netmiko_mcp_server

Critical security risks identified: 1. Hardcoded credentials: `config.py` directly contains sensitive information like usernames, passwords, and secrets (e.g., 'admin123'). These are also used as default values in the `bootstrap_router_ssh` tool. This is highly insecure as it makes credentials prone to exposure if the file is shared or accessed. 2. Lack of secure credential management: The project does not utilize environment variables (e.g., `os.environ.get()`) or other secure methods for handling sensitive data, relying solely on a local configuration file. 3. Insecure SSH Host Key Policy: `netmiko_connector.py` uses `paramiko.SSHClient.set_missing_host_key_policy(AutoAddPolicy())`. This bypasses SSH host key verification, making connections vulnerable to Man-in-the-Middle (MITM) attacks. While possibly intended for a lab, it's a significant security flaw. 4. Powerful bootstrap tool: The `bootstrap_router_ssh` tool automates critical security configurations (creating users, generating crypto keys, enabling SSH). If used without care, or with default weak credentials, it can introduce serious vulnerabilities to the target network devices.