| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Choosing to skip it in some edge/corner cases where it's more harmful
than helpful. Also choosing to replace many non-%s specifiers with
regular old {} since I don't see why one would normally care. Again,
eschewing that in spots where it seems like it might matter.
|
| | |
|
| | |
|
| |
|
|
|
| |
The parameter 'kex_requested' is misleading, since setting 'gss_host'
is also required for gssapi-with-mic.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
is in master)
|
| | |
|
| | |
|
| |\ |
|
| | |\ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This allows server-side Paramiko code to correctly create
cert-bearing RSAKey objects and thus verify client signatures,
and now the test suite passes again, barring the stub tests.
Re #1042
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
key_filenames' behavior re #1042
This actually breaks existing tests due to test server not supporting
certs...bah
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In response to Paramiko issue #915 the parameter 'gss_trust_dns' was
added for Kerberos support. Set by default to 'True' the parameter
indicates whether or not the DNS is trusted to securely canonicalize
the hostname of the target host. If set to 'False' the hostname
entered will be passed to GSSAPI.
This option behaves like GSSAPITrustDNS from OpenSSH.
Also, the parameter 'gss_host' is now always set, regardless if GSSAPI
is used or not.
Further, a minor fix was required to make the SFTP test work again.
|
| |\ \
| |/
|/| |
|
| | |\ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Skip the host key check only, if the transport actually used
gssapi-keyex. Add tests for the missing-host-key RejectPolicy.
Before this change, a man-in-the-middle attack on the paramiko ssh
client with gss_kex=True was possible by having a server that does not
support gssapi-keyex and gives any or no host key.
|
| |\ \ \
| |/ / |
|
| | | | |
|
| | |\ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If we have a host keys that will be checked, we need to
negotiate for the type we have. Commonly, openssh could
have saved an ecdsa key in known_hosts, but SSHClient will
let the Transport negotiate for an rsa key.
Then it would consider a key of a non-corresponding type to be "missing".
That situation is also now a BadHostKeyException.
Before this change, a man-in-the-middle attack on the paramiko ssh
client was possible by having only a host key type which differs from
what the client has in known_hosts (and then giving any key of that type).
|
| |\ \ \ \
| | |/ /
| |/| | |
|
| | |\ \ \
| | |/ /
| |/| /
| | |/ |
|
| | | |\ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
It was only recently added, and it's not really needed after the
ResourceManager removal. Removing it allows the SSHClient to be
garbage-collected if only the Transport (and Channels) are still
in use.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The back-reference from Transport to SSHClient was added because
the SSHClient had a destructor that would close the Transport,
and some users did not want the Transport closed when the SSHClient
was garbage collected.
The SSHClient destructor was not a normal destructor, it was
implemented with the ResourceManager singleton. Together with
the back-reference, this prevented the GC cycle detector from
freeing the SSHClient and Transport.
|
| | | | | |
|
| |\ \ \ \ |
|
| | | | | | |
|
| | | | | | |
|
| | |\ \ \ \
| | |/ / / |
|
| | | |\ \ \
| | | | |/
| | | |/| |
|
| | | | |/
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Existing just-warnings setup was old and not as rigorous as my usual.
Required a lot of stupid little changes, but now same tooling for all
projects, toot toot.
|
| | | |\ \
| | | |/ |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | |\ \ \
| | |/ /
| |/| /
| | |/ |
|
| | | | |
|
| | | | |
|
| | |\ \
| | |/ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In some cases, the SSH client is created, the command is executed, the
streams are extracted, and the explicit reference to SSHClient is then
discarded (since it was e.g. created in a function that only returns the
streams). In this case, the SHSClient may be garbage collected, and the
connection's state is undefined.
This fix adds a reference from Transport to the SSHClient that created
it. The streams have a reference to the Channel, which references the
Transport. Now that the Transport references the SSHClient, it won't be
garbage collected until it is closed.
Closes-Bug: #44
Related-Bug: #344
|
