diff options
71 files changed, 165 insertions, 86 deletions
diff --git a/demos/demo.py b/demos/demo.py index c9b0a5f5..5252db7c 100755 --- a/demos/demo.py +++ b/demos/demo.py @@ -16,7 +16,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. import base64 diff --git a/demos/demo_keygen.py b/demos/demo_keygen.py index 6a80272d..12637ed0 100755 --- a/demos/demo_keygen.py +++ b/demos/demo_keygen.py @@ -16,7 +16,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. import sys diff --git a/demos/demo_server.py b/demos/demo_server.py index 313e5fb2..6cb2dc51 100644 --- a/demos/demo_server.py +++ b/demos/demo_server.py @@ -16,7 +16,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. import base64 from binascii import hexlify diff --git a/demos/demo_sftp.py b/demos/demo_sftp.py index 7f6a002e..dbcb2cb7 100644 --- a/demos/demo_sftp.py +++ b/demos/demo_sftp.py @@ -16,7 +16,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # based on code provided by raymond mosteller (thanks!) diff --git a/demos/demo_simple.py b/demos/demo_simple.py index 5dd4f6c1..bd932c3e 100644 --- a/demos/demo_simple.py +++ b/demos/demo_simple.py @@ -16,7 +16,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. import base64 diff --git a/demos/forward.py b/demos/forward.py index cd9dabf1..869e3906 100644 --- a/demos/forward.py +++ b/demos/forward.py @@ -16,7 +16,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Sample script showing how to do local port forwarding over paramiko. diff --git a/demos/interactive.py b/demos/interactive.py index 037787c4..16eae0e7 100644 --- a/demos/interactive.py +++ b/demos/interactive.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. import socket diff --git a/demos/rforward.py b/demos/rforward.py index a2e8a776..200634ab 100755 --- a/demos/rforward.py +++ b/demos/rforward.py @@ -16,7 +16,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Sample script showing how to do remote port forwarding over paramiko. diff --git a/paramiko/__init__.py b/paramiko/__init__.py index 5318cc9c..cbc240a6 100644 --- a/paramiko/__init__.py +++ b/paramiko/__init__.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # flake8: noqa import sys diff --git a/paramiko/agent.py b/paramiko/agent.py index 1dc99b18..17eb4568 100644 --- a/paramiko/agent.py +++ b/paramiko/agent.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ SSH Agent interface diff --git a/paramiko/auth_handler.py b/paramiko/auth_handler.py index 42a21a78..db89670a 100644 --- a/paramiko/auth_handler.py +++ b/paramiko/auth_handler.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ `.AuthHandler` diff --git a/paramiko/ber.py b/paramiko/ber.py index 92d7121e..a064e6b1 100644 --- a/paramiko/ber.py +++ b/paramiko/ber.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. from paramiko.common import max_byte, zero_byte from paramiko.py3compat import b, byte_ord, byte_chr, long diff --git a/paramiko/buffered_pipe.py b/paramiko/buffered_pipe.py index e8f98714..aa7c06ce 100644 --- a/paramiko/buffered_pipe.py +++ b/paramiko/buffered_pipe.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Attempt to generalize the "feeder" part of a `.Channel`: an object which can be diff --git a/paramiko/channel.py b/paramiko/channel.py index 5f314361..fb703c31 100644 --- a/paramiko/channel.py +++ b/paramiko/channel.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Abstraction for an SSH2 channel. diff --git a/paramiko/client.py b/paramiko/client.py index 80c956cd..581f9b6f 100644 --- a/paramiko/client.py +++ b/paramiko/client.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ SSH client & key policies diff --git a/paramiko/common.py b/paramiko/common.py index 55dd4bdf..cf6972d5 100644 --- a/paramiko/common.py +++ b/paramiko/common.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Common constants and global variables. diff --git a/paramiko/compress.py b/paramiko/compress.py index fa3b6aa3..7fe26db1 100644 --- a/paramiko/compress.py +++ b/paramiko/compress.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Compression implementations for a Transport. diff --git a/paramiko/config.py b/paramiko/config.py index 9c21e4e5..081d0d68 100644 --- a/paramiko/config.py +++ b/paramiko/config.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Configuration file (aka ``ssh_config``) support. @@ -64,6 +64,7 @@ class SSHConfig(object): "hostname": ["%h"], "identityfile": ["%C", "~", "%d", "%h", "%l", "%u", "%r"], "proxycommand": ["~", "%h", "%p", "%r"], + "proxyjump": ["%h", "%p", "%r"], # Doesn't seem worth making this 'special' for now, it will fit well # enough (no actual match-exec config key to be confused with). "match-exec": ["%C", "%d", "%h", "%L", "%l", "%n", "%p", "%r", "%u"], diff --git a/paramiko/dsskey.py b/paramiko/dsskey.py index 1a0c4797..5a0f85eb 100644 --- a/paramiko/dsskey.py +++ b/paramiko/dsskey.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ DSS keys. diff --git a/paramiko/ecdsakey.py b/paramiko/ecdsakey.py index c4e2b1af..ad84fe31 100644 --- a/paramiko/ecdsakey.py +++ b/paramiko/ecdsakey.py @@ -7,14 +7,14 @@ # Software Foundation; either version 2.1 of the License, or (at your option) # any later version. # -# Paramiko is distrubuted in the hope that it will be useful, but WITHOUT ANY +# Paramiko is distributed in the hope that it will be useful, but WITHOUT ANY # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR # A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more # details. # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ ECDSA keys diff --git a/paramiko/ed25519key.py b/paramiko/ed25519key.py index d322a0c1..c9e37e0a 100644 --- a/paramiko/ed25519key.py +++ b/paramiko/ed25519key.py @@ -5,14 +5,14 @@ # Software Foundation; either version 2.1 of the License, or (at your option) # any later version. # -# Paramiko is distrubuted in the hope that it will be useful, but WITHOUT ANY +# Paramiko is distributed in the hope that it will be useful, but WITHOUT ANY # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR # A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more # details. # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. import bcrypt diff --git a/paramiko/file.py b/paramiko/file.py index 9dd9e9e7..90f4a7b9 100644 --- a/paramiko/file.py +++ b/paramiko/file.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. from paramiko.common import ( linefeed_byte_value, crlf, diff --git a/paramiko/hostkeys.py b/paramiko/hostkeys.py index 94474e40..f1b4a936 100644 --- a/paramiko/hostkeys.py +++ b/paramiko/hostkeys.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. import binascii diff --git a/paramiko/kex_gex.py b/paramiko/kex_gex.py index ab462e6d..e6ed2392 100644 --- a/paramiko/kex_gex.py +++ b/paramiko/kex_gex.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Variant on `KexGroup1 <paramiko.kex_group1.KexGroup1>` where the prime "p" and diff --git a/paramiko/kex_group1.py b/paramiko/kex_group1.py index 6d548b01..78894566 100644 --- a/paramiko/kex_group1.py +++ b/paramiko/kex_group1.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Standard SSH key exchange ("kex" if you wanna sound cool). Diffie-Hellman of diff --git a/paramiko/kex_group14.py b/paramiko/kex_group14.py index a620c1a3..8dee5515 100644 --- a/paramiko/kex_group14.py +++ b/paramiko/kex_group14.py @@ -7,14 +7,14 @@ # Software Foundation; either version 2.1 of the License, or (at your option) # any later version. # -# Paramiko is distrubuted in the hope that it will be useful, but WITHOUT ANY +# Paramiko is distributed in the hope that it will be useful, but WITHOUT ANY # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR # A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more # details. # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Standard SSH key exchange ("kex" if you wanna sound cool). Diffie-Hellman of diff --git a/paramiko/kex_group16.py b/paramiko/kex_group16.py index 15b0acfe..c675f877 100644 --- a/paramiko/kex_group16.py +++ b/paramiko/kex_group16.py @@ -7,14 +7,14 @@ # Software Foundation; either version 2.1 of the License, or (at your option) # any later version. # -# Paramiko is distrubuted in the hope that it will be useful, but WITHOUT ANY +# Paramiko is distributed in the hope that it will be useful, but WITHOUT ANY # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR # A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more # details. # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Standard SSH key exchange ("kex" if you wanna sound cool). Diffie-Hellman of diff --git a/paramiko/kex_gss.py b/paramiko/kex_gss.py index f83a2dc4..08e5d787 100644 --- a/paramiko/kex_gss.py +++ b/paramiko/kex_gss.py @@ -17,7 +17,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ diff --git a/paramiko/message.py b/paramiko/message.py index 9771cfbc..6095d5de 100644 --- a/paramiko/message.py +++ b/paramiko/message.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Implementation of an SSH2 "message". diff --git a/paramiko/packet.py b/paramiko/packet.py index 12663168..af78e312 100644 --- a/paramiko/packet.py +++ b/paramiko/packet.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Packet handling diff --git a/paramiko/pipe.py b/paramiko/pipe.py index dda885da..3905949d 100644 --- a/paramiko/pipe.py +++ b/paramiko/pipe.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Abstraction of a one-way pipe where the read end can be used in diff --git a/paramiko/pkey.py b/paramiko/pkey.py index f1919660..585cb74a 100644 --- a/paramiko/pkey.py +++ b/paramiko/pkey.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Common API for all public keys. diff --git a/paramiko/primes.py b/paramiko/primes.py index 8dff7683..564ab26f 100644 --- a/paramiko/primes.py +++ b/paramiko/primes.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Utility functions for dealing with primes. diff --git a/paramiko/proxy.py b/paramiko/proxy.py index 077e8e35..f7609c98 100644 --- a/paramiko/proxy.py +++ b/paramiko/proxy.py @@ -7,14 +7,14 @@ # Software Foundation; either version 2.1 of the License, or (at your option) # any later version. # -# Paramiko is distrubuted in the hope that it will be useful, but WITHOUT ANY +# Paramiko is distributed in the hope that it will be useful, but WITHOUT ANY # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR # A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more # details. # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. import os diff --git a/paramiko/rsakey.py b/paramiko/rsakey.py index 2aea84b9..a53daea4 100644 --- a/paramiko/rsakey.py +++ b/paramiko/rsakey.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ RSA keys. diff --git a/paramiko/server.py b/paramiko/server.py index 2fe9cc19..80ebf06a 100644 --- a/paramiko/server.py +++ b/paramiko/server.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ `.ServerInterface` is an interface to override for server support. diff --git a/paramiko/sftp.py b/paramiko/sftp.py index 25debc85..cfed9028 100644 --- a/paramiko/sftp.py +++ b/paramiko/sftp.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. import select import socket diff --git a/paramiko/sftp_attr.py b/paramiko/sftp_attr.py index 8b1c17bd..28a196b1 100644 --- a/paramiko/sftp_attr.py +++ b/paramiko/sftp_attr.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. import stat import time diff --git a/paramiko/sftp_client.py b/paramiko/sftp_client.py index d6c3a70d..ec5704de 100644 --- a/paramiko/sftp_client.py +++ b/paramiko/sftp_client.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. from binascii import hexlify diff --git a/paramiko/sftp_file.py b/paramiko/sftp_file.py index 57e04175..6c2a1336 100644 --- a/paramiko/sftp_file.py +++ b/paramiko/sftp_file.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ SFTP file object diff --git a/paramiko/sftp_handle.py b/paramiko/sftp_handle.py index a7e22f01..1b4e1363 100644 --- a/paramiko/sftp_handle.py +++ b/paramiko/sftp_handle.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Abstraction of an SFTP file handle (for server mode). diff --git a/paramiko/sftp_server.py b/paramiko/sftp_server.py index 8265df96..f0db5765 100644 --- a/paramiko/sftp_server.py +++ b/paramiko/sftp_server.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Server-mode SFTP support. diff --git a/paramiko/sftp_si.py b/paramiko/sftp_si.py index 40dc561c..3199310a 100644 --- a/paramiko/sftp_si.py +++ b/paramiko/sftp_si.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ An interface to override for SFTP server support. diff --git a/paramiko/ssh_exception.py b/paramiko/ssh_exception.py index 39fcb10d..620ab259 100644 --- a/paramiko/ssh_exception.py +++ b/paramiko/ssh_exception.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. import socket diff --git a/paramiko/ssh_gss.py b/paramiko/ssh_gss.py index 5d4cb416..4f1581c3 100644 --- a/paramiko/ssh_gss.py +++ b/paramiko/ssh_gss.py @@ -16,7 +16,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ diff --git a/paramiko/transport.py b/paramiko/transport.py index 77d32a85..68cc195d 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Core protocol implementation @@ -158,7 +158,6 @@ class Transport(threading.Thread, ClosingContextManager): "aes128-cbc", "aes192-cbc", "aes256-cbc", - "blowfish-cbc", "3des-cbc", ) _preferred_macs = ( @@ -232,12 +231,6 @@ class Transport(threading.Thread, ClosingContextManager): "block-size": 16, "key-size": 32, }, - "blowfish-cbc": { - "class": algorithms.Blowfish, - "mode": modes.CBC, - "block-size": 8, - "key-size": 16, - }, "aes128-cbc": { "class": algorithms.AES, "mode": modes.CBC, diff --git a/paramiko/util.py b/paramiko/util.py index a344915c..4267caf1 100644 --- a/paramiko/util.py +++ b/paramiko/util.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Useful functions used by the rest of paramiko. diff --git a/paramiko/win_openssh.py b/paramiko/win_openssh.py index eca7b86a..614b5898 100644 --- a/paramiko/win_openssh.py +++ b/paramiko/win_openssh.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. import os.path import time diff --git a/paramiko/win_pageant.py b/paramiko/win_pageant.py index a550b7f3..b733d813 100644 --- a/paramiko/win_pageant.py +++ b/paramiko/win_pageant.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Functions for communicating with Pageant, the basic windows ssh agent program. diff --git a/setup_helper.py b/setup_helper.py index d0a8700e..fc4e755f 100644 --- a/setup_helper.py +++ b/setup_helper.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # Note: Despite the copyright notice, this was submitted by John # Arbash Meinel. Thanks John! diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index d5bdadec..06d95c9f 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -16,6 +16,12 @@ Changelog to what OpenSSH's own client does: a version check is performed and the algorithm used is downgraded if needed. Reported by Adarsh Chauhan, with fix suggested by Jun Omae. +- :support:`2038` (via :issue:`2039`) Recent versions of Cryptography have + deprecated Blowfish algorithm support; in lieu of an easy method for users to + remove it from the list of algorithms Paramiko tries to import and use, we've + decided to remove it from our "preferred algorithms" list. This will both + discourage use of a weak algorithm, and avoid warnings. Credit for + report/patch goes to Mike Roest. - :bug:`2008` (via :issue:`2010`) Windows-native SSH agent support as merged in 2.10 could encounter ``Errno 22`` ``OSError`` exceptions in some scenarios (eg server not cleanly closing a relevant named pipe). This has been worked @@ -29,12 +35,18 @@ Changelog under Python 3.10. Thanks to Karthikeyan Singaravelan for the report, ``@Narendra-Neerukonda`` for the patch, and to Thomas Grainger and Jun Omae for patch workshopping. +- :feature:`1951` Add SSH config token expansion (eg ``%h``, ``%p``) when + parsing ``ProxyJump`` directives. Patch courtesy of Bruno Inec. - :bug:`1964` (via :issue:`2024` as also reported in :issue:`2023`) `~paramiko.pkey.PKey` instances' ``__eq__`` did not have the usual safety guard in place to ensure they were being compared to another ``PKey`` object, causing occasional spurious ``BadHostKeyException`` (among other things). This has been fixed. Thanks to Shengdun Hua for the original report/patch and to Christopher Papke for the final version of the fix. +- :support:`2004` (via :issue:`2011`) Apply unittest ``skipIf`` to tests + currently using SHA1 in their critical path, to avoid failures on systems + starting to disable SHA1 outright in their crypto backends (eg RHEL 9). + Report & patch via Paul Howarth. - :bug:`2035` Servers offering certificate variants of hostkey algorithms (eg ``ssh-rsa-cert-v01@openssh.com``) could not have their host keys verified by Paramiko clients, as it only ever considered non-cert key types for that part diff --git a/tests/loop.py b/tests/loop.py index 40179a64..6de4b164 100644 --- a/tests/loop.py +++ b/tests/loop.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. import socket import threading diff --git a/tests/stub_sftp.py b/tests/stub_sftp.py index 1528a0b8..0c0372e9 100644 --- a/tests/stub_sftp.py +++ b/tests/stub_sftp.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ A stub SFTP server for loopback SFTP testing. diff --git a/tests/test_auth.py b/tests/test_auth.py index 01fbac5b..0f0a6169 100644 --- a/tests/test_auth.py +++ b/tests/test_auth.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Some unit tests for authenticating over a Transport. diff --git a/tests/test_buffered_pipe.py b/tests/test_buffered_pipe.py index 61c99cc0..35e2cded 100644 --- a/tests/test_buffered_pipe.py +++ b/tests/test_buffered_pipe.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Some unit tests for BufferedPipe. diff --git a/tests/test_client.py b/tests/test_client.py index 21694e28..fdf19c45 100644 --- a/tests/test_client.py +++ b/tests/test_client.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Some unit tests for SSHClient. @@ -41,7 +41,7 @@ from paramiko import SSHClient from paramiko.pkey import PublicBlob from paramiko.ssh_exception import SSHException, AuthenticationException -from .util import _support, slow +from .util import _support, requires_sha1_signing, slow requires_gss_auth = unittest.skipUnless( @@ -244,33 +244,39 @@ class ClientTest(unittest.TestCase): class SSHClientTest(ClientTest): + @requires_sha1_signing def test_client(self): """ verify that the SSHClient stuff works too. """ self._test_connection(password="pygmalion") + @requires_sha1_signing def test_client_dsa(self): """ verify that SSHClient works with a DSA key. """ self._test_connection(key_filename=_support("test_dss.key")) + @requires_sha1_signing def test_client_rsa(self): """ verify that SSHClient works with an RSA key. """ self._test_connection(key_filename=_support("test_rsa.key")) + @requires_sha1_signing def test_client_ecdsa(self): """ verify that SSHClient works with an ECDSA key. """ self._test_connection(key_filename=_support("test_ecdsa_256.key")) + @requires_sha1_signing def test_client_ed25519(self): self._test_connection(key_filename=_support("test_ed25519.key")) + @requires_sha1_signing def test_multiple_key_files(self): """ verify that SSHClient accepts and tries multiple key files. @@ -302,6 +308,7 @@ class SSHClientTest(ClientTest): self.tearDown() self.setUp() + @requires_sha1_signing def test_multiple_key_files_failure(self): """ Expect failure when multiple keys in play and none are accepted @@ -315,6 +322,7 @@ class SSHClientTest(ClientTest): allowed_keys=["ecdsa-sha2-nistp256"], ) + @requires_sha1_signing def test_certs_allowed_as_key_filename_values(self): # NOTE: giving cert path here, not key path. (Key path test is below. # They're similar except for which path is given; the expected auth and @@ -328,6 +336,7 @@ class SSHClientTest(ClientTest): public_blob=PublicBlob.from_file(cert_path), ) + @requires_sha1_signing def test_certs_implicitly_loaded_alongside_key_filename_keys(self): # NOTE: a regular test_connection() w/ test_rsa.key would incidentally # test this (because test_xxx.key-cert.pub exists) but incidental tests @@ -501,6 +510,7 @@ class SSHClientTest(ClientTest): kwargs = dict(self.connect_kwargs, banner_timeout=0.5) self.assertRaises(paramiko.SSHException, self.tc.connect, **kwargs) + @requires_sha1_signing def test_auth_trickledown(self): """ Failed key auth doesn't prevent subsequent pw auth from succeeding @@ -521,6 +531,7 @@ class SSHClientTest(ClientTest): ) self._test_connection(**kwargs) + @requires_sha1_signing @slow def test_auth_timeout(self): """ @@ -623,6 +634,7 @@ class SSHClientTest(ClientTest): host_key = paramiko.ECDSAKey.generate() self._client_host_key_bad(host_key) + @requires_sha1_signing def test_host_key_negotiation_2(self): host_key = paramiko.RSAKey.generate(2048) self._client_host_key_bad(host_key) @@ -630,6 +642,7 @@ class SSHClientTest(ClientTest): def test_host_key_negotiation_3(self): self._client_host_key_good(paramiko.ECDSAKey, "test_ecdsa_256.key") + @requires_sha1_signing def test_host_key_negotiation_4(self): self._client_host_key_good(paramiko.RSAKey, "test_rsa.key") @@ -713,6 +726,7 @@ class PasswordPassphraseTests(ClientTest): # instead of suffering a real connection cycle. # TODO: in that case, move the below to be part of an integration suite? + @requires_sha1_signing def test_password_kwarg_works_for_password_auth(self): # Straightforward / duplicate of earlier basic password test. self._test_connection(password="pygmalion") @@ -720,10 +734,12 @@ class PasswordPassphraseTests(ClientTest): # TODO: more granular exception pending #387; should be signaling "no auth # methods available" because no key and no password @raises(SSHException) + @requires_sha1_signing def test_passphrase_kwarg_not_used_for_password_auth(self): # Using the "right" password in the "wrong" field shouldn't work. self._test_connection(passphrase="pygmalion") + @requires_sha1_signing def test_passphrase_kwarg_used_for_key_passphrase(self): # Straightforward again, with new passphrase kwarg. self._test_connection( @@ -731,6 +747,7 @@ class PasswordPassphraseTests(ClientTest): passphrase="television", ) + @requires_sha1_signing def test_password_kwarg_used_for_passphrase_when_no_passphrase_kwarg_given( self ): # noqa @@ -741,6 +758,7 @@ class PasswordPassphraseTests(ClientTest): ) @raises(AuthenticationException) # TODO: more granular + @requires_sha1_signing def test_password_kwarg_not_used_for_passphrase_when_passphrase_kwarg_given( # noqa self ): diff --git a/tests/test_config.py b/tests/test_config.py index b46dc7b4..45fb262d 100644 --- a/tests/test_config.py +++ b/tests/test_config.py @@ -207,6 +207,25 @@ Host test assert got == expected @patch("paramiko.config.getpass") + def test_proxyjump_token_expansion(self, getpass): + getpass.getuser.return_value = "gandalf" + config = SSHConfig.from_text( + """ +Host justhost + ProxyJump jumpuser@%h +Host userhost + ProxyJump %r@%h:222 +Host allcustom + ProxyJump %r@%h:%p +""" + ) + assert config.lookup("justhost")["proxyjump"] == "jumpuser@justhost" + assert config.lookup("userhost")["proxyjump"] == "gandalf@userhost:222" + assert ( + config.lookup("allcustom")["proxyjump"] == "gandalf@allcustom:22" + ) + + @patch("paramiko.config.getpass") def test_controlpath_token_expansion(self, getpass, socket): getpass.getuser.return_value = "gandalf" config = SSHConfig.from_text( diff --git a/tests/test_file.py b/tests/test_file.py index 2a3da74b..d4062c02 100644 --- a/tests/test_file.py +++ b/tests/test_file.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Some unit tests for the BufferedFile abstraction. diff --git a/tests/test_gssapi.py b/tests/test_gssapi.py index acdc7c82..23c3ef42 100644 --- a/tests/test_gssapi.py +++ b/tests/test_gssapi.py @@ -16,7 +16,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Test the used APIs for GSS-API / SSPI authentication diff --git a/tests/test_hostkeys.py b/tests/test_hostkeys.py index 41a9244f..723ea1a5 100644 --- a/tests/test_hostkeys.py +++ b/tests/test_hostkeys.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Some unit tests for HostKeys. diff --git a/tests/test_kex.py b/tests/test_kex.py index b73989c2..b6463558 100644 --- a/tests/test_kex.py +++ b/tests/test_kex.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Some unit tests for the key exchange protocols. diff --git a/tests/test_kex_gss.py b/tests/test_kex_gss.py index 6f5625dc..26659ae3 100644 --- a/tests/test_kex_gss.py +++ b/tests/test_kex_gss.py @@ -17,7 +17,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Unit Tests for the GSS-API / SSPI SSHv2 Diffie-Hellman Key Exchange and user diff --git a/tests/test_message.py b/tests/test_message.py index 57766d90..23b06858 100644 --- a/tests/test_message.py +++ b/tests/test_message.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Some unit tests for ssh protocol message blocks. diff --git a/tests/test_packetizer.py b/tests/test_packetizer.py index de80770e..27dee358 100644 --- a/tests/test_packetizer.py +++ b/tests/test_packetizer.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Some unit tests for the ssh2 protocol in Transport. diff --git a/tests/test_pkey.py b/tests/test_pkey.py index 3bc0459a..738e8cf0 100644 --- a/tests/test_pkey.py +++ b/tests/test_pkey.py @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Some unit tests for public/private key objects. @@ -44,7 +44,7 @@ from cryptography.hazmat.primitives.asymmetric.rsa import RSAPrivateNumbers from mock import patch, Mock import pytest -from .util import _support, is_low_entropy +from .util import _support, is_low_entropy, requires_sha1_signing # from openssh's ssh-keygen @@ -256,6 +256,7 @@ class KeyTest(unittest.TestCase): pub = RSAKey(data=key.asbytes()) self.assertTrue(pub.verify_ssh_sig(b"ice weasels", msg)) + @requires_sha1_signing def test_sign_and_verify_ssh_rsa(self): self._sign_and_verify_rsa("ssh-rsa", SIGNED_RSA) @@ -280,6 +281,7 @@ class KeyTest(unittest.TestCase): pub = DSSKey(data=key.asbytes()) self.assertTrue(pub.verify_ssh_sig(b"ice weasels", msg)) + @requires_sha1_signing def test_generate_rsa(self): key = RSAKey.generate(1024) msg = key.sign_ssh_data(b"jerri blank") diff --git a/tests/test_sftp.py b/tests/test_sftp.py index 6134d070..0650e8db 100644 --- a/tests/test_sftp.py +++ b/tests/test_sftp.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ some unit tests to make sure sftp works. diff --git a/tests/test_sftp_big.py b/tests/test_sftp_big.py index fc556faf..4643bcaa 100644 --- a/tests/test_sftp_big.py +++ b/tests/test_sftp_big.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ some unit tests to make sure sftp works well with large files. diff --git a/tests/test_ssh_gss.py b/tests/test_ssh_gss.py index 92801c20..4d171854 100644 --- a/tests/test_ssh_gss.py +++ b/tests/test_ssh_gss.py @@ -17,7 +17,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Unit Tests for the GSS-API / SSPI SSHv2 Authentication (gssapi-with-mic) diff --git a/tests/test_transport.py b/tests/test_transport.py index fa7a3c1a..98a7d30d 100644 --- a/tests/test_transport.py +++ b/tests/test_transport.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Some unit tests for the ssh2 protocol in Transport. @@ -61,7 +61,7 @@ from paramiko.common import ( from paramiko.py3compat import bytes, byte_chr from paramiko.message import Message -from .util import needs_builtin, _support, slow +from .util import needs_builtin, _support, requires_sha1_signing, slow from .loop import LoopSocket @@ -196,9 +196,9 @@ class TransportTest(unittest.TestCase): def test_security_options(self): o = self.tc.get_security_options() self.assertEqual(type(o), SecurityOptions) - self.assertTrue(("aes256-cbc", "blowfish-cbc") != o.ciphers) - o.ciphers = ("aes256-cbc", "blowfish-cbc") - self.assertEqual(("aes256-cbc", "blowfish-cbc"), o.ciphers) + self.assertTrue(("aes256-cbc", "aes192-cbc") != o.ciphers) + o.ciphers = ("aes256-cbc", "aes192-cbc") + self.assertEqual(("aes256-cbc", "aes192-cbc"), o.ciphers) try: o.ciphers = ("aes256-cbc", "made-up-cipher") self.assertTrue(False) @@ -1289,6 +1289,7 @@ class TestSHA2SignatureKeyExchange(unittest.TestCase): # are new tests in test_pkey.py which use known signature blobs to prove # the SHA2 family was in fact used! + @requires_sha1_signing def test_base_case_ssh_rsa_still_used_as_fallback(self): # Prove that ssh-rsa is used if either, or both, participants have SHA2 # algorithms disabled @@ -1411,6 +1412,7 @@ class TestSHA2SignaturePubkeys(unittest.TestCase): ) as (tc, ts, err): assert isinstance(err, AuthenticationException) + @requires_sha1_signing def test_ssh_rsa_still_used_when_sha2_disabled(self): privkey = RSAKey.from_private_key_file(_support("test_rsa.key")) # NOTE: this works because key obj comparison uses public bytes diff --git a/tests/test_util.py b/tests/test_util.py index 8ce260d1..0e485759 100644 --- a/tests/test_util.py +++ b/tests/test_util.py @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Some unit tests for utility functions. diff --git a/tests/util.py b/tests/util.py index 1355ce8a..3ec5d092 100644 --- a/tests/util.py +++ b/tests/util.py @@ -9,6 +9,10 @@ import pytest from paramiko.py3compat import builtins, PY2 from paramiko.ssh_gss import GSS_AUTH_AVAILABLE +from cryptography.exceptions import UnsupportedAlgorithm, _Reasons +from cryptography.hazmat.backends import default_backend +from cryptography.hazmat.primitives import hashes +from cryptography.hazmat.primitives.asymmetric import padding, rsa tests_dir = dirname(realpath(__file__)) @@ -144,3 +148,31 @@ def is_low_entropy(): # I don't see a way to tell internally if the hash seed was set this # way, but env should be plenty sufficient, this is only for testing. return is_32bit and os.environ.get("PYTHONHASHSEED", None) == "0" + + +def sha1_signing_unsupported(): + """ + This is used to skip tests in environments where SHA-1 signing is + not supported by the backend. + """ + private_key = rsa.generate_private_key( + public_exponent=65537, key_size=2048, backend=default_backend() + ) + message = b"Some dummy text" + try: + private_key.sign( + message, + padding.PSS( + mgf=padding.MGF1(hashes.SHA1()), + salt_length=padding.PSS.MAX_LENGTH, + ), + hashes.SHA1(), + ) + return False + except UnsupportedAlgorithm as e: + return e._reason is _Reasons.UNSUPPORTED_HASH + + +requires_sha1_signing = unittest.skipIf( + sha1_signing_unsupported(), "SHA-1 signing not supported" +) |