SSH2 Module for Python

Edit Package python-paramiko

Paramiko is a module for python 2.2 (or higher) that implements the
SSH2 protocol for secure (encrypted and authenticated) connections to
remote machines.

Unlike SSL (aka TLS), the SSH2 protocol does not require hierarchical
certificates signed by a powerful central authority. you may know SSH2
as the protocol that replaced telnet and rsh for secure access to
remote shells, but the protocol also includes the ability to open
arbitrary channels to remote services across the encrypted tunnel --
this is how sftp works, for example.

It is written entirely in python (no C or platform-dependent code) and
is released under the GNU LGPL (lesser GPL).

Refresh
Refresh
Source Files
Filename Size Changed
paramiko-3.4.0.tar.gz 0001277306 1.22 MB
paramiko-test_extend_timeout.patch 0000000540 540 Bytes
python-paramiko.changes 0000048660 47.5 KB
python-paramiko.spec 0000003644 3.56 KB
remove-icecream-dep.patch 0000000818 818 Bytes
use-64-bit-maxsize-everywhere.patch 0000000681 681 Bytes
Revision 61 (latest revision is 64)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1134140 from Steve Kowalik's avatar Steve Kowalik (StevenK) (revision 61)
- Update to 3.4.0: (CVE-2023-48795, bsc#1218168)
  * Transport grew a new packetizer_class kwarg for overriding the
    packet-handler class used internally.
  * Address CVE 2023-48795 (aka the "Terrapin Attack", a vulnerability found
    in the SSH protocol re: treatment of packet sequence numbers) as follows:
    + The vulnerability only impacts encrypt-then-MAC digest algorithms in
      tandem with CBC ciphers, and ChaCha20-poly1305; of these, Paramiko
      currently only implements hmac-sha2-(256|512)-etm in tandem with
      AES-CBC.
    + As the fix for the vulnerability requires both ends of the connection
      to cooperate, the below changes will only take effect when the remote
      end is OpenSSH >= 9.6 (or equivalent, such as Paramiko in server mode,
      as of this patch version) and configured to use the new
      "strict kex" mode.
    + Paramiko will now raise an SSHException subclass (MessageOrderError)
      when protocol messages are received in unexpected order. This includes
      situations like receiving MSG_DEBUG or MSG_IGNORE during initial key
      exchange, which are no longer allowed during strict mode.
    + Key (re)negotiation -- i.e. MSG_NEWKEYS, whenever it is encountered --
      now resets packet sequence numbers. (This should be invisible to users
      during normal operation, only causing exceptions if the exploit is
      encountered, which will usually result in, again, MessageOrderError.)
    + Sequence number rollover will now raise SSHException if it occurs
      during initial key exchange (regardless of strict mode status).
  * Tweak ext-info-(c|s) detection during KEXINIT protocol phase; the
    original implementation made assumptions based on an OpenSSH
    implementation detail.
- Add patch use-64-bit-maxsize-everywhere.patch:
  * Use the 64-bit value of sys.maxsize.
Comments 0
openSUSE Build Service is sponsored by