From: garciadeblas Date: Tue, 17 Sep 2024 16:27:24 +0000 (+0200) Subject: Securize ssh connection to DPB WIM using paramiko.RejectPolicy X-Git-Url: https://osm.etsi.org/gitweb/?a=commitdiff_plain;h=cf82d7e1a6323bac540a7e2995476b914fd4ce51;p=osm%2FRO.git Securize ssh connection to DPB WIM using paramiko.RejectPolicy Change-Id: I36c75bac955f9d576a451bd45212a5168ea5bfae Signed-off-by: garciadeblas --- diff --git a/RO-SDN-dpb/osm_rosdn_dpb/wimconn_dpb.py b/RO-SDN-dpb/osm_rosdn_dpb/wimconn_dpb.py index 075b1a84..f79ef998 100755 --- a/RO-SDN-dpb/osm_rosdn_dpb/wimconn_dpb.py +++ b/RO-SDN-dpb/osm_rosdn_dpb/wimconn_dpb.py @@ -108,7 +108,10 @@ class DpbSshInterface: def __create_client(self): ssh_client = paramiko.SSHClient() - ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) + # Load known host keys + ssh_client.load_system_host_keys() + # Reject unknown hosts + ssh_client.set_missing_host_key_policy(paramiko.RejectPolicy()) return ssh_client @@ -132,6 +135,11 @@ class DpbSshInterface: look_for_keys=False, compress=False, ) + # TODO: sanitizing commands to be executed + # Whitelist of allowed commands + # valid_commands = ["command1", "command2", "command3"] + # if self.__network not in valid_commands: + # raise SdnConnectorError("Invalid command executed", 400) stdin, stdout, stderr = self.__ssh_client.exec_command( command=self.__network )