Voila- the results of OSTIF's security audit of Paramiko! Thanks to the contributions of @quarkslab and Alpha-Omega, this project received custom security work reviewing Paramiko’s testing, building and CI systems, and cryptography.

Read about our work on the Python implementation of the SSHv2 protocol at our blog: https://ostif.org/paramiko-audit-complete/

#OSTIF #quarkslab #OpenSSF #paramiko

Things I didn't want to build/debug for doing some remote file ops with #sftp via #python + #paramiko :

"Add option to sleep between jobs

This was added because with $PROVIDER_NAME counting files sometimes fails with -EACCES even though we have a 755 mode on the directory that failed.
With some delay during processing/between jobs (even running with -vvv causes enough) that doesn't happen..."

The original code ran multiple times an hour for several years and stated failing this week...

Early detecting regressions in #Debian: #Debusine helped to identify that libcloud's tests https://bugs.debian.org/1113939 will fail with the most recent #paramiko upstream release, before uploading paramiko to the debian archive. Libcloud will also probably FTBFS.

These are the autopkgtest artifacts for libcloud: https://debusine.debian.net/debian/developers/artifact/2431086/

Regression testing will be even better when the whole feature gets finalised: https://salsa.debian.org/freexian-team/debusine/-/issues/791

#Paramiko 4.0 is out 🎉

https://www.paramiko.org/changelog.html#4.0.0

https://pypi.org/project/paramiko/4.0.0/

Arguably a negative release of everybody's favorite, if slightly long in the tooth, #Python SSH implementation:

- removed functionality (DSA)
- removed Python interpreter support (Python 3.9 is the new MSV)
- added instability (overhauled packaging practices)

but hey! it took quite a while anyways…

Is also prep for some other security-focused shenanigans coming down the pipe, so stay tuned.

TIL: According to the ssh_config man page, comments in ~/.ssh/config need to be on their own line. In other words,

Host foo # my awesome host

is not a valid comment.

The ssh command seems pretty relaxed about this, but other tools (e.g. Paramiko) are not necessarily.

https://github.com/paramiko/paramiko/issues/2111

#SSH #OpenSSH #Paramiko #Python

I see #OpenSSH got to fully removing DSA key support, so that means my “probably do that in #Paramiko” todo list item has no more excuses 🤔

Well, ok, it still has a few excuses (will be years before the average sshd is OpenSSH 10.0+) but still. Needs happenin' sometime and it ain't like old releases go away, so.

パラミコ (Paramiko) を使ってPythonでSSH接続を簡単に!
https://qiita.com/negisys/items/656cf956b59dc5a6037a?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #Python #AI #paramiko