All

Activities

can not load any more
Edit
About
Homepage
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/cherry530/python-paramiko.git
git@gitee.com:cherry530/python-paramiko.git
cherry530
python-paramiko
python-paramiko
master
Going to Help Center

Search

Repository Report
Back to the top
Login prompt
This operation requires login to the code cloud account. Please log in before operating.
Go to login
No account. Register

AltStyle によって変換されたページ (->オリジナル) /