Tag: ssh

The OSTIF collaborated with Quarkslab to conduct a security audit of Paramiko, a pure-Python implementation of SSHv2 that provides both client- and server-side functionality. Given the sensitivity and importance of the target, the review focused not only on Paramiko itself but also on its dependencies. The assessment covered its interaction with rust-openssl bindings, the use of secure entropy sources, adherence to constant-time requirements, as well as code quality, testing practices, and the CI/CD pipeline, with the goal of identifying opportunities for further hardening.