Show More
| @@ -1,255 +1,254 b'' | |||||
| 1 | .. _parallelsecurity: |
|
1 | .. _parallelsecurity: | |
| 2 |
|
2 | |||
| 3 | =========================== |
|
3 | =========================== | |
| 4 | Security details of IPython |
|
4 | Security details of IPython | |
| 5 | =========================== |
|
5 | =========================== | |
| 6 |
|
6 | |||
| 7 | .. note:: |
|
7 | .. note:: | |
| 8 |
|
8 | |||
| 9 | This section is not thorough, and IPython.zmq needs a thorough security |
|
9 | This section is not thorough, and IPython.zmq needs a thorough security | |
| 10 | audit. |
|
10 | audit. | |
| 11 |
|
11 | |||
| 12 | IPython's :mod:`IPython.zmq` package exposes the full power of the |
|
12 | IPython's :mod:`IPython.zmq` package exposes the full power of the | |
| 13 | Python interpreter over a TCP/IP network for the purposes of parallel |
|
13 | Python interpreter over a TCP/IP network for the purposes of parallel | |
| 14 | computing. This feature brings up the important question of IPython's security |
|
14 | computing. This feature brings up the important question of IPython's security | |
| 15 | model. This document gives details about this model and how it is implemented |
|
15 | model. This document gives details about this model and how it is implemented | |
| 16 | in IPython's architecture. |
|
16 | in IPython's architecture. | |
| 17 |
|
17 | |||
| 18 | Process and network topology |
|
18 | Process and network topology | |
| 19 | ============================ |
|
19 | ============================ | |
| 20 |
|
20 | |||
| 21 | To enable parallel computing, IPython has a number of different processes that |
|
21 | To enable parallel computing, IPython has a number of different processes that | |
| 22 | run. These processes are discussed at length in the IPython documentation and |
|
22 | run. These processes are discussed at length in the IPython documentation and | |
| 23 | are summarized here: |
|
23 | are summarized here: | |
| 24 |
|
24 | |||
| 25 | * The IPython *engine*. This process is a full blown Python |
|
25 | * The IPython *engine*. This process is a full blown Python | |
| 26 | interpreter in which user code is executed. Multiple |
|
26 | interpreter in which user code is executed. Multiple | |
| 27 | engines are started to make parallel computing possible. |
|
27 | engines are started to make parallel computing possible. | |
| 28 | * The IPython *hub*. This process monitors a set of |
|
28 | * The IPython *hub*. This process monitors a set of | |
| 29 | engines and schedulers, and keeps track of the state of the processes. It listens |
|
29 | engines and schedulers, and keeps track of the state of the processes. It listens | |
| 30 | for registration connections from engines and clients, and monitor connections |
|
30 | for registration connections from engines and clients, and monitor connections | |
| 31 | from schedulers. |
|
31 | from schedulers. | |
| 32 | * The IPython *schedulers*. This is a set of processes that relay commands and results |
|
32 | * The IPython *schedulers*. This is a set of processes that relay commands and results | |
| 33 | between clients and engines. They are typically on the same machine as the controller, |
|
33 | between clients and engines. They are typically on the same machine as the controller, | |
| 34 | and listen for connections from engines and clients, but connect to the Hub. |
|
34 | and listen for connections from engines and clients, but connect to the Hub. | |
| 35 | * The IPython *client*. This process is typically an |
|
35 | * The IPython *client*. This process is typically an | |
| 36 | interactive Python process that is used to coordinate the |
|
36 | interactive Python process that is used to coordinate the | |
| 37 | engines to get a parallel computation done. |
|
37 | engines to get a parallel computation done. | |
| 38 |
|
38 | |||
| 39 | Collectively, these processes are called the IPython *cluster*, and the hub and schedulers |
|
39 | Collectively, these processes are called the IPython *cluster*, and the hub and schedulers | |
| 40 | together are referred to as the *controller*. |
|
40 | together are referred to as the *controller*. | |
| 41 |
|
41 | |||
| 42 |
|
42 | |||
| 43 | These processes communicate over any transport supported by ZeroMQ (tcp,pgm,infiniband,ipc) |
|
43 | These processes communicate over any transport supported by ZeroMQ (tcp,pgm,infiniband,ipc) | |
| 44 | with a well defined topology. The IPython hub and schedulers listen on sockets. Upon |
|
44 | with a well defined topology. The IPython hub and schedulers listen on sockets. Upon | |
| 45 | starting, an engine connects to a hub and registers itself, which then informs the engine |
|
45 | starting, an engine connects to a hub and registers itself, which then informs the engine | |
| 46 | of the connection information for the schedulers, and the engine then connects to the |
|
46 | of the connection information for the schedulers, and the engine then connects to the | |
| 47 | schedulers. These engine/hub and engine/scheduler connections persist for the |
|
47 | schedulers. These engine/hub and engine/scheduler connections persist for the | |
| 48 | lifetime of each engine. |
|
48 | lifetime of each engine. | |
| 49 |
|
49 | |||
| 50 | The IPython client also connects to the controller processes using a number of socket |
|
50 | The IPython client also connects to the controller processes using a number of socket | |
| 51 | connections. As of writing, this is one socket per scheduler (4), and 3 connections to the |
|
51 | connections. As of writing, this is one socket per scheduler (4), and 3 connections to the | |
| 52 | hub for a total of 7. These connections persist for the lifetime of the client only. |
|
52 | hub for a total of 7. These connections persist for the lifetime of the client only. | |
| 53 |
|
53 | |||
| 54 | A given IPython controller and set of engines engines typically has a relatively |
|
54 | A given IPython controller and set of engines engines typically has a relatively | |
| 55 | short lifetime. Typically this lifetime corresponds to the duration of a single parallel |
|
55 | short lifetime. Typically this lifetime corresponds to the duration of a single parallel | |
| 56 | simulation performed by a single user. Finally, the hub, schedulers, engines, and client |
|
56 | simulation performed by a single user. Finally, the hub, schedulers, engines, and client | |
| 57 | processes typically execute with the permissions of that same user. More specifically, the |
|
57 | processes typically execute with the permissions of that same user. More specifically, the | |
| 58 | controller and engines are *not* executed as root or with any other superuser permissions. |
|
58 | controller and engines are *not* executed as root or with any other superuser permissions. | |
| 59 |
|
59 | |||
| 60 | Application logic |
|
60 | Application logic | |
| 61 | ================= |
|
61 | ================= | |
| 62 |
|
62 | |||
| 63 | When running the IPython kernel to perform a parallel computation, a user |
|
63 | When running the IPython kernel to perform a parallel computation, a user | |
| 64 | utilizes the IPython client to send Python commands and data through the |
|
64 | utilizes the IPython client to send Python commands and data through the | |
| 65 | IPython schedulers to the IPython engines, where those commands are executed |
|
65 | IPython schedulers to the IPython engines, where those commands are executed | |
| 66 | and the data processed. The design of IPython ensures that the client is the |
|
66 | and the data processed. The design of IPython ensures that the client is the | |
| 67 | only access point for the capabilities of the engines. That is, the only way |
|
67 | only access point for the capabilities of the engines. That is, the only way | |
| 68 | of addressing the engines is through a client. |
|
68 | of addressing the engines is through a client. | |
| 69 |
|
69 | |||
| 70 | A user can utilize the client to instruct the IPython engines to execute |
|
70 | A user can utilize the client to instruct the IPython engines to execute | |
| 71 | arbitrary Python commands. These Python commands can include calls to the |
|
71 | arbitrary Python commands. These Python commands can include calls to the | |
| 72 | system shell, access the filesystem, etc., as required by the user's |
|
72 | system shell, access the filesystem, etc., as required by the user's | |
| 73 | application code. From this perspective, when a user runs an IPython engine on |
|
73 | application code. From this perspective, when a user runs an IPython engine on | |
| 74 | a host, that engine has the same capabilities and permissions as the user |
|
74 | a host, that engine has the same capabilities and permissions as the user | |
| 75 | themselves (as if they were logged onto the engine's host with a terminal). |
|
75 | themselves (as if they were logged onto the engine's host with a terminal). | |
| 76 |
|
76 | |||
| 77 | Secure network connections |
|
77 | Secure network connections | |
| 78 | ========================== |
|
78 | ========================== | |
| 79 |
|
79 | |||
| 80 | Overview |
|
80 | Overview | |
| 81 | -------- |
|
81 | -------- | |
| 82 |
|
82 | |||
| 83 | ZeroMQ provides exactly no security. For this reason, users of IPython must be very |
|
83 | ZeroMQ provides exactly no security. For this reason, users of IPython must be very | |
| 84 | careful in managing connections, because an open TCP/IP socket presents access to |
|
84 | careful in managing connections, because an open TCP/IP socket presents access to | |
| 85 | arbitrary execution as the user on the engine machines. As a result, the default behavior |
|
85 | arbitrary execution as the user on the engine machines. As a result, the default behavior | |
| 86 | of controller processes is to only listen for clients on the loopback interface, and the |
|
86 | of controller processes is to only listen for clients on the loopback interface, and the | |
| 87 | client must establish SSH tunnels to connect to the controller processes. |
|
87 | client must establish SSH tunnels to connect to the controller processes. | |
| 88 |
|
88 | |||
| 89 | .. warning:: |
|
89 | .. warning:: | |
| 90 |
|
90 | |||
| 91 | If the controller's loopback interface is untrusted, then IPython should be considered |
|
91 | If the controller's loopback interface is untrusted, then IPython should be considered | |
| 92 | vulnerable, and this extends to the loopback of all connected clients, which have |
|
92 | vulnerable, and this extends to the loopback of all connected clients, which have | |
| 93 | opened a loopback port that is redirected to the controller's loopback port. |
|
93 | opened a loopback port that is redirected to the controller's loopback port. | |
| 94 |
|
94 | |||
| 95 |
|
95 | |||
| 96 | SSH |
|
96 | SSH | |
| 97 | --- |
|
97 | --- | |
| 98 |
|
98 | |||
| 99 | Since ZeroMQ provides no security, SSH tunnels are the primary source of secure |
|
99 | Since ZeroMQ provides no security, SSH tunnels are the primary source of secure | |
| 100 | connections. A connector file, such as `ipcontroller-client.json`, will contain |
|
100 | connections. A connector file, such as `ipcontroller-client.json`, will contain | |
| 101 | information for connecting to the controller, possibly including the address of an |
|
101 | information for connecting to the controller, possibly including the address of an | |
| 102 | ssh-server through with the client is to tunnel. The Client object then creates tunnels |
|
102 | ssh-server through with the client is to tunnel. The Client object then creates tunnels | |
| 103 | using either [OpenSSH]_ or [Paramiko]_, depending on the platform. If users do not wish to |
|
103 | using either [OpenSSH]_ or [Paramiko]_, depending on the platform. If users do not wish to | |
| 104 | use OpenSSH or Paramiko, or the tunneling utilities are insufficient, then they may |
|
104 | use OpenSSH or Paramiko, or the tunneling utilities are insufficient, then they may | |
| 105 | construct the tunnels themselves, and simply connect clients and engines as if the |
|
105 | construct the tunnels themselves, and simply connect clients and engines as if the | |
| 106 | controller were on loopback on the connecting machine. |
|
106 | controller were on loopback on the connecting machine. | |
| 107 |
|
107 | |||
| 108 | .. note:: |
|
108 | .. note:: | |
| 109 |
|
109 | |||
| 110 | There is not currently tunneling available for engines. |
|
110 | There is not currently tunneling available for engines. | |
| 111 |
|
111 | |||
| 112 | Authentication |
|
112 | Authentication | |
| 113 | -------------- |
|
113 | -------------- | |
| 114 |
|
114 | |||
| 115 | To protect users of shared machines, [HMAC]_ digests are used to sign messages, using a |
|
115 | To protect users of shared machines, [HMAC]_ digests are used to sign messages, using a | |
| 116 | shared key. |
|
116 | shared key. | |
| 117 |
|
117 | |||
| 118 | The Session object that handles the message protocol uses a unique key to verify valid |
|
118 | The Session object that handles the message protocol uses a unique key to verify valid | |
| 119 | messages. This can be any value specified by the user, but the default behavior is a |
|
119 | messages. This can be any value specified by the user, but the default behavior is a | |
| 120 | pseudo-random 128-bit number, as generated by `uuid.uuid4()`. This key is used to |
|
120 | pseudo-random 128-bit number, as generated by `uuid.uuid4()`. This key is used to | |
| 121 | initialize an HMAC object, which digests all messages, and includes that digest as a |
|
121 | initialize an HMAC object, which digests all messages, and includes that digest as a | |
| 122 | signature and part of the message. Every message that is unpacked (on Controller, Engine, |
|
122 | signature and part of the message. Every message that is unpacked (on Controller, Engine, | |
| 123 | and Client) will also be digested by the receiver, ensuring that the sender's key is the |
|
123 | and Client) will also be digested by the receiver, ensuring that the sender's key is the | |
| 124 | same as the receiver's. No messages that do not contain this key are acted upon in any |
|
124 | same as the receiver's. No messages that do not contain this key are acted upon in any | |
| 125 | way. The key itself is never sent over the network. |
|
125 | way. The key itself is never sent over the network. | |
| 126 |
|
126 | |||
| 127 | There is exactly one shared key per cluster - it must be the same everywhere. Typically, |
|
127 | There is exactly one shared key per cluster - it must be the same everywhere. Typically, | |
| 128 | the controller creates this key, and stores it in the private connection files |
|
128 | the controller creates this key, and stores it in the private connection files | |
| 129 | `ipython-{engine|client}.json`. These files are typically stored in the |
|
129 | `ipython-{engine|client}.json`. These files are typically stored in the | |
| 130 | `~/.ipython/profile_<name>/security` directory, and are maintained as readable only by the |
|
130 | `~/.ipython/profile_<name>/security` directory, and are maintained as readable only by the | |
| 131 | owner, just as is common practice with a user's keys in their `.ssh` directory. |
|
131 | owner, just as is common practice with a user's keys in their `.ssh` directory. | |
| 132 |
|
132 | |||
| 133 | .. warning:: |
|
133 | .. warning:: | |
| 134 |
|
134 | |||
| 135 |
It is important to note that the |
|
135 | It is important to note that the signatures protect against unauthorized messages, | |
| 136 | a uuid rather than generating a key with a cryptographic library, provides a |
|
136 | but, as there is no encryption, provide exactly no protection of data privacy. It is | |
| 137 | defense against *accidental* messages more than it does against malicious attacks. |
|
137 | possible, however, to use a custom serialization scheme (via Session.packer/unpacker | |
| 138 | If loopback is compromised, it would be trivial for an attacker to intercept messages |
|
138 | traits) that does incorporate your own encryption scheme. | |
| 139 | and deduce the key, as there is no encryption. |
|
|||
| 140 |
|
139 | |||
| 141 |
|
140 | |||
| 142 |
|
141 | |||
| 143 | Specific security vulnerabilities |
|
142 | Specific security vulnerabilities | |
| 144 | ================================= |
|
143 | ================================= | |
| 145 |
|
144 | |||
| 146 | There are a number of potential security vulnerabilities present in IPython's |
|
145 | There are a number of potential security vulnerabilities present in IPython's | |
| 147 | architecture. In this section we discuss those vulnerabilities and detail how |
|
146 | architecture. In this section we discuss those vulnerabilities and detail how | |
| 148 | the security architecture described above prevents them from being exploited. |
|
147 | the security architecture described above prevents them from being exploited. | |
| 149 |
|
148 | |||
| 150 | Unauthorized clients |
|
149 | Unauthorized clients | |
| 151 | -------------------- |
|
150 | -------------------- | |
| 152 |
|
151 | |||
| 153 | The IPython client can instruct the IPython engines to execute arbitrary |
|
152 | The IPython client can instruct the IPython engines to execute arbitrary | |
| 154 | Python code with the permissions of the user who started the engines. If an |
|
153 | Python code with the permissions of the user who started the engines. If an | |
| 155 | attacker were able to connect their own hostile IPython client to the IPython |
|
154 | attacker were able to connect their own hostile IPython client to the IPython | |
| 156 | controller, they could instruct the engines to execute code. |
|
155 | controller, they could instruct the engines to execute code. | |
| 157 |
|
156 | |||
| 158 |
|
157 | |||
| 159 | On the first level, this attack is prevented by requiring access to the controller's |
|
158 | On the first level, this attack is prevented by requiring access to the controller's | |
| 160 | ports, which are recommended to only be open on loopback if the controller is on an |
|
159 | ports, which are recommended to only be open on loopback if the controller is on an | |
| 161 | untrusted local network. If the attacker does have access to the Controller's ports, then |
|
160 | untrusted local network. If the attacker does have access to the Controller's ports, then | |
| 162 | the attack is prevented by the capabilities based client authentication of the execution |
|
161 | the attack is prevented by the capabilities based client authentication of the execution | |
| 163 | key. The relevant authentication information is encoded into the JSON file that clients |
|
162 | key. The relevant authentication information is encoded into the JSON file that clients | |
| 164 | must present to gain access to the IPython controller. By limiting the distribution of |
|
163 | must present to gain access to the IPython controller. By limiting the distribution of | |
| 165 | those keys, a user can grant access to only authorized persons, just as with SSH keys. |
|
164 | those keys, a user can grant access to only authorized persons, just as with SSH keys. | |
| 166 |
|
165 | |||
| 167 | It is highly unlikely that an execution key could be guessed by an attacker |
|
166 | It is highly unlikely that an execution key could be guessed by an attacker | |
| 168 | in a brute force guessing attack. A given instance of the IPython controller |
|
167 | in a brute force guessing attack. A given instance of the IPython controller | |
| 169 | only runs for a relatively short amount of time (on the order of hours). Thus |
|
168 | only runs for a relatively short amount of time (on the order of hours). Thus | |
| 170 | an attacker would have only a limited amount of time to test a search space of |
|
169 | an attacker would have only a limited amount of time to test a search space of | |
| 171 | size 2**128. For added security, users can have arbitrarily long keys. |
|
170 | size 2**128. For added security, users can have arbitrarily long keys. | |
| 172 |
|
171 | |||
| 173 | .. warning:: |
|
172 | .. warning:: | |
| 174 |
|
173 | |||
| 175 | If the attacker has gained enough access to intercept loopback connections on *either* the |
|
174 | If the attacker has gained enough access to intercept loopback connections on *either* the | |
| 176 | controller or client, then a duplicate message can be sent. To protect against this, |
|
175 | controller or client, then a duplicate message can be sent. To protect against this, | |
| 177 | recipients only allow each signature once, and consider duplicates invalid. However, |
|
176 | recipients only allow each signature once, and consider duplicates invalid. However, | |
| 178 | the duplicate message could be sent to *another* recipient using the same key, |
|
177 | the duplicate message could be sent to *another* recipient using the same key, | |
| 179 | and it would be considered valid. |
|
178 | and it would be considered valid. | |
| 180 |
|
179 | |||
| 181 |
|
180 | |||
| 182 | Unauthorized engines |
|
181 | Unauthorized engines | |
| 183 | -------------------- |
|
182 | -------------------- | |
| 184 |
|
183 | |||
| 185 | If an attacker were able to connect a hostile engine to a user's controller, |
|
184 | If an attacker were able to connect a hostile engine to a user's controller, | |
| 186 | the user might unknowingly send sensitive code or data to the hostile engine. |
|
185 | the user might unknowingly send sensitive code or data to the hostile engine. | |
| 187 | This attacker's engine would then have full access to that code and data. |
|
186 | This attacker's engine would then have full access to that code and data. | |
| 188 |
|
187 | |||
| 189 | This type of attack is prevented in the same way as the unauthorized client |
|
188 | This type of attack is prevented in the same way as the unauthorized client | |
| 190 | attack, through the usage of the capabilities based authentication scheme. |
|
189 | attack, through the usage of the capabilities based authentication scheme. | |
| 191 |
|
190 | |||
| 192 | Unauthorized controllers |
|
191 | Unauthorized controllers | |
| 193 | ------------------------ |
|
192 | ------------------------ | |
| 194 |
|
193 | |||
| 195 | It is also possible that an attacker could try to convince a user's IPython |
|
194 | It is also possible that an attacker could try to convince a user's IPython | |
| 196 | client or engine to connect to a hostile IPython controller. That controller |
|
195 | client or engine to connect to a hostile IPython controller. That controller | |
| 197 | would then have full access to the code and data sent between the IPython |
|
196 | would then have full access to the code and data sent between the IPython | |
| 198 | client and the IPython engines. |
|
197 | client and the IPython engines. | |
| 199 |
|
198 | |||
| 200 | Again, this attack is prevented through the capabilities in a connection file, which |
|
199 | Again, this attack is prevented through the capabilities in a connection file, which | |
| 201 | ensure that a client or engine connects to the correct controller. It is also important to |
|
200 | ensure that a client or engine connects to the correct controller. It is also important to | |
| 202 | note that the connection files also encode the IP address and port that the controller is |
|
201 | note that the connection files also encode the IP address and port that the controller is | |
| 203 | listening on, so there is little chance of mistakenly connecting to a controller running |
|
202 | listening on, so there is little chance of mistakenly connecting to a controller running | |
| 204 | on a different IP address and port. |
|
203 | on a different IP address and port. | |
| 205 |
|
204 | |||
| 206 | When starting an engine or client, a user must specify the key to use |
|
205 | When starting an engine or client, a user must specify the key to use | |
| 207 | for that connection. Thus, in order to introduce a hostile controller, the |
|
206 | for that connection. Thus, in order to introduce a hostile controller, the | |
| 208 | attacker must convince the user to use the key associated with the |
|
207 | attacker must convince the user to use the key associated with the | |
| 209 | hostile controller. As long as a user is diligent in only using keys from |
|
208 | hostile controller. As long as a user is diligent in only using keys from | |
| 210 | trusted sources, this attack is not possible. |
|
209 | trusted sources, this attack is not possible. | |
| 211 |
|
210 | |||
| 212 | .. note:: |
|
211 | .. note:: | |
| 213 |
|
212 | |||
| 214 | I may be wrong, the unauthorized controller may be easier to fake than this. |
|
213 | I may be wrong, the unauthorized controller may be easier to fake than this. | |
| 215 |
|
214 | |||
| 216 | Other security measures |
|
215 | Other security measures | |
| 217 | ======================= |
|
216 | ======================= | |
| 218 |
|
217 | |||
| 219 | A number of other measures are taken to further limit the security risks |
|
218 | A number of other measures are taken to further limit the security risks | |
| 220 | involved in running the IPython kernel. |
|
219 | involved in running the IPython kernel. | |
| 221 |
|
220 | |||
| 222 | First, by default, the IPython controller listens on random port numbers. |
|
221 | First, by default, the IPython controller listens on random port numbers. | |
| 223 | While this can be overridden by the user, in the default configuration, an |
|
222 | While this can be overridden by the user, in the default configuration, an | |
| 224 | attacker would have to do a port scan to even find a controller to attack. |
|
223 | attacker would have to do a port scan to even find a controller to attack. | |
| 225 | When coupled with the relatively short running time of a typical controller |
|
224 | When coupled with the relatively short running time of a typical controller | |
| 226 | (on the order of hours), an attacker would have to work extremely hard and |
|
225 | (on the order of hours), an attacker would have to work extremely hard and | |
| 227 | extremely *fast* to even find a running controller to attack. |
|
226 | extremely *fast* to even find a running controller to attack. | |
| 228 |
|
227 | |||
| 229 | Second, much of the time, especially when run on supercomputers or clusters, |
|
228 | Second, much of the time, especially when run on supercomputers or clusters, | |
| 230 | the controller is running behind a firewall. Thus, for engines or client to |
|
229 | the controller is running behind a firewall. Thus, for engines or client to | |
| 231 | connect to the controller: |
|
230 | connect to the controller: | |
| 232 |
|
231 | |||
| 233 | * The different processes have to all be behind the firewall. |
|
232 | * The different processes have to all be behind the firewall. | |
| 234 |
|
233 | |||
| 235 | or: |
|
234 | or: | |
| 236 |
|
235 | |||
| 237 | * The user has to use SSH port forwarding to tunnel the |
|
236 | * The user has to use SSH port forwarding to tunnel the | |
| 238 | connections through the firewall. |
|
237 | connections through the firewall. | |
| 239 |
|
238 | |||
| 240 | In either case, an attacker is presented with additional barriers that prevent |
|
239 | In either case, an attacker is presented with additional barriers that prevent | |
| 241 | attacking or even probing the system. |
|
240 | attacking or even probing the system. | |
| 242 |
|
241 | |||
| 243 | Summary |
|
242 | Summary | |
| 244 | ======= |
|
243 | ======= | |
| 245 |
|
244 | |||
| 246 | IPython's architecture has been carefully designed with security in mind. The |
|
245 | IPython's architecture has been carefully designed with security in mind. The | |
| 247 | capabilities based authentication model, in conjunction with SSH tunneled |
|
246 | capabilities based authentication model, in conjunction with SSH tunneled | |
| 248 | TCP/IP channels, address the core potential vulnerabilities in the system, |
|
247 | TCP/IP channels, address the core potential vulnerabilities in the system, | |
| 249 | while still enabling user's to use the system in open networks. |
|
248 | while still enabling user's to use the system in open networks. | |
| 250 |
|
249 | |||
| 251 | .. [RFC5246] <http://tools.ietf.org/html/rfc5246> |
|
250 | .. [RFC5246] <http://tools.ietf.org/html/rfc5246> | |
| 252 |
|
251 | |||
| 253 | .. [OpenSSH] <http://www.openssh.com/> |
|
252 | .. [OpenSSH] <http://www.openssh.com/> | |
| 254 | .. [Paramiko] <http://www.lag.net/paramiko/> |
|
253 | .. [Paramiko] <http://www.lag.net/paramiko/> | |
| 255 | .. [HMAC] <http://tools.ietf.org/html/rfc2104.html> |
|
254 | .. [HMAC] <http://tools.ietf.org/html/rfc2104.html> | |
General Comments 0
You need to be logged in to leave comments.
Login now