diff options
| author | Pierce Lopez <pierce.lopez@gmail.com> | 2017-02-20 15:36:29 -0500 |
|---|---|---|
| committer | Pierce Lopez <pierce.lopez@gmail.com> | 2017-06-07 01:58:19 -0400 |
| commit | 4e973d97b0baf8fc9b7b5fbd84af4a869829dce5 (patch) | |
| tree | e4e112072b241b26911085e3770349dc77e73948 /sites/www/changelog.rst | |
| parent | 047640af7b30b7c4973c86082d53c28d5a90a8e0 (diff) | |
SSHClient: adjust Transport preferred host key types if known host
If we have a host keys that will be checked, we need to
negotiate for the type we have. Commonly, openssh could
have saved an ecdsa key in known_hosts, but SSHClient will
let the Transport negotiate for an rsa key.
Then it would consider a key of a non-corresponding type to be "missing".
That situation is also now a BadHostKeyException.
Before this change, a man-in-the-middle attack on the paramiko ssh
client was possible by having only a host key type which differs from
what the client has in known_hosts (and then giving any key of that type).
Diffstat (limited to 'sites/www/changelog.rst')
0 files changed, 0 insertions, 0 deletions