[paramiko] Paramiko bugs out on windows 2003 server
Dwayne Litzenberger
dwayne at oscl.ca
Tue Mar 25 14:38:19 PDT 2008
On March 25, 2008 01:51:33 pm Tarun Kapoor wrote:
> The windows server machine has python 2.3 which cannot be upgraded
> (unfortunately). So the version of paramiko and pycrypto are latest ones
> I can install on python 2.3
Old versions of paramiko *looked* like they were working, but would sometimes
run totally insecurely on Win32---depending on the configuration---due to a
lack of a strong random number generator. See this email:
http://www.lag.net/pipermail/paramiko/2008-January/000599.html
The newest version of paramiko detects the problem and aborts if it can't find
a good source of random numbers.
If you can't upgrade to Python >= 2.4 and you can't install a modified version
of PyCrypto, then there is currently no secure way to run *any version* of
paramiko on your server, since the random number generator is very weak.
Sorry.
I repeat: If you are getting this error with the latest version of Paramiko,
then older versions of Paramiko might work, but they will be insecure.
--
Dwayne Litzenberger, B.A.Sc.
Information Technology Analyst
Open Systems Canada Limited
#210 - 2332 11th Ave
Regina, SK S4P0K1
Office: (306) 359-OSCL (6725)
http://www.oscl.ca/
More information about the paramiko
mailing list