def intercept_key_negotiation(transport, m):
# restore intercept, to not disturb re-keying if this significantly alters the connection
transport._handler_table[
common.MSG_KEXINIT] = Transport._negotiate_keys
m.get_bytes(16) # cookie, discarded
m.get_list() # key_algo_list, discarded
server_key_algo_list = m.get_list()
logging.debug("CVE-2020-14145: client algorithms: %s",
server_key_algo_list)
for host_key_algo in DEFAULT_ALGORITMS:
if server_key_algo_list == host_key_algo:
logging.info(
"CVE-2020-14145: Client connecting for the FIRST time!")
break
else:
logging.info(
"CVE-2020-14145: Client has a locally cached remote fingerprint!"
)
if "openssh" in session.transport.remote_version.lower():
if isinstance(session.proxyserver.host_key, ECDSAKey):
logging.warning(
"CVE-2020-14145: ecdsa-sha2 key is a bad choice; this will produce more false "
"positives!")
r = re.compile(r".*openssh_(\d\.\d).*", re.IGNORECASE)
if int(
r.match(session.transport.remote_version).group(1).replace(
".", "")) > 83:
logging.warning(
"CVE-2020-14145: Remote OpenSSH Version > 8.3; CVE-2020-14145 might produce false "
"positive!")
m.rewind()
# normal operation
Transport._negotiate_keys(transport, m)
def intercept_key_negotiation(transport: paramiko.Transport, m: Message) -> None:
# restore intercept, to not disturb re-keying if this significantly alters the connection
transport._handler_table[common.MSG_KEXINIT] = Transport._negotiate_keys # type: ignore
key_negotiation_data = KeyNegotiationData(session, m)
key_negotiation_data.show_debug_info()
key_negotiation_data.audit_client()
# normal operation
try:
Transport._negotiate_keys(transport, m) # type: ignore
except SSHException as ex:
logging.error(str(ex))
def intercept_key_negotiation(transport, m):
# restore intercept, to not disturb re-keying if this significantly alters the connection
transport._handler_table[common.MSG_KEXINIT] = Transport._negotiate_keys
client_version = session.transport.remote_version.lower()
cookie = m.get_bytes(16) # cookie (random bytes)
kex_algorithms = m.get_list() # kex_algorithms
server_host_key_algorithms = m.get_list()
encryption_algorithms_client_to_server = m.get_list()
encryption_algorithms_server_to_client = m.get_list()
mac_algorithms_client_to_server = m.get_list()
mac_algorithms_server_to_client = m.get_list()
compression_algorithms_client_to_server = m.get_list()
compression_algorithms_server_to_client = m.get_list()
languages_client_to_server = m.get_list()
languages_server_to_client = m.get_list()
first_kex_packet_follows = m.get_boolean()
logging.info("connected client version: %s", client_version)
logging.debug("cookie: %s", cookie)
logging.debug("kex_algorithms: %s", kex_algorithms)
logging.debug("server_host_key_algorithms: %s", server_host_key_algorithms)
logging.debug("encryption_algorithms_client_to_server: %s", encryption_algorithms_client_to_server)
logging.debug("encryption_algorithms_server_to_client: %s", encryption_algorithms_server_to_client)
logging.debug("mac_algorithms_client_to_server: %s", mac_algorithms_client_to_server)
logging.debug("mac_algorithms_server_to_client: %s", mac_algorithms_server_to_client)
logging.debug("compression_algorithms_client_to_server: %s", compression_algorithms_client_to_server)
logging.debug("compression_algorithms_server_to_client: %s", compression_algorithms_server_to_client)
logging.debug("languages_client_to_server: %s", languages_client_to_server)
logging.debug("languages_server_to_client: %s", languages_server_to_client)
logging.debug("first_kex_packet_follows: %s", first_kex_packet_follows)
cve202014002.check_key_negotiation(client_version, server_host_key_algorithms, session)
cve202014145.check_key_negotiation(client_version, server_host_key_algorithms, session)
m.rewind()
# normal operation
Transport._negotiate_keys(transport, m)
