Paramiko Server -- Exception (server): Error reading SSH protocol banner

Paramiko Server -- Exception (server): Error reading SSH protocol banner - Printable Version

+- Python Forum (https://python-forum.io)
+-- Forum: Python Coding (https://python-forum.io/forum-7.html)
+--- Forum: Networking (https://python-forum.io/forum-12.html)
+--- Thread: Paramiko Server -- Exception (server): Error reading SSH protocol banner (/thread-40407.html)

Paramiko Server -- Exception (server): Error reading SSH protocol banner - ujlain - Jul-23-2023

For the code snippet below , I am unable to trap error (as enumerated as tracebac)

hostF = "keys/id_rsa"
HOST_KEY = paramiko.RSAKey(filename=hostF)
transport = paramiko.Transport(client)
transport.add_server_key(HOST_KEY)
transport.local_version = "SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3"  # this is the banner that goes out
server = libServer.mySSH()
try: 
   [b] transport.start_server(server=server)  # Trouble here for DOS attack. Error below arent captured[/b][color=#E74C3C][/color]
    channel = transport.accept(20)
    channel.send("Got Channel .. will try SSH connection \r\n")
except Exception as e:
    print (e)

transport.start_server(server=server) --> this triggers a traceback as enumertaed below when a plain socket connection attempt is made on paramiko SSH server listening port. This can be a raw potential DOS attack.

Error:Exception (server): Error reading SSH protocol banner
Traceback (most recent call last):
  File "/home/uzi/.local/lib/python3.8/site-packages/paramiko/transport.py", line 2292, in _check_banner
    buf = self.packetizer.readline(timeout)
  File "/home/uzi/.local/lib/python3.8/site-packages/paramiko/packet.py", line 374, in readline
    buf += self._read_timeout(timeout)
  File "/home/uzi/.local/lib/python3.8/site-packages/paramiko/packet.py", line 603, in _read_timeout
    raise EOFError()
EOFError

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/uzi/.local/lib/python3.8/site-packages/paramiko/transport.py", line 2113, in run
    self._check_banner()
  File "/home/uzi/.local/lib/python3.8/site-packages/paramiko/transport.py", line 2296, in _check_banner
    raise SSHException(
paramiko.ssh_exception.SSHException: Error reading SSH protocol banner

RE: Paramiko Server -- Exception (server): Error reading SSH protocol banner - Gribouillis - Jul-23-2023

The start_server() documentation says that a separate thread is created for protocol negociation. Your exception occurred apparently in an other thread. You could perhaps play with the event parameter to catch the success or failure of the negociation.

RE: Paramiko Server -- Exception (server): Error reading SSH protocol banner - ujlain - Jul-24-2023

This traceback report can not be gracefully handed as exception.
What I doing here is running SSH server (using paramiko) and instead of making SSH connection, trying to connect using ordinary socket. Obviosuly SSH server expects SSH related packets from client and thus vomits traceback.
Paramiko ought to capture this as a feature.

event = threading.Event()
# Trouble here .. traceback error can't be gracefully handled
transport.start_server(event= event, server=server)
    while True:
        event.wait(0.1)
        if not transport.is_active():
        print ("Bad socket .. not an SSH attempt")
            os.kill(pid, signal.SIGKILL)
        if event.isSet(): break

Error:Exception (server): Error reading SSH protocol banner
Traceback (most recent call last):
  File "/home/uzi/.local/lib/python3.8/site-packages/paramiko/transport.py", line 2292, in _check_banner
    buf = self.packetizer.readline(timeout)
  File "/home/uzi/.local/lib/python3.8/site-packages/paramiko/packet.py", line 374, in readline
    buf += self._read_timeout(timeout)
  File "/home/uzi/.local/lib/python3.8/site-packages/paramiko/packet.py", line 603, in _read_timeout
    raise EOFError()
EOFError

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/uzi/.local/lib/python3.8/site-packages/paramiko/transport.py", line 2113, in run
    self._check_banner()
  File "/home/uzi/.local/lib/python3.8/site-packages/paramiko/transport.py", line 2296, in _check_banner
    raise SSHException(
paramiko.ssh_exception.SSHException: Error reading SSH protocol banner

RE: Paramiko Server -- Exception (server): Error reading SSH protocol banner - Gribouillis - Jul-24-2023

(Jul-24-2023, 05:44 AM)ujlain Wrote: Paramiko ought to capture this as a feature.

Issue a bug report to Paramiko's maintainers Exclamation

You could also look into the source code to see why the exception is not handled by the calling thread.

(Jul-24-2023, 05:44 AM)ujlain Wrote: traceback error can't be gracefully handled

See if you can do something by overrinding temporarily
threading.excepthook

(Jul-24-2023, 05:44 AM)ujlain Wrote: while True:

Why a loop? Why not just event.wait()?