axw
commented
12 years ago (by axwalk) There is now a "missing_host_key_policy" keyword parameter for the Paramiko SSH transport. This should be set to one of the strings "reject" (the default), "warning", or "autoadd". Alternatively, it can be set to an instance of paramiko.MissingHostKeyPolicy (or a subclass).
Pushy configures Paramiko with the "AutoAddPolicy", which opens users to "man in the middle" attacks. This was fine when Pushy was used only by me, in a controlled network, but needs to be changed now. It should be configurable, with the default to reject.
Imported from Launchpad using lp2gh.