Paramiko Security Audit

2026-05-05T00:00:00+02:00

Introduction

Paramiko is a pure-Python implementation of SSHv2 that provides both client- and server-side functionality. It serves as the foundation for the high-level SSH library Fabric and is widely regarded as one of the most popular SSH solutions in the Python ecosystem.

The Cryptography library, for its part, offers Python developers access to a broad range of cryptographic algorithms and primitives. It is a widely adopted Python/Rust library with more than 25,000 known dependencies.

The engagement between OSTIF, Paramiko, and Quarkslab involved a comprehensive assessment of the Paramiko library, along with a detailed analysis of how Cryptography interacts with the rust-openssl bindings, the reliability of entropy sources, constant-time execution requirements, code quality, testing practices, and the CI/CD pipeline. Recommendations were provided to strengthen each of these areas.

The report describes the steps of the vulnerability research we conducted.

Scope

The Paramiko library is designed to be compact, easy to understand, and limited in functionality to minimize the attack surface. Attacks on SSH implementations are well researched and documented, so OSTIF will direct its efforts towards examining Paramiko’s testing, building, and CI systems. This will lead to sustainable enhancements in the library’s resilience. It will also examine how the Paramiko initiative ensures that its dependencies are properly implemented. Finally, a manual code review will be conducted to verify correctness and that Paramiko is not vulnerable to known attacks from other SSH implementations.

The Cryptography library boasts a vast array of features and functions, encompassing numerous use cases. Despite its extensive attack surface, this is made possible through the integration of OpenSSL (via rust-openssl). As such, evaluating the Cryptography library amounts to examining the proper utilization of rust-openssl’s capabilities, rather than re-examining cryptographic primitives from the ground up. This review of the library should be initially triaged to focus on the use cases that affect Paramiko. All remaining time and resources that are available after the review of the Paramiko use-case should be used in a time-boxed and risk- based approach to evaluate the rest of the Cryptography project.

OpenSSL and rust-openssl themselves are not part of this evaluation, only how they are invoked by Cryptography and Paramiko. If a researcher finds a potential bug in OpenSSL or rust-openssl incidentally during this research, they are free to investigate the issue, report it responsibly and include their findings in the final report. However, this engagement is not a review of OpenSSL nor rust-openssl.

Findings

The table below summarizes the findings of the audit. A total of 30 vulnerabilities were identified: 2 of high severity, 6 of medium severity, 6 of low severity and 16 of informatives issues.

ID	Title	Severity	Perimeter	Fix commit
HIGH-21	Insecure parameters for digital signatures with RSA	High	paramiko/rsakey.py.	a448945
HIGH-28	Insecure key sizes accepted for Triple DES	High	TripleDES in Cryptography	https://github.com/pyca/cryptography/pull/13928
MED-15	Deprecated group exchange method	Medium	paramiko/kex_gex.py	9bf5fca
MED-16	Insecure minimum modulus size in Diffie-Hellman group exchange	Medium	paramiko/kex_gex.py	6fa1556
MED-17	Deprecated Diffie-Hellman group	Medium	paramiko/kex_group1.py	9bf5fca
MED-18	Deprecated GSS-API key exchange methods	Medium	paramiko/kex_gss.py	1ecc933
MED-22	Use of 8-byte seed for TripleDES key generation	Medium	Encryption	https://github.com/pyca/cryptography/pull/13928
MED-24	Wrong type usage in SHA-1 in KexGSSGroup1 and KexGSSGroup14	Medium	paramiko/kex_gss.py	9bf5fca
LOW-1	CVE impacting black	Low	Development	/
LOW-19	Use of MD5 as a Key Derivation Function	Low	paramiko/pkey.py	acd4bc1
LOW-25	Invalid Ed25519 signature causes mishandled exception	Low	ed25519key.py	/
LOW-27	Invalid Ed25519 signature cause transport thread to crash	Low	paramiko/ed25519key.py	/
LOW-29	Insecure RSA key size allowed	Low	RSA Keys in Paramiko and Cryptography	/
LOW-30	Server can be instantiated over UDP socket	Low	paramiko/transport.py	/

Conclusion

Quarkslab has been mandated on behalf of OSTIF to perform the first public security audit of Paramiko performed by an audit firm. Since critical security features of Paramiko involve cryptographic primitives, the scope was expanded to PYCA Cryptography and, more specifically, how Paramiko uses it.

Our work was primarily focused on a detailed, in-depth static analysis, identifying and developing targeted test enhancements, and dynamic testing where possible. We also addressed potential security risks in the CI/CD pipeline to ensure a secure and robust deployment process. During the audit period, we found a few issues, but nothing that raises security concerns for Paramiko or Cryptography.

To date, previously identified vulnerabilities have been reviewed and successfully remediated, reflecting a sustained commitment to improving the security posture and overall resilience of Paramiko.

We truly enjoyed collaborating with the OSTIF and we extend our sincere thanks to Jeff Forcier for his availability, responsiveness, and the constructive discussions that made this collaboration so effective.

Quarkslab's blog - paramiko

Paramiko Security Audit

Introduction

Scope

Findings

Conclusion

Further reading