fix SSH MITM, file permissions, pin dependencies#440
Open
kpshukla wants to merge 1 commit intocryptosharks131:v1.11.0from
Open
fix SSH MITM, file permissions, pin dependencies#440kpshukla wants to merge 1 commit intocryptosharks131:v1.11.0from
kpshukla wants to merge 1 commit intocryptosharks131:v1.11.0from
Conversation
- Fix Paramiko SSH MITM vulnerability: replace AutoAddPolicy with load_system_host_keys() + RejectPolicy to reject unknown hosts - Restrict lndg-admin.txt password file permissions to 0o600 (owner read/write only) using touch(mode=) and os.chmod - Pin all dependencies in requirements.txt with minimum version bounds to prevent installation of vulnerable versions Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
kpshukla
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
AutoAddPolicy()withload_system_host_keys()+RejectPolicy()ingui/views.py. The SSH client now loads the user's~/.ssh/known_hostsand rejects any unrecognised host, preventing man-in-the-middle attacks on LAN SSH connections.data/lndg-admin.txtis now created withmode=0o600andos.chmodapplied after write, restricting access to owner only (was world-readable by default).requirements.txt(e.g.Django>=4.2,<5.0,cryptography>=41.0,paramiko>=3.4) to prevent installation of vulnerable or breaking versions.Notes
These fixes are scoped specifically to the local/single-user LNDg deployment model (localhost, LAN only). Other potential findings (open redirect, query param handling, security headers) were reviewed and deemed low/negligible risk given that context.
Test plan
~/.ssh/known_hostspip install -r requirements.txtto confirm no dependency conflictsinitialize.pyand confirmdata/lndg-admin.txthas permissions600🤖 Generated with Claude Code