SSH2 Module for Python
Paramiko is a module for python 2.2 (or higher) that implements the SSH2 protocol for secure (encrypted and authenticated) connections to remote machines.
Unlike SSL (aka TLS), the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. you may know SSH2 as the protocol that replaced telnet and rsh for secure access to remote shells, but the protocol also includes the ability to open arbitrary channels to remote services across the encrypted tunnel -- this is how sftp works, for example.
It is written entirely in python (no C or platform-dependent code) and is released under the GNU LGPL (lesser GPL).
- Sources inherited from project devel:languages:python
- Devel package for openSUSE:Factory
-
15
derived packages
- Links to openSUSE:Factory / python-paramiko
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout home:Tomcat42/python-paramiko && cd $_
- Create Badge
Refresh
Refresh
Source Files
Filename | Size | Changed |
---|---|---|
paramiko-3.4.0.tar.gz | 0001277306 1.22 MB | |
paramiko-test_extend_timeout.patch | 0000000540 540 Bytes | |
python-paramiko.changes | 0000050799 49.6 KB | |
python-paramiko.spec | 0000003790 3.7 KB | |
remove-icecream-dep.patch | 0000000818 818 Bytes | |
support-pytest-8.patch | 0000000663 663 Bytes | |
use-64-bit-maxsize-everywhere.patch | 0000000681 681 Bytes |
Revision 118 (latest revision is 122)
Steve Kowalik (StevenK)
committed
(revision 118)
- Update to 3.4.0: (CVE-2023-48795, bsc#1218168) * Transport grew a new packetizer_class kwarg for overriding the packet-handler class used internally. * Address CVE 2023-48795 (aka the "Terrapin Attack", a vulnerability found in the SSH protocol re: treatment of packet sequence numbers) as follows: + The vulnerability only impacts encrypt-then-MAC digest algorithms in tandem with CBC ciphers, and ChaCha20-poly1305; of these, Paramiko currently only implements hmac-sha2-(256|512)-etm in tandem with AES-CBC. + As the fix for the vulnerability requires both ends of the connection to cooperate, the below changes will only take effect when the remote end is OpenSSH >= 9.6 (or equivalent, such as Paramiko in server mode, as of this patch version) and configured to use the new "strict kex" mode. + Paramiko will now raise an SSHException subclass (MessageOrderError) when protocol messages are received in unexpected order. This includes situations like receiving MSG_DEBUG or MSG_IGNORE during initial key exchange, which are no longer allowed during strict mode. + Key (re)negotiation -- i.e. MSG_NEWKEYS, whenever it is encountered -- now resets packet sequence numbers. (This should be invisible to users during normal operation, only causing exceptions if the exploit is encountered, which will usually result in, again, MessageOrderError.) + Sequence number rollover will now raise SSHException if it occurs during initial key exchange (regardless of strict mode status). * Tweak ext-info-(c|s) detection during KEXINIT protocol phase; the original implementation made assumptions based on an OpenSSH implementation detail.
Comments 0