From c5febfa0176be1d230aabf6bb4ed94731a60e325 Mon Sep 17 00:00:00 2001 From: Tim Savage Date: Fri, 23 Dec 2016 12:38:07 +1100 Subject: Added changelog entry --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index dcafab78..855fdd30 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :feature:`add-auth-timeout` Adds a timeout for the authentication process. + This is a fix to prevent the client getting stuck if an SSH server becomes + un-responsive during the authentication. Credit to ``@timsavage``. * :support:`866 backported` (also :issue:`838`) Remove an old test-related file we don't support, and add PyPy to Travis-CI config. Thanks to Pierce Lopez for the final patch and Pedro Rodrigues for an earlier edition. -- cgit v1.2.3 From 91d644ae47f8e1d64f9e3c677ce2a5415be0caef Mon Sep 17 00:00:00 2001 From: Pierce Lopez Date: Fri, 5 May 2017 01:58:39 -0400 Subject: update changelog with fix for #949 --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index f7adf14a..553b98d1 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :bug:`949` SSHClient and Transport could cause a memory leak if there's + a connection problem or protocol error, even if ``Transport.close()`` + is called. Thanks Kyle Agronick for the discovery and investigation, + and Pierce Lopez for assistance. * :support:`974 backported` Overhaul the codebase to be PEP-8, etc, compliant (i.e. passes the maintainer's preferred `flake8 `_ configuration) and add a ``flake8`` step to the Travis config. Big thanks to -- cgit v1.2.3 From 102c694ca8ae46d384d3a9c4e2e963836d6f1509 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Tue, 6 Jun 2017 13:26:13 -0700 Subject: Partially apply #983 for 2.0+ --- paramiko/transport.py | 2 +- sites/www/changelog.rst | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'sites/www/changelog.rst') diff --git a/paramiko/transport.py b/paramiko/transport.py index 4a3ae8f4..802b496f 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -113,10 +113,10 @@ class Transport(threading.Thread, ClosingContextManager): _preferred_macs = ( 'hmac-sha2-256', 'hmac-sha2-512', + 'hmac-sha1', 'hmac-md5', 'hmac-sha1-96', 'hmac-md5-96', - 'hmac-sha1', ) _preferred_keys = ( 'ecdsa-sha2-nistp256', diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index ec1c09cb..353e2818 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :bug:`-` (partial application of :issue:`983`) Move ``sha1`` above the + now-arguably-broken ``md5`` in the list of preferred MAC algorithms, as an + incremental security improvement for users whose target systems offer both. + Credit: Pierce Lopez. * :bug:`667` The RC4/arcfour family of ciphers has been broken since version 2.0; but since the algorithm is now known to be completely insecure, we are opting to remove support outright instead of fixing it. Thanks to Alex Gaynor -- cgit v1.2.3 From d6e57d34bafb65c6ce62a022d1b509f35cf82d49 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Tue, 6 Jun 2017 13:26:13 -0700 Subject: Partially apply #983 for 2.0+ --- paramiko/transport.py | 2 +- sites/www/changelog.rst | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'sites/www/changelog.rst') diff --git a/paramiko/transport.py b/paramiko/transport.py index 4a3ae8f4..802b496f 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -113,10 +113,10 @@ class Transport(threading.Thread, ClosingContextManager): _preferred_macs = ( 'hmac-sha2-256', 'hmac-sha2-512', + 'hmac-sha1', 'hmac-md5', 'hmac-sha1-96', 'hmac-md5-96', - 'hmac-sha1', ) _preferred_keys = ( 'ecdsa-sha2-nistp256', diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index ec1c09cb..9aead611 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`983` Move ``sha1`` above the now-arguably-broken ``md5`` in the list of + preferred MAC algorithms, as an incremental security improvement for users + whose target systems offer both. Credit: Pierce Lopez. * :bug:`667` The RC4/arcfour family of ciphers has been broken since version 2.0; but since the algorithm is now known to be completely insecure, we are opting to remove support outright instead of fixing it. Thanks to Alex Gaynor -- cgit v1.2.3 From 947bd10f451f8a0249fdd8e234429f8a657c60ae Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Tue, 6 Jun 2017 13:30:09 -0700 Subject: Note ecdh-sha2 preferred-kex placement in changelog entry for #951, re #983 --- sites/www/changelog.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index cb36dba1..e4a66356 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -15,7 +15,9 @@ Changelog long-standing gotcha for unaware users. * :feature:`951` Add support for ECDH key exchange (kex), specifically the algorithms ``ecdh-sha2-nistp256``, ``ecdh-sha2-nistp384``, and - ``ecdh-sha2-nistp521``. Thanks to Shashank Veerapaneni for the patch. + ``ecdh-sha2-nistp521``. They now come before the older ``diffie-hellman-*`` + family of kex algorithms in the preferred-kex list. Thanks to Shashank + Veerapaneni for the patch & Pierce Lopez for a follow-up. * :support:`- backported` A big formatting pass to clean up an enormous number of invalid Sphinx reference links, discovered by switching to a modern, rigorous nitpicking doc-building mode. -- cgit v1.2.3 From 2804b79cdeb2c140862d48883b7fdc105f05b95a Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Tue, 6 Jun 2017 13:49:29 -0700 Subject: Changelog re #921 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index e4a66356..5c0b3552 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`921` Tighten up the ``__hash__`` implementation for various key + classes; less code is good code. Thanks to Francisco Couzo for the patch. * :bug:`983` Move ``sha1`` above the now-arguably-broken ``md5`` in the list of preferred MAC algorithms, as an incremental security improvement for users whose target systems offer both. Credit: Pierce Lopez. -- cgit v1.2.3 From ddb277d4e4989e914b67ff26c14c7c298e7fab9f Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Tue, 6 Jun 2017 14:24:38 -0700 Subject: Changelog tweak --- sites/www/changelog.rst | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 234d9df6..57bc306d 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,9 +2,10 @@ Changelog ========= -* :feature:`add-auth-timeout` Adds a timeout for the authentication process. - This is a fix to prevent the client getting stuck if an SSH server becomes - un-responsive during the authentication. Credit to ``@timsavage``. +* :feature:`869` Add an ``auth_timeout`` kwarg to `SSHClient.connect + ` (default: 30s) to avoid hangs when the + remote end becomes unresponsive during the authentication step. Credit to + ``@timsavage``. * :support:`921` Tighten up the ``__hash__`` implementation for various key classes; less code is good code. Thanks to Francisco Couzo for the patch. * :bug:`983` Move ``sha1`` above the now-arguably-broken ``md5`` in the list of -- cgit v1.2.3 From a98bf2535e0de3a815eafd910d0d28162f07c3bc Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Tue, 6 Jun 2017 15:27:30 -0700 Subject: Changelog re #471, re #65 --- sites/www/changelog.rst | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 57bc306d..3d14989a 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,14 @@ Changelog ========= +* :feature:`65` (via :issue:`471`) Add support for OpenSSH's SFTP + ``posix-rename`` protocol extension (section 3.3 of `OpenSSH's protocol + extension document + `_), + via a new ``posix_rename`` method in `SFTPClient + ` and `SFTPServerInterface + `. Thanks to Wren Turkal + for the initial patch & Mika Pflüger for the enhanced, merged PR. * :feature:`869` Add an ``auth_timeout`` kwarg to `SSHClient.connect ` (default: 30s) to avoid hangs when the remote end becomes unresponsive during the authentication step. Credit to -- cgit v1.2.3 From ccbcca2166a47f6a29a6cffd88a33cc997252a6f Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Tue, 6 Jun 2017 15:27:51 -0700 Subject: Add sanity note to changelog re #869 --- sites/www/changelog.rst | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 3d14989a..2c37fb0b 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -14,6 +14,13 @@ Changelog ` (default: 30s) to avoid hangs when the remote end becomes unresponsive during the authentication step. Credit to ``@timsavage``. + + .. note:: + This technically changes behavior, insofar as very slow auth steps >30s + will now cause timeout exceptions instead of completing. We doubt most + users will notice; those affected can simply give a higher value to + ``auth_timeout``. + * :support:`921` Tighten up the ``__hash__`` implementation for various key classes; less code is good code. Thanks to Francisco Couzo for the patch. * :bug:`983` Move ``sha1`` above the now-arguably-broken ``md5`` in the list of -- cgit v1.2.3 From 86688c1b9d37dd75f99b6eefb00200a1abb4cf51 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Tue, 6 Jun 2017 17:35:49 -0700 Subject: Hand-picked backport of #912, fixes #741 --- paramiko/pkey.py | 10 ++++++++-- paramiko/transport.py | 1 + sites/www/changelog.rst | 10 ++++++++++ tests/test_pkey.py | 28 ++++++++++++++++++++++++++++ 4 files changed, 47 insertions(+), 2 deletions(-) (limited to 'sites/www/changelog.rst') diff --git a/paramiko/pkey.py b/paramiko/pkey.py index f5b0cd18..35a26fc7 100644 --- a/paramiko/pkey.py +++ b/paramiko/pkey.py @@ -48,6 +48,12 @@ class PKey(object): 'blocksize': 16, 'mode': modes.CBC }, + 'AES-256-CBC': { + 'cipher': algorithms.AES, + 'keysize': 32, + 'blocksize': 16, + 'mode': modes.CBC + }, 'DES-EDE3-CBC': { 'cipher': algorithms.TripleDES, 'keysize': 24, @@ -344,13 +350,13 @@ class PKey(object): """ with open(filename, 'w') as f: os.chmod(filename, o600) - self._write_private_key(f, key, format) + self._write_private_key(f, key, format, password=password) def _write_private_key(self, f, key, format, password=None): if password is None: encryption = serialization.NoEncryption() else: - encryption = serialization.BestEncryption(password) + encryption = serialization.BestAvailableEncryption(b(password)) f.write(key.private_bytes( serialization.Encoding.PEM, diff --git a/paramiko/transport.py b/paramiko/transport.py index 802b496f..136d7fb2 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -78,6 +78,7 @@ def _join_lingering_threads(): for thr in _active_threads: thr.stop_thread() + import atexit atexit.register(_join_lingering_threads) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 9aead611..e4aa5261 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,16 @@ Changelog ========= +* :bug:`741` (also :issue:`809`, :issue:`772`; all via :issue:`912`) Writing + encrypted/password-protected private key files was silently broken since 2.0 + due to an incorrect API call; this has been fixed. + + Includes a directly related fix, namely adding the ability to read + ``AES-256-CBC`` ciphered private keys (which is now what we tend to write out + as it is Cryptography's default private key cipher.) + + Thanks to ``@virlos`` for the original report, Chris Harris and ``@ibuler`` + for initial draft PRs, and ``@jhgorrell`` for the final patch. * :bug:`983` Move ``sha1`` above the now-arguably-broken ``md5`` in the list of preferred MAC algorithms, as an incremental security improvement for users whose target systems offer both. Credit: Pierce Lopez. diff --git a/tests/test_pkey.py b/tests/test_pkey.py index 24d78c3e..394a2cf4 100644 --- a/tests/test_pkey.py +++ b/tests/test_pkey.py @@ -120,6 +120,18 @@ class KeyTest (unittest.TestCase): def tearDown(self): pass + def assert_keyfile_is_encrypted(self, keyfile): + """ + A quick check that filename looks like an encrypted key. + """ + with open(keyfile, "r") as fh: + self.assertEqual( + fh.readline()[:-1], + "-----BEGIN RSA PRIVATE KEY-----" + ) + self.assertEqual(fh.readline()[:-1], "Proc-Type: 4,ENCRYPTED") + self.assertEqual(fh.readline()[0:10], "DEK-Info: ") + def test_1_generate_key_bytes(self): key = util.generate_key_bytes(md5, x1234, 'happy birthday', 30) exp = b'\x61\xE1\xF2\x72\xF4\xC1\xC4\x56\x15\x86\xBD\x32\x24\x98\xC0\xE9\x24\x67\x27\x80\xF4\x7B\xB3\x7D\xDA\x7D\x54\x01\x9E\x64' @@ -426,6 +438,7 @@ class KeyTest (unittest.TestCase): # When the bug under test exists, this will ValueError. try: key.write_private_key_file(newfile, password=newpassword) + self.assert_keyfile_is_encrypted(newfile) # Verify the inner key data still matches (when no ValueError) key2 = RSAKey(filename=newfile, password=newpassword) self.assertEqual(key, key2) @@ -436,3 +449,18 @@ class KeyTest (unittest.TestCase): key = RSAKey.from_private_key_file(test_path('test_rsa.key')) comparable = TEST_KEY_BYTESTR_2 if PY2 else TEST_KEY_BYTESTR_3 self.assertEqual(str(key), comparable) + + def test_keyfile_is_actually_encrypted(self): + # Read an existing encrypted private key + file_ = test_path('test_rsa_password.key') + password = 'television' + newfile = file_ + '.new' + newpassword = 'radio' + key = RSAKey(filename=file_, password=password) + # Write out a newly re-encrypted copy with a new password. + # When the bug under test exists, this will ValueError. + try: + key.write_private_key_file(newfile, password=newpassword) + self.assert_keyfile_is_encrypted(newfile) + finally: + os.remove(newfile) -- cgit v1.2.3 From e2e1466f416f2a9ca9f8ecd19259f3e50d25a349 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 9 Jun 2017 12:41:00 -0700 Subject: Changelog re #956 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index dfa2fedc..01eb45ff 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :support:`956 backported` Switch code coverage service from coveralls.io to + codecov.io (& then disable the latter's auto-comments.) Thanks to Nikolai + Røed Kristiansen for the patch. * :bug:`949` SSHClient and Transport could cause a memory leak if there's a connection problem or protocol error, even if ``Transport.close()`` is called. Thanks Kyle Agronick for the discovery and investigation, -- cgit v1.2.3 From a234be3261b2d03288398fdbd7ccff10ab51fd33 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 9 Jun 2017 12:55:07 -0700 Subject: Unify 1.x and 2.x changelog entries. TBH this might just be the last damn 1.x series of releases. This is still too much work! --- sites/www/changelog.rst | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 01eb45ff..ebf8253b 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,13 +2,6 @@ Changelog ========= -* :support:`956 backported` Switch code coverage service from coveralls.io to - codecov.io (& then disable the latter's auto-comments.) Thanks to Nikolai - Røed Kristiansen for the patch. -* :bug:`949` SSHClient and Transport could cause a memory leak if there's - a connection problem or protocol error, even if ``Transport.close()`` - is called. Thanks Kyle Agronick for the discovery and investigation, - and Pierce Lopez for assistance. * :bug:`741` (also :issue:`809`, :issue:`772`; all via :issue:`912`) Writing encrypted/password-protected private key files was silently broken since 2.0 due to an incorrect API call; this has been fixed. @@ -19,6 +12,9 @@ Changelog Thanks to ``@virlos`` for the original report, Chris Harris and ``@ibuler`` for initial draft PRs, and ``@jhgorrell`` for the final patch. +* :support:`956 (1.17+)` Switch code coverage service from coveralls.io to + codecov.io (& then disable the latter's auto-comments.) Thanks to Nikolai + Røed Kristiansen for the patch. * :bug:`983` Move ``sha1`` above the now-arguably-broken ``md5`` in the list of preferred MAC algorithms, as an incremental security improvement for users whose target systems offer both. Credit: Pierce Lopez. @@ -43,8 +39,12 @@ Changelog (i.e. passes the maintainer's preferred `flake8 `_ configuration) and add a ``flake8`` step to the Travis config. Big thanks to Dorian Pula! -* :bug:`683` Make ``util.log_to_file`` append instead of replace. Thanks - to ``@vlcinsky`` for the report. +* :bug:`949 (1.17+)` SSHClient and Transport could cause a memory leak if + there's a connection problem or protocol error, even if ``Transport.close()`` + is called. Thanks Kyle Agronick for the discovery and investigation, and + Pierce Lopez for assistance. +* :bug:`683 (1.17+)` Make ``util.log_to_file`` append instead of replace. + Thanks to ``@vlcinsky`` for the report. * :release:`2.0.5 <2017-02-20>` * :release:`1.18.2 <2017-02-20>` * :release:`1.17.4 <2017-02-20>` -- cgit v1.2.3 From c11ec97a756afcf60058a4214f56c0fdd4f6a587 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 9 Jun 2017 13:34:53 -0700 Subject: More changelog flimflammery --- sites/www/changelog.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index e8576b4d..10ff9f76 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -33,9 +33,9 @@ Changelog * :support:`921` Tighten up the ``__hash__`` implementation for various key classes; less code is good code. Thanks to Francisco Couzo for the patch. -* :support:`956 (1.17+)` Switch code coverage service from coveralls.io to - codecov.io (& then disable the latter's auto-comments.) Thanks to Nikolai - Røed Kristiansen for the patch. +* :support:`956 backported (1.17+)` Switch code coverage service from + coveralls.io to codecov.io (& then disable the latter's auto-comments.) + Thanks to Nikolai Røed Kristiansen for the patch. * :bug:`983` Move ``sha1`` above the now-arguably-broken ``md5`` in the list of preferred MAC algorithms, as an incremental security improvement for users whose target systems offer both. Credit: Pierce Lopez. -- cgit v1.2.3 From 22439d24a7a304cf6f9e2f97b934000f5908664e Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 9 Jun 2017 13:51:02 -0700 Subject: Port #971 changelog from 1.x to 2.x --- sites/www/changelog.rst | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index ebf8253b..b850db69 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,11 @@ Changelog ========= +* :bug:`971 (1.17+)` Allow any type implementing the buffer API to be used with + `BufferedFile `, `Channel + `, and `SFTPFile `. + This resolves a regression introduced in 1.13 with the Python 3 porting + changes, when using types such as ``memoryview``. Credit: Martin Packman. * :bug:`741` (also :issue:`809`, :issue:`772`; all via :issue:`912`) Writing encrypted/password-protected private key files was silently broken since 2.0 due to an incorrect API call; this has been fixed. -- cgit v1.2.3 From b808d5e6eb7e5cc3ab6cc71b7b25a1feb543bdfc Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 9 Jun 2017 14:00:46 -0700 Subject: Hand-port #984 to 2.0 --- paramiko/transport.py | 2 +- sites/www/changelog.rst | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'sites/www/changelog.rst') diff --git a/paramiko/transport.py b/paramiko/transport.py index d219550d..2153b899 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -106,9 +106,9 @@ class Transport(threading.Thread, ClosingContextManager): 'aes192-ctr', 'aes256-ctr', 'aes128-cbc', - 'blowfish-cbc', 'aes192-cbc', 'aes256-cbc', + 'blowfish-cbc', '3des-cbc', ) _preferred_macs = ( diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index b850db69..32bb9250 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`984` Enhance default cipher preference order such that + ``aes(192|256)-cbc`` are preferred over ``blowfish-cbc``. Thanks to Alex + Gaynor. * :bug:`971 (1.17+)` Allow any type implementing the buffer API to be used with `BufferedFile `, `Channel `, and `SFTPFile `. -- cgit v1.2.3