Securize ssh connection to DPB WIM using paramiko.RejectPolicy
Change-Id: I36c75bac955f9d576a451bd45212a5168ea5bfae
Signed-off-by: garciadeblas <gerardo.garciadeblas@telefonica.com>
(cherry picked from commit cf82d7e1a6323bac540a7e2995476b914fd4ce51)
diff --git a/RO-SDN-dpb/osm_rosdn_dpb/wimconn_dpb.py b/RO-SDN-dpb/osm_rosdn_dpb/wimconn_dpb.py
index 075b1a8..f79ef99 100755
--- a/RO-SDN-dpb/osm_rosdn_dpb/wimconn_dpb.py
+++ b/RO-SDN-dpb/osm_rosdn_dpb/wimconn_dpb.py
@@ -108,7 +108,10 @@
def __create_client(self):
ssh_client = paramiko.SSHClient()
- ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+ # Load known host keys
+ ssh_client.load_system_host_keys()
+ # Reject unknown hosts
+ ssh_client.set_missing_host_key_policy(paramiko.RejectPolicy())
return ssh_client
@@ -132,6 +135,11 @@
look_for_keys=False,
compress=False,
)
+ # TODO: sanitizing commands to be executed
+ # Whitelist of allowed commands
+ # valid_commands = ["command1", "command2", "command3"]
+ # if self.__network not in valid_commands:
+ # raise SdnConnectorError("Invalid command executed", 400)
stdin, stdout, stderr = self.__ssh_client.exec_command(
command=self.__network
)