SShortSingh.
TopTechnologyAI & MLStartupsProgrammingScienceBusinessFinanceCrypto & Web3World
Back to feed
Programming

Paramiko's default key-fallback behavior can trigger IP bans on SSH servers

0
·1 views

A multi-site administrator found their IP repeatedly blocked from SSH access after running just two or three connection tests through a web app. The root cause was traced to Paramiko's SSHClient.connect() method, which defaults look_for_keys and allow_agent to True, causing it to silently try every key in the SSH agent and the ~/.ssh/ directory when the primary key fails. On a system with multiple registered keys, a single connection attempt could generate 5–10 authentication failures, exceeding the server's MaxAuthTries limit and triggering IP-banning tools like fail2ban or OpenSSH's PerSourcePenalties. The fix was to explicitly set look_for_keys=False and allow_agent=False in all connection calls, limiting each attempt to only the intended key. A codebase-wide audit uncovered ten separate locations with the same missing configuration, all of which were patched to prevent the issue from recurring through other code paths.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

Developer Shares 100 Python Automation Scripts to Eliminate Repetitive Daily Tasks

A developer has published a collection of 100 Python scripts designed to automate time-consuming manual tasks that drain productivity each day. The scripts are organised into ten thematic groups covering areas such as file management, inbox handling, calendar prep, data cleaning, and system maintenance. Examples include scripts that auto-rename downloads, OCR and index PDFs, mute Slack during focus periods, and prune old Docker images. The guide is aimed at developers who want to replace repetitive micro-tasks with locally run, scheduled automations using tools like cron and systemd. The author advocates for owning automations locally rather than relying on third-party cloud services, framing the approach as compounding time savings over weeks and months.

0 comments Read more at DEV Community
0
ProgrammingDEV Community ·

agentx-mcp Proxy Blocks Destructive AI Agent Calls and Guides Self-Recovery

A new open-source tool called agentx-mcp acts as a lightweight stdio proxy that intercepts every tool call made by AI agents running through MCP servers before execution. The proxy deterministically blocks dangerous operations such as DROP TABLE queries, unscoped deletes, shell teardown commands, and SSRF attempts without requiring an API key or any external service. When a harmful call is blocked, the proxy returns a structured coaching error that describes what was unsafe and suggests a safer alternative, allowing the agent to revise and retry on its own. This self-correction loop means an autonomous agent run can survive a blocked call and still complete its task, rather than failing on a hard error. The tool is installed via pip and configured with a single line change in the mcp.json file, making it compatible with any MCP-speaking client such as Claude Code or Cursor.

0 comments Read more at DEV Community
0
ProgrammingDEV Community ·

Developer launches free browser-based film photo editor after 4 months of solo work

A developer has built and released Polaroma, a free browser-based photo editor that replicates the look of analog film stocks, VHS, Polaroid, and other retro formats. The tool features over 20 hand-crafted presets and full manual controls, with all image processing handled locally in the browser without cloud uploads. The creator spent four months studying real film stock characteristics and translating them into deterministic color math, deliberately avoiding AI-based processing. Preset calibration proved the most time-consuming part of the project, taking longer than anticipated to achieve authentic results. Polaroma is available at polaroma.online, and the developer is seeking feedback from other developers on the rendering and color science approach.

0 comments Read more at DEV Community
0
ProgrammingDEV Community ·

Developer builds self-improving code pipeline using three collaborative AI agents

A developer has created a multi-agent AI pipeline in which one AI agent writes Python code, a second scores it, and a third refines it based on structured feedback — all running in an automated loop. The system uses Anthropic's Claude models, with the generator and refiner powered by claude-opus-4-8 and the scorer using the faster, cheaper claude-haiku model. Code is accepted only when it scores 9.6 or above out of 10, with a maximum of three refinement attempts before the pipeline exits with an error. A key design insight was passing the full history of previous attempts to the scorer to prevent it from penalising changes it had already rewarded in earlier rounds. Once the code clears the threshold, it is written to a temporary file and executed as a child subprocess, completing the automated cycle.

0 comments Read more at DEV Community
Paramiko's default key-fallback behavior can trigger IP bans on SSH servers · ShortSingh