mirror of
https://github.com/github/codeql.git
synced 2026-06-21 21:01:13 +02:00
44 lines
1.5 KiB
XML
44 lines
1.5 KiB
XML
<!DOCTYPE qhelp PUBLIC
|
|
"-//Semmle//qhelp//EN"
|
|
"qhelp.dtd">
|
|
<qhelp>
|
|
|
|
<overview>
|
|
<p>
|
|
In the Secure Shell (SSH) protocol, host keys are used to verify the identity of
|
|
remote hosts. Accepting unknown host keys may leave the connection open to
|
|
man-in-the-middle attacks.
|
|
</p>
|
|
</overview>
|
|
|
|
<recommendation>
|
|
<p>
|
|
Do not accept unknown host keys. In particular, do not set the default missing
|
|
host key policy for the Paramiko library to either <code>AutoAddPolicy</code> or
|
|
<code>WarningPolicy</code>. Both of these policies continue even when the host
|
|
key is unknown. The default setting of <code>RejectPolicy</code> is secure
|
|
because it throws an exception when it encounters an unknown host key.
|
|
</p>
|
|
</recommendation>
|
|
|
|
<example>
|
|
<p>
|
|
The following example shows two ways of opening an SSH connection to
|
|
<code>example.com</code>. The first function sets the missing host key policy to
|
|
<code>AutoAddPolicy</code>. If the host key verification fails, the client will
|
|
continue to interact with the server, even though the connection may be
|
|
compromised. The second function sets the host key policy to
|
|
<code>RejectPolicy</code>, and will throw an exception if the host key
|
|
verification fails.
|
|
</p>
|
|
<sample src="examples/paramiko_host_key.py" />
|
|
</example>
|
|
|
|
<references>
|
|
<li>
|
|
Paramiko documentation: <a href="http://docs.paramiko.org/en/2.4/api/client.html?highlight=set_missing_host_key_policy#paramiko.client.SSHClient.set_missing_host_key_policy">set_missing_host_key_policy</a>.
|
|
</li>
|
|
</references>
|
|
</qhelp>
|
|
|