Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ssh clean up #309

Merged
merged 4 commits into from
Aug 25, 2023
Merged

Ssh clean up #309

merged 4 commits into from
Aug 25, 2023

Conversation

jayjb
Copy link
Contributor

@jayjb jayjb commented Aug 24, 2023

Proposed changes

This commit introduces a few changes:

  • ssh key paths if you would like to generate your own and supply the path
  • ssh code clean up
  • config code cleanup enabling checks for ports and config variables.

Types of changes

What types of changes does your code introduce to this repository?
Put an x in the boxes that apply

  • Bugfix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Documentation Update

Checklist

Put an x in the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your code.

  • Lint and unit tests pass locally with my changes (if applicable)
  • I have run pre-commit (pre-commit in the repo)
  • I have added necessary documentation (if appropriate)

benjamin-thinkst
benjamin-thinkst approved these changes Aug 25, 2023
View reviewed changes
Copy link
Contributor

@benjamin-thinkst benjamin-thinkst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Some suggestions that may suit this change.

opencanary/config.py Outdated Show resolved Hide resolved
opencanary/config.py Outdated
@@ -43,6 +44,11 @@ def detectIPTables():
return False


SERVICE_REGEXES = {
"ssh.version": r"SSH-(2.0|1.5|1.99|1.0)-([!-,\-./0-~]+(:?$|\s))(?:[ -~]*)$",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want to add the length constraint here too.
see https://github.com/thinkst/opencanary/pull/309/files#diff-5f3e79391c8c84f0500a2fbfaab887c2661e9e86cb9f26cdeb9cb6da69a0a308L194

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

        if key == "ssh.version" and len(val) > 253:
            raise ConfigException(key, "SSH version string too long (%s..)" % val[:5])

We already have this which results in a nicer error message too. So going to leave it as is

@jayjb jayjb merged commit 415f2e4 into master Aug 25, 2023
33 of 34 checks passed
@jayjb jayjb deleted the ssh_clean_up branch August 25, 2023 08:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@benjamin-thinkst benjamin-thinkst benjamin-thinkst approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jayjb @benjamin-thinkst