New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSHClient: fix the host key test (1.17) #1055

Merged
merged 1 commit into from Sep 12, 2017

Conversation

Projects
None yet
2 participants
@akruis
Contributor

akruis commented Sep 12, 2017

Skip the host key check only, if the transport actually used
gssapi-keyex. Add tests for the missing-host-key RejectPolicy.

Before this change, a man-in-the-middle attack on the paramiko ssh
client with gss_kex=True was possible by having a server that does not
support gssapi-keyex and gives any or no host key.

SSHClient: fix the host key test
Skip the host key check only, if the transport actually used
gssapi-keyex. Add tests for the missing-host-key RejectPolicy.

Before this change, a man-in-the-middle attack on the paramiko ssh
client with gss_kex=True was possible by having a server that does not
support gssapi-keyex and gives any or no host key.

@bitprophet bitprophet merged commit 2e97935 into paramiko:1.17 Sep 12, 2017

3 checks passed

codecov/patch 100% of diff hit (target 74.44%)
Details
codecov/project 74.5% (+0.05%) compared to 23a4b33
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment