def intercept_key_negotiation(transport, m): # restore intercept, to not disturb re-keying if this significantly alters the connection transport._handler_table[ common.MSG_KEXINIT] = Transport._negotiate_keys m.get_bytes(16) # cookie, discarded m.get_list() # key_algo_list, discarded server_key_algo_list = m.get_list() logging.debug("CVE-2020-14145: client algorithms: %s", server_key_algo_list) for host_key_algo in DEFAULT_ALGORITMS: if server_key_algo_list == host_key_algo: logging.info( "CVE-2020-14145: Client connecting for the FIRST time!") break else: logging.info( "CVE-2020-14145: Client has a locally cached remote fingerprint!" ) if "openssh" in session.transport.remote_version.lower(): if isinstance(session.proxyserver.host_key, ECDSAKey): logging.warning( "CVE-2020-14145: ecdsa-sha2 key is a bad choice; this will produce more false " "positives!") r = re.compile(r".*openssh_(\d\.\d).*", re.IGNORECASE) if int( r.match(session.transport.remote_version).group(1).replace( ".", "")) > 83: logging.warning( "CVE-2020-14145: Remote OpenSSH Version > 8.3; CVE-2020-14145 might produce false " "positive!") m.rewind() # normal operation Transport._negotiate_keys(transport, m)
def intercept_key_negotiation(transport: paramiko.Transport, m: Message) -> None: # restore intercept, to not disturb re-keying if this significantly alters the connection transport._handler_table[common.MSG_KEXINIT] = Transport._negotiate_keys # type: ignore key_negotiation_data = KeyNegotiationData(session, m) key_negotiation_data.show_debug_info() key_negotiation_data.audit_client() # normal operation try: Transport._negotiate_keys(transport, m) # type: ignore except SSHException as ex: logging.error(str(ex))
def intercept_key_negotiation(transport, m): # restore intercept, to not disturb re-keying if this significantly alters the connection transport._handler_table[common.MSG_KEXINIT] = Transport._negotiate_keys client_version = session.transport.remote_version.lower() cookie = m.get_bytes(16) # cookie (random bytes) kex_algorithms = m.get_list() # kex_algorithms server_host_key_algorithms = m.get_list() encryption_algorithms_client_to_server = m.get_list() encryption_algorithms_server_to_client = m.get_list() mac_algorithms_client_to_server = m.get_list() mac_algorithms_server_to_client = m.get_list() compression_algorithms_client_to_server = m.get_list() compression_algorithms_server_to_client = m.get_list() languages_client_to_server = m.get_list() languages_server_to_client = m.get_list() first_kex_packet_follows = m.get_boolean() logging.info("connected client version: %s", client_version) logging.debug("cookie: %s", cookie) logging.debug("kex_algorithms: %s", kex_algorithms) logging.debug("server_host_key_algorithms: %s", server_host_key_algorithms) logging.debug("encryption_algorithms_client_to_server: %s", encryption_algorithms_client_to_server) logging.debug("encryption_algorithms_server_to_client: %s", encryption_algorithms_server_to_client) logging.debug("mac_algorithms_client_to_server: %s", mac_algorithms_client_to_server) logging.debug("mac_algorithms_server_to_client: %s", mac_algorithms_server_to_client) logging.debug("compression_algorithms_client_to_server: %s", compression_algorithms_client_to_server) logging.debug("compression_algorithms_server_to_client: %s", compression_algorithms_server_to_client) logging.debug("languages_client_to_server: %s", languages_client_to_server) logging.debug("languages_server_to_client: %s", languages_server_to_client) logging.debug("first_kex_packet_follows: %s", first_kex_packet_follows) cve202014002.check_key_negotiation(client_version, server_host_key_algorithms, session) cve202014145.check_key_negotiation(client_version, server_host_key_algorithms, session) m.rewind() # normal operation Transport._negotiate_keys(transport, m)