For the code snippet below , I am unable to trap error (as enumerated as tracebac)
hostF = "keys/id_rsa"
HOST_KEY = paramiko.RSAKey(filename=hostF)
transport = paramiko.Transport(client)
transport.add_server_key(HOST_KEY)
transport.local_version = "SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3" # this is the banner that goes out
server = libServer.mySSH()
try:
[b] transport.start_server(server=server) # Trouble here for DOS attack. Error below arent captured[/b][color=#E74C3C][/color]
channel = transport.accept(20)
channel.send("Got Channel .. will try SSH connection \r\n")
except Exception as e:
print (e)transport.start_server(server=server) --> this triggers a traceback as enumertaed below when a plain socket connection attempt is made on paramiko SSH server listening port. This can be a raw potential DOS attack.
Error:
Exception (server): Error reading SSH protocol banner
Traceback (most recent call last):
File "/home/uzi/.local/lib/python3.8/site-packages/paramiko/transport.py", line 2292, in _check_banner
buf = self.packetizer.readline(timeout)
File "/home/uzi/.local/lib/python3.8/site-packages/paramiko/packet.py", line 374, in readline
buf += self._read_timeout(timeout)
File "/home/uzi/.local/lib/python3.8/site-packages/paramiko/packet.py", line 603, in _read_timeout
raise EOFError()
EOFError
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/uzi/.local/lib/python3.8/site-packages/paramiko/transport.py", line 2113, in run
self._check_banner()
File "/home/uzi/.local/lib/python3.8/site-packages/paramiko/transport.py", line 2296, in _check_banner
raise SSHException(
paramiko.ssh_exception.SSHException: Error reading SSH protocol banner
The
start_server() documentation says that a separate thread is created for protocol negociation. Your exception occurred apparently in an other thread. You could perhaps play with the
event parameter to catch the success or failure of the negociation.
- This traceback report can not be gracefully handed as exception.
- What I doing here is running SSH server (using paramiko) and instead of making SSH connection, trying to connect using ordinary socket. Obviosuly SSH server expects SSH related packets from client and thus vomits traceback.
- Paramiko ought to capture this as a feature.
event = threading.Event()
# Trouble here .. traceback error can't be gracefully handled
transport.start_server(event= event, server=server)
while True:
event.wait(0.1)
if not transport.is_active():
print ("Bad socket .. not an SSH attempt")
os.kill(pid, signal.SIGKILL)
if event.isSet(): breakError:
Exception (server): Error reading SSH protocol banner
Traceback (most recent call last):
File "/home/uzi/.local/lib/python3.8/site-packages/paramiko/transport.py", line 2292, in _check_banner
buf = self.packetizer.readline(timeout)
File "/home/uzi/.local/lib/python3.8/site-packages/paramiko/packet.py", line 374, in readline
buf += self._read_timeout(timeout)
File "/home/uzi/.local/lib/python3.8/site-packages/paramiko/packet.py", line 603, in _read_timeout
raise EOFError()
EOFError
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/uzi/.local/lib/python3.8/site-packages/paramiko/transport.py", line 2113, in run
self._check_banner()
File "/home/uzi/.local/lib/python3.8/site-packages/paramiko/transport.py", line 2296, in _check_banner
raise SSHException(
paramiko.ssh_exception.SSHException: Error reading SSH protocol banner
(Jul-24-2023, 05:44 AM)ujlain Wrote: [ -> ]Paramiko ought to capture this as a feature.
Issue a bug report to Paramiko's maintainers
You could also look into the source code to see why the exception is not handled by the calling thread.
(Jul-24-2023, 05:44 AM)ujlain Wrote: [ -> ]traceback error can't be gracefully handled
See if you can do something by overrinding temporarily
threading.excepthook
(Jul-24-2023, 05:44 AM)ujlain Wrote: [ -> ]while True:
Why a loop? Why not just
event.wait()?