-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathMissingHostKeyValidation.qhelp
More file actions
43 lines (38 loc) · 1.47 KB
/
MissingHostKeyValidation.qhelp
File metadata and controls
43 lines (38 loc) · 1.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>
In the Secure Shell (SSH) protocol, host keys are used to verify the identity of
remote hosts. Accepting unknown host keys may leave the connection open to
man-in-the-middle attacks.
</p>
</overview>
<recommendation>
<p>
Do not accept unknown host keys. In particular, do not set the default missing
host key policy for the Paramiko library to either <code>AutoAddPolicy</code> or
<code>WarningPolicy</code>. Both of these policies continue even when the host
key is unknown. The default setting of <code>RejectPolicy</code> is secure
because it throws an exception when it encounters an unknown host key.
</p>
</recommendation>
<example>
<p>
The following example shows two ways of opening an SSH connection to
<code>example.com</code>. The first function sets the missing host key policy to
<code>AutoAddPolicy</code>. If the host key verification fails, the client will
continue to interact with the server, even though the connection may be
compromised. The second function sets the host key policy to
<code>RejectPolicy</code>, and will throw an exception if the host key
verification fails.
</p>
<sample src="examples/paramiko_host_key.py" />
</example>
<references>
<li>
Paramiko documentation: <a href="http://docs.paramiko.org/en/2.4/api/client.html?highlight=set_missing_host_key_policy#paramiko.client.SSHClient.set_missing_host_key_policy">set_missing_host_key_policy</a>.
</li>
</references>
</qhelp>