This action will force synchronization from src-openEuler/python-paramiko, which will overwrite any changes that you have made since you forked the repository, and can not be recovered!!!
Synchronous operation will process in the background and will refresh the page when finishing processing. Please be patient.
From 6c4f54130d892f5034ac40d139ff27b8bb4d1927 Mon Sep 17 00:00:00 2001From: zhangpan <zhangpan103@h-partners.com>Date: 2024年4月12日 12:47:45 +0800Subject: [PATCH] Add Insecure Algorithm Logs---paramiko/auth_handler.py | 5 ++++paramiko/transport.py | 65 ++++++++++++++++++++++++++++++++++++++++2 files changed, 70 insertions(+)diff --git a/paramiko/auth_handler.py b/paramiko/auth_handler.pyindex db89670..0454358 100644--- a/paramiko/auth_handler.py+++ b/paramiko/auth_handler.py@@ -384,6 +384,11 @@ class AuthHandler(object):m.add_boolean(True)key_type, bits = self._get_key_type_and_bits(self.private_key)algorithm = self._finalize_pubkey_algorithm(key_type)+ if not list (+ filter(+ algorithm.__contains__,+ self.transport._whitelist_pubkeys)):+ self._log(WARNING, "Insecure PubKey algorithm may be used: {}".format(algorithm))m.add_string(algorithm)m.add_string(bits)blob = self._get_session_blob(diff --git a/paramiko/transport.py b/paramiko/transport.pyindex 5265e09..e8ff0e0 100644--- a/paramiko/transport.py+++ b/paramiko/transport.py@@ -213,6 +213,43 @@ class Transport(threading.Thread, ClosingContextManager):)_preferred_compression = ("none",)+ _whitelist_ciphers = (+ "aes128-ctr",+ "aes192-ctr",+ "aes256-ctr",+ "chacha20-poly1305@openssh.com",+ "aes128-gcm@openssh.com",+ "aes256-gcm@openssh.com",+ )++ _whitelist_macs = (+ "hmac-sha2-512",+ "hmac-sha2-512-etm@openssh.com",+ "hmac-sha2-256",+ "hmac-sha2-256-etm@openssh.com",+ )++ _whitelist_keys = (+ "ssh-ed25519",+ "ecdsa-sha2-nistp256",+ "ssh-ed25519-cert-v01@openssh.com",+ "rsa-sha2-256",+ "rsa-sha2-512",+ )++ _whitelist_pubkeys = (+ "ssh-ed25519",+ "ssh-ed25519-cert-v01@openssh.com",+ "rsa-sha2-256",+ "rsa-sha2-512",+ )++ _whitelist_kex = (+ "curve25519-sha256",+ "curve25519-sha256@libssh.org",+ "diffie-hellman-group-exchange-sha256",+ )+_cipher_info = {"aes128-ctr": {"class": algorithms.AES,@@ -2507,6 +2544,13 @@ class Transport(threading.Thread, ClosingContextManager):"Incompatible ssh peer (no acceptable kex algorithm)") # noqaself.kex_engine = self._kex_info[agreed_kex[0]](self)++ if not list (+ filter(+ agreed_kex[0].__contains__,+ self._whitelist_kex)):+ self._log(WARNING, "Insecure Kex algorithm may be used: {}".format(agreed_kex[0]))+self._log(DEBUG, "Kex: {}".format(agreed_kex[0]))if self.server_mode:@@ -2534,6 +2578,13 @@ class Transport(threading.Thread, ClosingContextManager):raise IncompatiblePeer("Incompatible ssh peer (can't match requested host key type)") # noqa++ if not list (+ filter(+ self.host_key_type.__contains__,+ self._whitelist_keys)):+ self._log(WARNING, "Insecure HostKey algorithm may be used: {}".format(self.host_key_type))+self._log_agreement("HostKey", agreed_keys[0], agreed_keys[0])if self.server_mode:@@ -2568,6 +2619,13 @@ class Transport(threading.Thread, ClosingContextManager):) # noqaself.local_cipher = agreed_local_ciphers[0]self.remote_cipher = agreed_remote_ciphers[0]++ if not list (+ filter(+ self.local_cipher.__contains__,+ self._whitelist_ciphers)):+ self._log(WARNING, "Insecure Cipher algorithm may be used: {}".format(self.local_cipher))+self._log_agreement("Cipher", local=self.local_cipher, remote=self.remote_cipher)@@ -2592,6 +2650,13 @@ class Transport(threading.Thread, ClosingContextManager):)self.local_mac = agreed_local_macs[0]self.remote_mac = agreed_remote_macs[0]++ if not list (+ filter(+ self.local_mac.__contains__,+ self._whitelist_macs)):+ self._log(WARNING, "Insecure Mac algorithm may be used: {}".format(self.local_mac))+self._log_agreement("MAC", local=self.local_mac, remote=self.remote_mac)--2.33.0
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。