Mastodawn

ayyyyy new year new blog post! please ignore the part where I had exactly zero (0) blog posts in 2025…it was a year.

https://bitprophet.org/blog/2026/05/09/updates-for-2026/

One of the updates: #Paramiko 5.0 is out! We killed SHA1 and MD5 and suchlike, with fire. Also other things. Super stoked to have gone through a security audit courtesy of OSTIF and QuarksLab ❤️

Updates for 2026 - bitprophet.org

OSTIF May 5

Voila- the results of OSTIF's security audit of Paramiko! Thanks to the contributions of @quarkslab and Alpha-Omega, this project received custom security work reviewing Paramiko’s testing, building and CI systems, and cryptography.

Read about our work on the Python implementation of the SSHv2 protocol at our blog: https://ostif.org/paramiko-audit-complete/

#OSTIF #quarkslab #OpenSSF #paramiko

rvstaveren Feb 13

TIL: that #paramiko, a #python #ssh library that claims supporting using ~/.ssh/config is actually doing that a bit superficial
* Doesn’t process includes
* Doesn’t understand ProxyJump. Hello ProxyCommand, long time no see ¯\_(ツ)_/¯

trilader Sep 5, 2025

Things I didn't want to build/debug for doing some remote file ops with #sftp via #python + #paramiko :

"Add option to sleep between jobs

This was added because with $PROVIDER_NAME counting files sometimes fails with -EACCES even though we have a 755 mode on the directory that failed.
With some delay during processing/between jobs (even running with -vvv causes enough) that doesn't happen..."

The original code ran multiple times an hour for several years and stated failing this week...

Santiago Sep 4, 2025

Early detecting regressions in #Debian: #Debusine helped to identify that libcloud's tests https://bugs.debian.org/1113939 will fail with the most recent #paramiko upstream release, before uploading paramiko to the debian archive. Libcloud will also probably FTBFS.

These are the autopkgtest artifacts for libcloud: https://debusine.debian.net/debian/developers/artifact/2431086/

Regression testing will be even better when the whole feature gets finalised: https://salsa.debian.org/freexian-team/debusine/-/issues/791

#1113939 - libcloud: Drop usage of DSSKeys - Debian Bug report logs

Jeff Forcier Aug 4, 2025

#Paramiko 4.0 is out 🎉

https://www.paramiko.org/changelog.html#4.0.0

https://pypi.org/project/paramiko/4.0.0/

Arguably a negative release of everybody's favorite, if slightly long in the tooth, #Python SSH implementation:

- removed functionality (DSA)
- removed Python interpreter support (Python 3.9 is the new MSV)
- added instability (overhauled packaging practices)

but hey! it took quite a while anyways…

Is also prep for some other security-focused shenanigans coming down the pipe, so stay tuned.

Changelog — Paramiko documentation

scy May 27, 2025

TIL: According to the ssh_config man page, comments in ~/.ssh/config need to be on their own line. In other words,

Host foo # my awesome host

is not a valid comment.

The ssh command seems pretty relaxed about this, but other tools (e.g. Paramiko) are not necessarily.

https://github.com/paramiko/paramiko/issues/2111

#SSH #OpenSSH #Paramiko #Python

ConfigParseError if ssh config contains a comment with a single quote · Issue #2111 · paramiko/paramiko

I'm using fabric and wanted to test a very simple run command: from fabric import Connection c = Connection('myhost') This gave me the exception: paramiko.ssh_exception.ConfigParseError: Unparsable...

GitHub

Jeff Forcier Apr 10, 2025

I see #OpenSSH got to fully removing DSA key support, so that means my “probably do that in #Paramiko” todo list item has no more excuses 🤔

Well, ok, it still has a few excuses (will be years before the average sshd is OpenSSH 10.0+) but still. Needs happenin' sometime and it ain't like old releases go away, so.