Missing SSH Host Key Verification
ID |
python.missing_ssh_host_key_verification |
Severity |
high |
Resource |
Misconfiguration |
Language |
Python |
Tags |
CWE:295, NIST.SP.800-53, PCI-DSS:6.5.6 |
Description
Missing SSH host key verification occurs when an SSH client does not verify the server’s host key, which can lead to man-in-the-middle attacks.
Rationale
When establishing SSH connections, verifying the server’s host key is crucial to ensure that you are communicating with the correct server and not an impostor. If the host key verification is missing, an attacker can easily perform a man-in-the-middle (MITM) attack, intercepting or altering the communication.
Here is a Python example illustrating the problem:
import paramiko
client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) # FLAW
client.connect('hostname', username='user', password='pass')Remediation
To remediate this vulnerability, properly verify the server’s host key. Pre-load the known hosts file or manually set the expected host key.
Here’s how you can implement secure host key verification:
import paramiko
client = paramiko.SSHClient()
client.load_system_host_keys() # Load host keys from a trusted known_hosts file
# Alternatively, manually add the server's host key
# client.get_host_keys().add('hostname', 'ssh-rsa', key)
client.connect('hostname', username='user', password='pass')References
-
CWE-295 : Improper Certificate Validation.