Menu
▾
▴
[Pyssh-discuss] non-interactive enhancements
|
From: Mark W. A. <sl...@do...> - 2004-10-19 18:14:31
|
FYI, I've committed Adam Allen's patch https://sourceforge.net/tracker/index.php?func=detail&aid=1022628&group_id=33947&atid=409712 to CVS. This patch allows control over whether to allow the acceptance of new host keys or not. By default, new host keys are accepted. Thanks Adam! I've also added a check for "Host key verification failed" in the initial banner exchange. Since this could be an indication of a man-in-the-middle attack, it raises a HostVerificationFailure exception. Unless captured, this will terminate any connection without providing any user over-ride capability. Instead, the warning banner is produced along with the exception forcing the proper corrective action which is to verify/correct the keys. This is consistent with, but a little more gracefull than, the current behavior which requires a user response before bombing out (at least with strict host checking on). Note that these changes are in the default prompt_callback function, so this behavior can be over-ridden by a caller specified prompt_callback. If anyone is using custom prompt_callback functions, I'd appreciate an education as to why it was necessary for you to use one. I do not plan a new file release for these changes. If you want these features, please pull the latest from anonymous cvs. My target for the next file release is an expect() function comparable to telnetlib's. I'm still feeling my way around the details of the code, but my goal is for PySSH to be a drop-in replacement (e.g. API compatible) with telnetlib. Comments, suggestions, and cautions are appreciated. mwa -- Mark W. Alexander sl...@do... The contents of this message authored by Mark W. Alexander are released under the Creative Commons Attribution-NonCommercial license. Copyright of quoted materials, if any, are retained by the original author(s). http://creativecommons.org/licenses/by-nc/2.0/ |
