autossh-cli

v1.7.0 suspicious
6.0
Medium Risk

Auto-SSH toolkits with alias-based host management and password encryption

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package shows potential issues with credential handling and low repository activity, raising suspicion but lacking clear evidence of malicious intent.

  • Repetitive use of getpass for password input without proper context.
  • Low activity and new maintainer account in the repository.
Per-check LLM notes
  • Network: No network calls detected, which is normal and not indicative of any risk.
  • Shell: Shell execution patterns are used to interact with git and vim, which seem related to the package's functionality rather than malicious activities.
  • Obfuscation: The detected pattern suggests the use of Base64 decoding for encrypted data, which is common in legitimate cryptographic operations.
  • Credentials: The repeated use of getpass for password input without proper context indicates potential insecure handling or storage of credentials.
  • Metadata: The low activity in the repository and the new maintainer account raise some concerns but there are no clear signs of malicious intent.

πŸ“¦ Package Quality Overall: Low (3.0/10)

β—‹ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
β—ˆ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (2501 chars)
β—‹ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
β—‹ Low Type Annotations 1.0

No type annotations detected

  • No type annotations, py.typed marker, or stub files detected
β—ˆ Medium Multiple Contributors 6.0

Limited contributor diversity

  • 2 unique contributor(s) across 100 commits in spgyip/autossh
  • Two distinct contributors found

πŸ”¬ Heuristic Checks

βœ“ Outbound Network Calls

No suspicious network call patterns found

⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • g on wrong key.""" blob = base64.b64decode(ciphertext_b64) nonce, ct = blob[:12], blob[12:] ret
⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • try: commit = subprocess.run( ["git", "-C", repo_root, "rev-parse", "--sh
  • = 0: branch = subprocess.run( ["git", "-C", repo_root, "rev-parse", "
  • ) status = subprocess.run( ["git", "-C", repo_root, "status", "--p
  • te(original_content) subprocess.call(["vim", "-n", tmp_path]) with open(tmp_path) as f:
  • """ try: r = subprocess.run( ["op", "read", secret_ref], capture
  • .""" try: check = subprocess.run( ["op", "item", "get", title, "--vault", vault,
⚠ Credential Harvesting score 10.0

Found 5 credential access pattern(s)

  • le True: new_master = getpass.getpass("New master password: ") confirm = getpass.getpass("
  • assword: ") confirm = getpass.getpass("Confirm new master password: ") if new_master == co
  • alt(content) cur_master = getpass.getpass("Current master password: ") cur_key = derive_file_key(c
  • while True: master = getpass.getpass("Master password: ") if verify_fn is None or verify_
  • return master return getpass.getpass("Master password: ") if provider == "op": if no
βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

Email domain looks legitimate: live.cn

βœ“ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
⚠ Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "supergui" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with autossh-cli 
Develop a mini-application named 'SecureSSHManager' that leverages the 'autossh-cli' package to manage SSH connections to multiple servers in a secure and user-friendly manner. The application should allow users to create aliases for their SSH hosts, encrypt passwords for secure storage, and automatically reconnect SSH sessions if they drop due to network issues.

### Features:
1. **Alias Management**: Users can define aliases for different SSH hosts. Each alias should include the hostname/IP address, port number, username, and any other relevant information needed for an SSH connection.
2. **Password Encryption**: All stored passwords should be encrypted using AES-256-CBC before being saved to prevent unauthorized access.
3. **Automatic Reconnection**: If an SSH session drops due to network issues, the application should attempt to reconnect automatically without requiring user intervention.
4. **User Interface**: Provide a simple command-line interface (CLI) where users can add, edit, delete, and connect to SSH hosts via their defined aliases.
5. **Configuration File**: Store all alias configurations and encrypted passwords in a single configuration file that can be easily backed up or transferred between devices.
6. **Help Documentation**: Include comprehensive help documentation accessible via the CLI to guide new users on how to use each feature of SecureSSHManager.

### Utilizing 'autossh-cli':
- Use the 'autossh-cli' package to handle the automatic reconnection functionality, ensuring stable SSH sessions even under fluctuating network conditions.
- Leverage the alias management capabilities provided by 'autossh-cli' to simplify the process of connecting to multiple servers.
- Integrate 'autossh-cli' into your application’s architecture to streamline the overall SSH management experience, focusing on security and ease-of-use.

πŸ’¬ Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!