Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSHClient: fix the host key test (2.2) #1059

Merged
merged 4 commits into from Sep 12, 2017

Conversation

@akruis
Copy link
Contributor

@akruis akruis commented Sep 12, 2017

Same as pull request #1057, but for paramiko 2.2.

Anselm Kruis added 4 commits Aug 1, 2017
Skip the host key check only, if the transport actually used
gssapi-keyex. Add tests for the missing-host-key RejectPolicy.

Before this change, a man-in-the-middle attack on the paramiko ssh
client with gss_kex=True was possible by having a server that does not
support gssapi-keyex and gives any or no host key.
Set the flag gss_kex_used only after a gssapi-keyex has been
successfully completed. This change prevents a wrong value in case of
exceptions during the gssapi-keyex handshake.
@ploxiln
Copy link
Contributor

@ploxiln ploxiln commented Sep 12, 2017

No, you shouldn't open a PR for every branch. Just one for 1.7, and one for 2.0

@akruis
Copy link
Contributor Author

@akruis akruis commented Sep 12, 2017

@ploxiln: The fix for 2.2 is different from the fix for 2.1. I already resolved the merge conflicts.

bitprophet added a commit that referenced this pull request Sep 12, 2017
bitprophet added a commit that referenced this pull request Sep 12, 2017
@bitprophet bitprophet merged commit a859dda into paramiko:2.2 Sep 12, 2017
2 of 3 checks passed
2 of 3 checks passed
codecov/patch 71.42% of diff hit (target 75.24%)
Details
codecov/project 75.25% (+<.01%) compared to f58b5b8
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
bitprophet added a commit that referenced this pull request Sep 12, 2017
@bitprophet
Copy link
Member

@bitprophet bitprophet commented Sep 12, 2017

We did have a lot of changes across 2.0->2.2 and yea there were merge conflicts. When I used these PRs and then merged-up from the previous branches, the conflicts were gone (besides my own introduced in the changelog.) Thanks!

I grabbed the pre-2.0 ones too since it wasn't that much more work, though I'm still increasingly less likely to bother with those going forwards :(

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants