def gen_keys(key="", key_path_dir=""): """ 在KEY_DIR下创建一个 uuid命名的目录, 并且在该目录下 生产一对秘钥 :return: 返回目录名(uuid) """ key_basename = "key-" + uuid4().hex if not key_path_dir: key_path_dir = os.path.join(KEY_DIR, 'role_key', key_basename) private_key = os.path.join(key_path_dir, 'id_rsa') public_key = os.path.join(key_path_dir, 'id_rsa.pub') mkdir(key_path_dir, mode=0755) if not key: key = RSAKey.generate(2048) key.write_private_key_file(private_key) else: key_file = os.path.join(key_path_dir, 'id_rsa') with open(key_file, 'w') as f: f.write(key) f.close() with open(key_file) as f: try: key = RSAKey.from_private_key(f) except SSHException, e: shutil.rmtree(key_path_dir, ignore_errors=True) raise SSHException(e)
def gen_ssh_key(username, password='', key_dir=os.path.join(settings.KEY_DIR, 'user'), authorized_keys=True, home="/home", length=2048): """ 生成用户ssh密匙对 :param username: :param password: :param key_dir: :param authorized_keys: :param home: :param length: :return: """ logger.debug('生成ssh_key,并设置authorized_keys') private_key_file = os.path.join(key_dir, username+'.perm') os.mkdir(key_dir, mode=777) if os.path.isfile(private_key_file): os.unlink(private_key_file) ret = bash('echo -e "y\n"|ssh-keygen -t rsa -f %s -b %s -P "%s"') % (private_key_file, length, password) if authorized_keys: auth_key_dir = os.path.join(home, username, '.ssh') mkdir(auth_key_dir, username=username, mode=700) authorized_key_file = os.path.join(auth_key_dir, 'authorized_keys') with open(private_key_file + '.pub') as pub_f: with open(authorized_key_file, 'w') as auth_f: auth_f.write(pub_f.read()) os.chmod(authorized_key_file, mode=0600) chown(authorized_key_file, username)
def gen_ssh_key(username, password='', key_dir=os.path.join(settings.KEY_DIR, 'user'), authorized_keys=True, home="/home", length=2048): """ generate a user ssh key in a property dir 生成一个用户ssh密钥对 """ logger.debug('生成ssh key, 并设置authorized_keys') private_key_file = os.path.join(key_dir, username + '.pem') mkdir(key_dir, mode=777) if os.path.isfile(private_key_file): os.unlink(private_key_file) ret = bash('echo -e "y\n"|ssh-keygen -t rsa -f %s -b %s -P "%s"' % (private_key_file, length, password)) if authorized_keys: auth_key_dir = os.path.join(home, username, '.ssh') mkdir(auth_key_dir, username=username, mode=700) authorized_key_file = os.path.join(auth_key_dir, 'authorized_keys') with open(private_key_file + '.pub') as pub_f: with open(authorized_key_file, 'w') as auth_f: auth_f.write(pub_f.read()) os.chmod(authorized_key_file, 0o600) chown(authorized_key_file, username)
def setting(request): header_title, path1 = '项目设置', '设置' setting_default = get_object(Setting, name='default') if request.method == "POST": try: setting_raw = request.POST.get('setting', '') if setting_raw == 'default': username = request.POST.get('username', '') port = request.POST.get('port', '') password = request.POST.get('password', '') private_key = request.POST.get('key', '') if len(password) > 30: raise ServerError('秘密长度不能超过30位!') if '' in [username, port]: return ServerError('所填内容不能为空, 且密码和私钥填一个') else: private_key_dir = os.path.join(settings.BASE_DIR, 'keys', 'default') private_key_path = os.path.join(private_key_dir, 'admin_user.pem') mkdir(private_key_dir) if private_key: with open(private_key_path, 'w') as f: f.write(private_key) os.chmod(private_key_path, 0o600) if setting_default: if password: password_encode = CRYPTOR.encrypt(password) else: password_encode = password Setting.objects.filter(name='default').update( field1=username, field2=port, field3=password_encode, field4=private_key_path) else: password_encode = CRYPTOR.encrypt(password) setting_r = Setting(name='default', field1=username, field2=port, field3=password_encode, field4=private_key_path).save() msg = "设置成功" except ServerError as e: error = e.message return render(request, 'setting.html', locals())
def get_log(self): """ Logging user command and output. 记录用户的日志 """ banned_list = ['/', '\0', '*', '?'] tty_log_dir = os.path.join(LOG_DIR, 'tty') date_today = datetime.datetime.now() date_start = date_today.strftime('%Y%m%d') time_start = date_today.strftime('%H%M%S') today_connect_log_dir = os.path.join(tty_log_dir, date_start) filename = '%s_%s_%s' % (self.username, self.asset_name, time_start) for banned_char in banned_list: filename = filename.replace(banned_char, '_') log_file_path = os.path.join(today_connect_log_dir, filename) try: mkdir(os.path.dirname(today_connect_log_dir), mode=777) mkdir(today_connect_log_dir, mode=777) except OSError as e: logger.debug('创建目录 %s 失败,请修改%s目录权限 With error msg: %s' % (today_connect_log_dir, tty_log_dir, e)) raise ServerError('创建目录 %s 失败,请修改%s目录权限' % (today_connect_log_dir, tty_log_dir)) try: log_file_f = open(log_file_path + '.log', 'a') log_time_f = open(log_file_path + '.time', 'a') except IOError as e: logger.debug('创建tty日志文件失败, 请修改目录%s权限 With error msg: %s' % (today_connect_log_dir, e)) raise ServerError('创建tty日志文件失败, 请修改目录%s权限' % today_connect_log_dir) if self.login_type == 'ssh': # 如果是ssh连接过来,记录connect.py的pid,web terminal记录为日志的id pid = os.getpid() self.remote_ip = remote_ip # 获取远端IP else: pid = 0 log = Log(user=self.username, host=self.asset_name, remote_ip=self.remote_ip, login_type=self.login_type, log_path=log_file_path, start_time=date_today, pid=pid) log.save() if self.login_type == 'web': log.pid = log.id # 设置log id为websocket的id, 然后kill时干掉websocket log.save() log_file_f.write('Start at %s\r\n' % datetime.datetime.now()) return log_file_f, log_time_f, log
def get_log(self): """ Logging user command and output. 记录用户的日志 """ tty_log_dir = os.path.join(LOG_DIR, "tty") date_today = datetime.datetime.now() date_start = date_today.strftime("%Y%m%d") time_start = date_today.strftime("%H%M%S") today_connect_log_dir = os.path.join(tty_log_dir, date_start) log_file_path = os.path.join(today_connect_log_dir, "%s_%s_%s" % (self.username, self.asset_name, time_start)) try: mkdir(os.path.dirname(today_connect_log_dir), mode=0777) mkdir(today_connect_log_dir, mode=0777) except OSError: logger.debug("创建目录 %s 失败,请修改%s目录权限" % (today_connect_log_dir, tty_log_dir)) raise ServerError("创建目录 %s 失败,请修改%s目录权限" % (today_connect_log_dir, tty_log_dir)) try: log_file_f = open(log_file_path + ".log", "a") log_time_f = open(log_file_path + ".time", "a") except IOError: logger.debug("创建tty日志文件失败, 请修改目录%s权限" % today_connect_log_dir) raise ServerError("创建tty日志文件失败, 请修改目录%s权限" % today_connect_log_dir) if self.login_type == "ssh": # 如果是ssh连接过来,记录connect.py的pid,web terminal记录为日志的id pid = os.getpid() self.remote_ip = remote_ip # 获取远端IP else: pid = 0 log = Log( user=self.username, host=self.asset_name, remote_ip=self.remote_ip, login_type=self.login_type, log_path=log_file_path, start_time=date_today, pid=pid, ) log.save() if self.login_type == "web": log.pid = log.id # 设置log id为websocket的id, 然后kill时干掉websocket log.save() log_file_f.write("Start at %s\r\n" % datetime.datetime.now()) return log_file_f, log_time_f, log
def save(self, path=settings.LOG_DIR): date = datetime.datetime.now().strftime('%Y%m%d') filename = str(uuid.uuid4()) self.filename = filename filepath = os.path.join(path, 'tty', date, filename + '.zip') if not os.path.isdir(os.path.join(path, 'tty', date)): mkdir(os.path.join(path, 'tty', date), mode=777) while os.path.isfile(filepath): filename = str(uuid.uuid4()) filepath = os.path.join(path, 'tty', date, filename + '.zip') password = str(uuid.uuid4()) try: zf = zipfile.ZipFile(filepath, 'w', zipfile.ZIP_DEFLATED) zf.setpassword(password) zf.writestr(filename, json.dumps(self.log)) zf.close() record = TermLog.objects.create(logPath=filepath, logPWD=password, filename=filename, history=json.dumps(self.CMD), timestamp=int( self.recoderStartTime)) if self.user: record.user.add(self.user) except: record = TermLog.objects.create(logPath='locale', logPWD=password, log=json.dumps(self.log), filename=filename, history=json.dumps(self.CMD), timestamp=int( self.recoderStartTime)) if self.user: record.user.add(self.user) try: del TermLogRecorder.loglist[str(self.id)] except KeyError: pass
def gen_keys(key="", key_path_dir=""): """ 在KEY_DIR下创建一个 uuid命名的目录, 并且在该目录下 生产一对秘钥 :return: 返回目录名(uuid) """ key_basename = "key-" + uuid4().hex if not key_path_dir: key_path_dir = os.path.join(KEY_DIR, 'role_key', key_basename) private_key = os.path.join(key_path_dir, 'id_rsa') public_key = os.path.join(key_path_dir, 'id_rsa.pub') mkdir(key_path_dir, mode=755) if not key: key = RSAKey.generate(2048) key.write_private_key_file(private_key) else: key_file = os.path.join(key_path_dir, 'id_rsa') with open(key_file, 'w') as f: f.write(key) f.close() with open(key_file) as f: try: key = RSAKey.from_private_key(f) except SSHException as e: shutil.rmtree(key_path_dir, ignore_errors=True) raise SSHException(e) os.chmod(private_key, 0o644) with open(public_key, 'w') as content_file: for data in [ key.get_name(), " ", key.get_base64(), " %s@%s" % ("jumpserver", os.uname()[1]) ]: content_file.write(data) return key_path_dir
def gen_keys_by_name(key="", key_path_dir="", name=""): """ 在KEY_DIR下创建一个以用户名命名的目录, 并且在该目录下 生产一对秘钥 :return: 返回目录名(uuid) """ key_basename = name if not key_path_dir: key_path_dir = os.path.join(KEY_DIR, 'role_key', key_basename) private_key = os.path.join(key_path_dir, 'id_rsa') public_key = os.path.join(key_path_dir, 'id_rsa.pub') config_file = os.path.join(key_path_dir, 'config') mkdir(key_path_dir, mode=0755) if not key: key = RSAKey.generate(2048) key.write_private_key_file(private_key) config_content = [ 'StrictHostKeyChecking no\n', 'UserKnownHostsFile /dev/null\n', 'GSSAPIAuthentication no\n' ] config = file(config_file, 'w') for c in config_content: config.write(c) config.close() else: key_file = os.path.join(key_path_dir, 'id_rsa') with open(key_file, 'w') as f: f.write(key) f.close() with open(key_file) as f: try: key = RSAKey.from_private_key(f) except SSHException, e: shutil.rmtree(key_path_dir, ignore_errors=True) raise SSHException(e)