Paramiko SHA-1 Vulnerability in RSA Key Handling

A vulnerability exists in Paramiko versions through 4.0.0 prior to the commit a448945, allowing the use of SHA-1 for RSA key signatures. This is problematic because SHA-1 is deprecated for digital signatures and considered weak. The vulnerability arises because Paramiko's SSH client can negotiate the 'ssh-rsa' algorithm, which is then accepted by servers not configured to require SHA-2 signatures. This issue can lead to compatibility problems with newer OpenSSH versions that no longer support SHA-1.

Impact

The vulnerability allows servers to accept RSA signatures verified with SHA-1, which is deprecated and weak, creating potential compatibility issues with clients that require SHA-2.

Reproduction

The vulnerability can be reproduced by using a Paramiko SSH client that negotiates 'ssh-rsa' as the key algorithm with a server that does not enforce SHA-2 requirements. This can be done by configuring the server to accept 'ssh-rsa' keys without SHA-2 validation and then using a client that signs with SHA-1.

Remediation

Users should update to Paramiko version 4.0.0 or later, where this vulnerability has been fixed.