def _connect(self):
host_id = self._host_cfg['host_id']
host, port = self._host_cfg[host_id, 'host']
user = self._host_cfg[host_id, 'user']
passwd = self._host_cfg[host_id, 'password']
timeout = self._host_cfg[host_id, 'timeout'] or None
known_hosts = self._host_cfg[host_id, 'known_hosts']
key_type = self._host_cfg[host_id, 'key_type']
key_file = self._host_cfg[host_id, 'key_file']
key_pass = self._host_cfg[host_id, 'key_pass']
try:
if key_type:
key = _KEY_TYPES[key_type](filename=key_file,
password=key_pass)
_logger.debug('private key: %s', key.get_name())
else:
key = None
hostname = utils.format_knownhost(host, port)
hostkeys = HostKeys(known_hosts)
transport = Transport((host, port))
transport.start_client(timeout=timeout)
hostkey = transport.get_remote_server_key()
if not hostkeys.check(hostname, hostkey):
raise SSHException('Incorrect hostkey')
if key:
transport.auth_publickey(user, key)
else:
transport.auth_password(user, passwd)
client = transport.open_sftp_client()
client.get_channel().settimeout(timeout)
_logger.debug('client for %s created', hostname)
return client
except (OSError, SSHException) as ex:
raise ConnectError(f'Connection to server "{host}:{port}"'
f' failed: {ex.args!s}')
class SftpAuth:
def __init__(self, user, hostname, port, rsa_key, remote_dir):
self.user = user
self.hostname = hostname
self.port = port
self.rsa_key = rsa_key
self.remote_dir = remote_dir
logger.info(self.__repr__())
def __repr__(self):
return "The sftp instance was initialized. " \
"user={}, hostname={}, port={}, rsa_key={}, remote_dir={}"\
.format(self.user, self.hostname, self.port, self.rsa_key, self.remote_dir)
def set_transport(self):
logger.debug("Try to initialize transport.")
try:
self.transport = Transport(f"{self.hostname}:{self.port}")
self.transport.start_client(event=None, timeout=15)
self.transport.get_remote_server_key()
rsa_key = RSAKey.from_private_key_file(self.rsa_key)
self.transport.auth_publickey(self.user, rsa_key)
except Exception as e:
logger.debug(e)
print(json.dumps({
"error": {
"code": 00,
"message": e
},
}),
flush=True)
raise
logger.info("Transport was initialized.")
def __enter__(self):
self.set_transport()
self.sftp = SFTPClient.from_transport(self.transport)
try:
logger.info("Try to make a directory")
self.sftp.mkdir(self.remote_dir)
except Exception as e:
logger.info(e)
logger.info(f"Change the current directory into {self.remote_dir}")
self.sftp.chdir(self.remote_dir)
return self.sftp
def __exit__(self, exc_type, exc_val, exc_tb):
self.transport.close()
self.sftp.close()
def ssh_check(self, sock):
private_key = paramiko.RSAKey.from_private_key_file(self.private)
transport = Transport(sock=sock)
try:
transport.start_client()
except SSHException as error:
Print("{} {}".format(self.username, error), colour="red")
try:
if self.password is None:
transport.auth_publickey(self.username, private_key)
else:
transport.auth_password(self.username, self.password)
if transport.is_authenticated():
Print("{} {} connection Successfully.".format(
self.hostname, self.username),
colour="green")
except ssh_exception.SSHException, e:
print("{} {}".format(self.hostname, e.message))
Print("{} {} Error in username or password.".format(
self.hostname, self.username),
colour="red")
# LinuxSSHAuth(hostname='q12469v.cloud.shbt.qihoo.net',username='******').auth()
# def ssh_check(hostname,username,password,port=22):
# sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# sock.settimeout(3)
# sock.connect((hostname, port))
# transport = Transport(sock=sock)
# try:
# transport.start_client()
# except SSHException as error:
# Print("{} {}".format(hostname, error), "red")
# try:
# transport.auth_password(username, password)
# if transport.is_authenticated():
# Print("{} {} connection Successfully.".format(hostname, username), "green")
# except ssh_exception.AuthenticationException, e:
# print("{} {}".format(hostname, e.message))
# Print("{} {} Error in username or password.\nExit installation.".format(hostname, username), "red")
#
# ssh_check(hostname='zjtdev01v.cloud.corp.qihoo.net',username='******',password='******')
def ssh_check(self, sock):
private_key = paramiko.RSAKey.from_private_key_file(self.private)
transport = Transport(sock=sock)
try:
transport.start_client()
except SSHException as error:
Print("{} {}".format(self.username, error), colour="red")
try:
if self.password is None:
transport.auth_publickey(self.username, private_key)
else:
transport.auth_password(self.username, self.password)
if transport.is_authenticated():
Print("{} {} connection Successfully.".format(
self.hostname, self.username),
colour="green")
except ssh_exception.SSHException, e:
print("{} {}".format(self.hostname, e.message))
Print("{} {} Error in username or password.".format(
self.hostname, self.username),
colour="red")
class AuthTest (unittest.TestCase):
def setUp(self):
self.socks = LoopSocket()
self.sockc = LoopSocket()
self.sockc.link(self.socks)
self.tc = Transport(self.sockc)
self.ts = Transport(self.socks)
def tearDown(self):
self.tc.close()
self.ts.close()
self.socks.close()
self.sockc.close()
def start_server(self):
host_key = RSAKey.from_private_key_file(_support('test_rsa.key'))
self.public_host_key = RSAKey(data=host_key.asbytes())
self.ts.add_server_key(host_key)
self.event = threading.Event()
self.server = NullServer()
self.assertTrue(not self.event.is_set())
self.ts.start_server(self.event, self.server)
def verify_finished(self):
self.event.wait(1.0)
self.assertTrue(self.event.is_set())
self.assertTrue(self.ts.is_active())
def test_bad_auth_type(self):
"""
verify that we get the right exception when an unsupported auth
type is requested.
"""
self.start_server()
try:
self.tc.connect(hostkey=self.public_host_key,
username='******', password='******')
self.assertTrue(False)
except:
etype, evalue, etb = sys.exc_info()
self.assertEqual(BadAuthenticationType, etype)
self.assertEqual(['publickey'], evalue.allowed_types)
def test_bad_password(self):
"""
verify that a bad password gets the right exception, and that a retry
with the right password works.
"""
self.start_server()
self.tc.connect(hostkey=self.public_host_key)
try:
self.tc.auth_password(username='******', password='******')
self.assertTrue(False)
except:
etype, evalue, etb = sys.exc_info()
self.assertTrue(issubclass(etype, AuthenticationException))
self.tc.auth_password(username='******', password='******')
self.verify_finished()
def test_no_auth(self):
"""
Test that a no auth connection is created when not providing any
credentials.
"""
self.start_server()
try:
self.tc.connect(hostkey=self.public_host_key)
remain = self.tc.auth_none(username='******')
self.assertTrue(False)
except:
etype, evalue, etb = sys.exc_info()
self.assertTrue(issubclass(etype, AuthenticationException))
self.verify_finished()
def test_multipart_auth(self):
"""
verify that multipart auth works.
"""
self.start_server()
self.tc.connect(hostkey=self.public_host_key)
remain = self.tc.auth_password(username='******', password='******')
self.assertEqual(['publickey'], remain)
key = DSSKey.from_private_key_file(_support('test_dss.key'))
remain = self.tc.auth_publickey(username='******', key=key)
self.assertEqual([], remain)
self.verify_finished()
def test_interactive_auth(self):
"""
verify keyboard-interactive auth works.
"""
self.start_server()
self.tc.connect(hostkey=self.public_host_key)
def handler(title, instructions, prompts):
self.got_title = title
self.got_instructions = instructions
self.got_prompts = prompts
return ['cat']
remain = self.tc.auth_interactive('commie', handler)
self.assertEqual(self.got_title, 'password')
self.assertEqual(self.got_prompts, [('Password', False)])
self.assertEqual([], remain)
self.verify_finished()
def test_interactive_auth_fallback(self):
"""
verify that a password auth attempt will fallback to "interactive"
if password auth isn't supported but interactive is.
"""
self.start_server()
self.tc.connect(hostkey=self.public_host_key)
remain = self.tc.auth_password('commie', 'cat')
self.assertEqual([], remain)
self.verify_finished()
def test_auth_utf8(self):
"""
verify that utf-8 encoding happens in authentication.
"""
self.start_server()
self.tc.connect(hostkey=self.public_host_key)
remain = self.tc.auth_password('utf8', _pwd)
self.assertEqual([], remain)
self.verify_finished()
def test_auth_non_utf8(self):
"""
verify that non-utf-8 encoded passwords can be used for broken
servers.
"""
self.start_server()
self.tc.connect(hostkey=self.public_host_key)
remain = self.tc.auth_password('non-utf8', '\xff')
self.assertEqual([], remain)
self.verify_finished()
def test_auth_gets_disconnected(self):
"""
verify that we catch a server disconnecting during auth, and report
it as an auth failure.
"""
self.start_server()
self.tc.connect(hostkey=self.public_host_key)
try:
remain = self.tc.auth_password('bad-server', 'hello')
except:
etype, evalue, etb = sys.exc_info()
self.assertTrue(issubclass(etype, AuthenticationException))
@slow
def test_auth_non_responsive(self):
"""
verify that authentication times out if server takes to long to
respond (or never responds).
"""
self.tc.auth_timeout = 1 # 1 second, to speed up test
self.start_server()
self.tc.connect()
try:
remain = self.tc.auth_password('unresponsive-server', 'hello')
except:
etype, evalue, etb = sys.exc_info()
self.assertTrue(issubclass(etype, AuthenticationException))
self.assertTrue('Authentication timeout' in str(evalue))
class AuthTest (unittest.TestCase):
def setUp(self):
self.socks = LoopSocket()
self.sockc = LoopSocket()
self.sockc.link(self.socks)
self.tc = Transport(self.sockc)
self.ts = Transport(self.socks)
def tearDown(self):
self.tc.close()
self.ts.close()
self.socks.close()
self.sockc.close()
def start_server(self):
host_key = RSAKey.from_private_key_file(test_path('test_rsa.key'))
self.public_host_key = RSAKey(data=host_key.asbytes())
self.ts.add_server_key(host_key)
self.event = threading.Event()
self.server = NullServer()
self.assertTrue(not self.event.is_set())
self.ts.start_server(self.event, self.server)
def verify_finished(self):
self.event.wait(1.0)
self.assertTrue(self.event.is_set())
self.assertTrue(self.ts.is_active())
def test_1_bad_auth_type(self):
"""
verify that we get the right exception when an unsupported auth
type is requested.
"""
self.start_server()
try:
self.tc.connect(hostkey=self.public_host_key,
username='******', password='******')
self.assertTrue(False)
except:
etype, evalue, etb = sys.exc_info()
self.assertEqual(BadAuthenticationType, etype)
self.assertEqual(['publickey'], evalue.allowed_types)
def test_2_bad_password(self):
"""
verify that a bad password gets the right exception, and that a retry
with the right password works.
"""
self.start_server()
self.tc.connect(hostkey=self.public_host_key)
try:
self.tc.auth_password(username='******', password='******')
self.assertTrue(False)
except:
etype, evalue, etb = sys.exc_info()
self.assertTrue(issubclass(etype, AuthenticationException))
self.tc.auth_password(username='******', password='******')
self.verify_finished()
def test_3_multipart_auth(self):
"""
verify that multipart auth works.
"""
self.start_server()
self.tc.connect(hostkey=self.public_host_key)
remain = self.tc.auth_password(username='******', password='******')
self.assertEqual(['publickey'], remain)
key = DSSKey.from_private_key_file(test_path('test_dss.key'))
remain = self.tc.auth_publickey(username='******', key=key)
self.assertEqual([], remain)
self.verify_finished()
def test_4_interactive_auth(self):
"""
verify keyboard-interactive auth works.
"""
self.start_server()
self.tc.connect(hostkey=self.public_host_key)
def handler(title, instructions, prompts):
self.got_title = title
self.got_instructions = instructions
self.got_prompts = prompts
return ['cat']
remain = self.tc.auth_interactive('commie', handler)
self.assertEqual(self.got_title, 'password')
self.assertEqual(self.got_prompts, [('Password', False)])
self.assertEqual([], remain)
self.verify_finished()
def test_5_interactive_auth_fallback(self):
"""
verify that a password auth attempt will fallback to "interactive"
if password auth isn't supported but interactive is.
"""
self.start_server()
self.tc.connect(hostkey=self.public_host_key)
remain = self.tc.auth_password('commie', 'cat')
self.assertEqual([], remain)
self.verify_finished()
def test_6_auth_utf8(self):
"""
verify that utf-8 encoding happens in authentication.
"""
self.start_server()
self.tc.connect(hostkey=self.public_host_key)
remain = self.tc.auth_password('utf8', _pwd)
self.assertEqual([], remain)
self.verify_finished()
def test_7_auth_non_utf8(self):
"""
verify that non-utf-8 encoded passwords can be used for broken
servers.
"""
self.start_server()
self.tc.connect(hostkey=self.public_host_key)
remain = self.tc.auth_password('non-utf8', '\xff')
self.assertEqual([], remain)
self.verify_finished()
def test_8_auth_gets_disconnected(self):
"""
verify that we catch a server disconnecting during auth, and report
it as an auth failure.
"""
self.start_server()
self.tc.connect(hostkey=self.public_host_key)
try:
remain = self.tc.auth_password('bad-server', 'hello')
except:
etype, evalue, etb = sys.exc_info()
self.assertTrue(issubclass(etype, AuthenticationException))
def test_9_auth_non_responsive(self):
"""
verify that authentication times out if server takes to long to
respond (or never responds).
"""
self.tc.auth_timeout = 1 # 1 second, to speed up test
self.start_server()
self.tc.connect()
try:
remain = self.tc.auth_password('unresponsive-server', 'hello')
except:
etype, evalue, etb = sys.exc_info()
self.assertTrue(issubclass(etype, AuthenticationException))
self.assertTrue('Authentication timeout' in str(evalue))
class SSH2NetSessionParamiko:
def __init__(self, p_self):
"""
Initialize SSH2NetSessionParamiko Object
This object, through composition, allows for using Paramiko as the underlying "driver"
for SSH2Net instead of the default "ssh2-python". Paramiko will be ever so slightly slower
but as you will most likely be I/O constrained it shouldn't matter! "ssh2-python" as of
20 October 2019 has a bug preventing keyboard interactive authentication from working as
desired; this is the reason Paramiko is in here now!
Args:
p_self: SSH2Net object
Returns:
N/A # noqa
Raises:
N/A # noqa
"""
self.__dict__ = p_self.__dict__
self._session_alive = p_self._session_alive
self._session_open = p_self._session_open
self._channel_alive = p_self._channel_alive
def _session_open_connect(self) -> None:
"""
Perform session handshake for paramiko (instead of default ssh2-python)
Args:
N/A # noqa
Returns:
N/A # noqa
Raises:
RequirementsNotSatisfied: if paramiko is not installed
Exception: catch all for unknown exceptions during session handshake
"""
try:
from paramiko import Transport # noqa
except ModuleNotFoundError as exc:
err = f"Module '{exc.name}' not installed!"
msg = f"***** {err} {'*' * (80 - len(err))}"
fix = (
f"To resolve this issue, install '{exc.name}'. You can do this in one of the "
"following ways:\n"
"1: 'pip install -r requirements-paramiko.txt'\n"
"2: 'pip install ssh2net[paramiko]'")
warning = "\n" + msg + "\n" + fix + "\n" + msg
warnings.warn(warning)
raise RequirementsNotSatisfied
try:
self.session = Transport(self.sock)
self.session.start_client()
self.session.set_timeout = self._set_timeout
except Exception as exc:
logging.critical(
f"Failed to complete handshake with host {self.host}; "
f"Exception: {exc}")
raise exc
def _session_public_key_auth(self) -> None:
"""
Perform public key based auth on SSH2NetSession
Args:
N/A # noqa
Returns:
N/A # noqa
Raises:
Exception: catch all for unhandled exceptions
"""
try:
self.session.auth_publickey(self.auth_user, self.auth_public_key)
except AuthenticationException:
logging.critical(
f"Public key authentication with host {self.host} failed.")
except Exception as exc:
logging.critical(
"Unknown error occurred during public key authentication with host "
f"{self.host}; Exception: {exc}")
raise exc
def _session_password_auth(self) -> None:
"""
Perform password or keyboard interactive based auth on SSH2NetSession
Args:
N/A # noqa
Returns:
N/A # noqa
Raises:
AuthenticationFailed: if authentication fails
Exception: catch all for unknown other exceptions
"""
try:
self.session.auth_password(self.auth_user, self.auth_password)
except AuthenticationException as exc:
logging.critical(
f"Password authentication with host {self.host} failed. Exception: {exc}."
"\n\tNote: Paramiko automatically attempts both standard auth as well as keyboard "
"interactive auth. Paramiko exception about bad auth type may be misleading!"
)
raise AuthenticationFailed
except Exception as exc:
logging.critical(
"Unknown error occurred during password authentication with host "
f"{self.host}; Exception: {exc}")
raise exc
def _channel_open_driver(self) -> None:
"""
Open channel
Args:
N/A # noqa
Returns:
N/A # noqa
Raises:
N/A # noqa
"""
self.channel = self.session.open_session()
self.channel.get_pty()
logging.debug(f"Channel to host {self.host} opened")
def _channel_invoke_shell(self) -> None:
"""
Invoke shell on channel
Additionally, this "re-points" some ssh2net method calls to the appropriate paramiko
methods. This happens as ssh2net is primarily built on "ssh2-python" and there is not
full parity between paramiko/ssh2-python.
Args:
N/A # noqa
Returns:
N/A # noqa
Raises:
N/A # noqa
"""
self._shell = True
self.channel.invoke_shell()
self.channel.read = self._paramiko_read_channel
self.channel.write = self.channel.sendall
self.session.set_blocking = self._set_blocking
self.channel.flush = self._flush
def _paramiko_read_channel(self):
"""
Patch channel.read method for paramiko driver
"ssh2-python" returns a tuple of bytes and data, "paramiko" simply returns the data
from the channel, patch this for parity with "ssh2-python".
Args:
N/A # noqa
Returns:
N/A # noqa
Raises:
N/A # noqa
"""
channel_read = self.channel.recv(1024)
return None, channel_read
def _flush(self):
"""
Patch a "flush" method for paramiko driver
Need to investigate this further for two things:
1) is "flush" even necessary when using ssh2-python driver?
2) if it is necessary, is there a combination of reads/writes that would implement
this in a sane fashion for paramiko
Args:
N/A # noqa
Returns:
N/A # noqa
Raises:
N/A # noqa
"""
while True:
time.sleep(0.01)
if self.channel.recv_ready():
self._paramiko_read_channel()
else:
self.channel.write("\n")
return
def _set_blocking(self, blocking):
# Add docstring
# need to reset timeout because it seems paramiko sets it to 0 if you set to non blocking
# paramiko uses seconds instead of ms
self.channel.setblocking(blocking)
self.channel.settimeout(self.session_timeout / 1000)
def _set_timeout(self, timeout):
# paramiko uses seconds instead of ms
self.channel.settimeout(timeout / 1000)
class ParamikoSshConnection(BaseSshConnection):
def connect(self, wait_prompt=True):
self.socket = socket(AF_INET, SOCK_STREAM)
self.socket.connect((self.hostname, self.port))
self.session = Transport(self.socket)
self.session.start_client()
if self.password is not None:
self.session.auth_password(self.username, self.password)
elif self.key_algorithm != DSA_KEY_ALGORITHM:
key = RSAKey.from_private_key_file(
self.private_key_file, self.key_passphrase
)
self.session.auth_publickey(self.username, key)
else:
key = DSSKey.from_private_key_file(
self.private_key_file, self.key_passphrase
)
self.session.auth_publickey(self.username, key)
self.channel = self.session.open_session()
self.channel.get_pty()
self.channel.invoke_shell()
if wait_prompt:
self.receive()
@property
def connected(self):
return bool(
self.socket
and not self.socket._closed
and self.session
and self.channel
)
def send(self, line, socket_timeout=None):
socket_timeout = (
socket_timeout
if socket_timeout is not None
else self.socket_timeout
)
self.channel.settimeout(socket_timeout)
size = self.channel.sendall(line + "\n")
return size
def receive(
self, regex=None, socket_timeout=None, timeout=None, buffer_size=None
):
regex = regex if regex is not None else self.prompt_regex
socket_timeout = (
socket_timeout
if socket_timeout is not None
else self.socket_timeout
)
timeout = timeout if timeout is not None else self.timeout
buffer_size = (
buffer_size if buffer_size is not None else self.buffer_size
)
assert regex is not None
assert socket_timeout is None or isinstance(
socket_timeout, (int, float)
)
assert timeout is None or isinstance(timeout, (int, float))
assert isinstance(buffer_size, int) and buffer_size > 0
self.channel.settimeout(socket_timeout)
start = time()
output = self.channel.recv(buffer_size).decode()
LOG.debug(output)
size = len(output)
duration = time() - start
while (
not regex.search(output)
and (timeout is None or duration < timeout)
and size > 0
):
data = self.channel.recv(buffer_size).decode()
LOG.debug(data)
size = len(data)
output += data
duration = time() - start
if size < 0 and size != LIBSSH2_ERROR_EAGAIN:
raise ReceiveException(size, output, duration)
if not size:
raise SocketTimeoutException(
output, socket_timeout, duration, regex.pattern
)
if timeout is not None and duration >= timeout:
raise ReceiveTimeoutException(
output, timeout, duration, regex.pattern
)
return self.sanitize(output)
def disconnect(self):
if self.session:
self.session.close()
if self.channel:
self.channel.close()
if self.socket:
self.socket.close()
class MikoTransport(Transport):
def __init__(
self,
host: str,
port: int = -1,
auth_username: str = "",
auth_private_key: str = "",
auth_password: str = "",
auth_strict_key: bool = True,
timeout_socket: int = 5,
timeout_transport: int = 5,
timeout_exit: bool = True,
ssh_config_file: str = "",
ssh_known_hosts_file: str = "",
) -> None:
"""
MikoTransport Object
Inherit from Transport ABC
MikoTransport <- Transport (ABC)
Args:
host: host ip/name to connect to
port: port to connect to
auth_username: username for authentication
auth_private_key: path to private key for authentication
auth_password: password for authentication
auth_strict_key: True/False to enforce strict key checking (default is True)
timeout_socket: timeout for establishing socket in seconds
timeout_transport: timeout for ssh transport in seconds
timeout_exit: True/False close transport if timeout encountered
ssh_config_file: string to path for ssh config file
ssh_known_hosts_file: string to path for ssh known hosts file
Returns:
N/A # noqa: DAR202
Raises:
N/A
"""
cfg_port, cfg_user, cfg_private_key = self._process_ssh_config(host, ssh_config_file)
if port == -1:
port = cfg_port or 22
super().__init__(
host,
port,
timeout_socket,
timeout_transport,
timeout_exit,
)
self.auth_username: str = auth_username or cfg_user
self.auth_private_key: str = auth_private_key or cfg_private_key
self.auth_password: str = auth_password
self.auth_strict_key: bool = auth_strict_key
self.ssh_known_hosts_file: str = ssh_known_hosts_file
self.session: ParamikoTransport
self.channel: Channel
self.socket = Socket(host=self.host, port=self.port, timeout=self.timeout_socket)
@staticmethod
def _process_ssh_config(host: str, ssh_config_file: str) -> Tuple[Optional[int], str, str]:
"""
Method to parse ssh config file
In the future this may move to be a 'helper' function as it should be very similar between
paramiko and and ssh2-python... for now it can be a static method as there may be varying
supported args between the two transport drivers.
Args:
host: host to lookup in ssh config file
ssh_config_file: string path to ssh config file; passed down from `Scrape`, or the
`NetworkDriver` or subclasses of it, in most cases.
Returns:
Tuple: port to use for ssh, username to use for ssh, identity file (private key) to
use for ssh auth
Raises:
N/A
"""
ssh = SSHConfig(ssh_config_file)
host_config = ssh.lookup(host)
return host_config.port, host_config.user or "", host_config.identity_file or ""
def open(self) -> None:
"""
Parent method to open session, authenticate and acquire shell
Args:
N/A
Returns:
N/A # noqa: DAR202
Raises:
Exception: if socket handshake fails
ScrapliAuthenticationFailed: if all authentication means fail
"""
if not self.socket.socket_isalive():
self.socket.socket_open()
try:
self.session = ParamikoTransport(self.socket.sock)
self.session.start_client()
except Exception as exc:
LOG.critical(f"Failed to complete handshake with host {self.host}; Exception: {exc}")
raise exc
if self.auth_strict_key:
LOG.debug(f"Attempting to validate {self.host} public key")
self._verify_key()
self._authenticate()
if not self._isauthenticated():
msg = f"Authentication to host {self.host} failed"
LOG.critical(msg)
raise ScrapliAuthenticationFailed(msg)
self._open_channel()
def _verify_key(self) -> None:
"""
Verify target host public key, raise exception if invalid/unknown
Args:
N/A
Returns:
N/A # noqa: DAR202
Raises:
KeyVerificationFailed: if host is not in known hosts
KeyVerificationFailed: if host is in known hosts but public key does not match
"""
known_hosts = SSHKnownHosts(self.ssh_known_hosts_file)
if self.host not in known_hosts.hosts.keys():
raise KeyVerificationFailed(f"{self.host} not in known_hosts!")
remote_server_key = self.session.get_remote_server_key()
remote_public_key = remote_server_key.get_base64()
if known_hosts.hosts[self.host]["public_key"] != remote_public_key:
raise KeyVerificationFailed(
f"{self.host} in known_hosts but public key does not match!"
)
def _authenticate(self) -> None:
"""
Parent method to try all means of authentication
Args:
N/A
Returns:
N/A # noqa: DAR202
Raises:
ScrapliAuthenticationFailed: if authentication fails
"""
if self.auth_private_key:
self._authenticate_public_key()
if self._isauthenticated():
LOG.debug(f"Authenticated to host {self.host} with public key auth")
return
if not self.auth_password or not self.auth_username:
msg = (
f"Failed to authenticate to host {self.host} with private key "
f"`{self.auth_private_key}`. Unable to continue authentication, "
"missing username, password, or both."
)
LOG.critical(msg)
raise ScrapliAuthenticationFailed(msg)
self._authenticate_password()
if self._isauthenticated():
LOG.debug(f"Authenticated to host {self.host} with password")
def _authenticate_public_key(self) -> None:
"""
Attempt to authenticate with public key authentication
Args:
N/A
Returns:
N/A # noqa: DAR202
Raises:
N/A
"""
try:
paramiko_key = RSAKey(filename=self.auth_private_key)
self.session.auth_publickey(self.auth_username, paramiko_key)
except AuthenticationException as exc:
LOG.critical(
f"Public key authentication with host {self.host} failed. Exception: {exc}."
)
except Exception as exc: # pylint: disable=W0703
LOG.critical(
"Unknown error occurred during public key authentication with host "
f"{self.host}; Exception: {exc}"
)
def _authenticate_password(self) -> None:
"""
Attempt to authenticate with password authentication
Args:
N/A
Returns:
N/A # noqa: DAR202
Raises:
Exception: if unknown (i.e. not auth failed) exception occurs
"""
try:
self.session.auth_password(self.auth_username, self.auth_password)
except AuthenticationException as exc:
LOG.critical(
f"Password authentication with host {self.host} failed. Exception: {exc}."
"\n\tNote: Paramiko automatically attempts both standard auth as well as keyboard "
"interactive auth. Paramiko exception about bad auth type may be misleading!"
)
except Exception as exc:
LOG.critical(
"Unknown error occurred during password authentication with host "
f"{self.host}; Exception: {exc}"
)
raise exc
def _isauthenticated(self) -> bool:
"""
Check if session is authenticated
Args:
N/A
Returns:
bool: True if authenticated, else False
Raises:
N/A
"""
authenticated: bool = self.session.is_authenticated()
return authenticated
def _open_channel(self) -> None:
"""
Open channel, acquire pty, request interactive shell
Args:
N/A
Returns:
N/A # noqa: DAR202
Raises:
N/A
"""
self.channel = self.session.open_session()
self.set_timeout(self.timeout_transport)
self.channel.get_pty()
self.channel.invoke_shell()
LOG.debug(f"Channel to host {self.host} opened")
def close(self) -> None:
"""
Close session and socket
Args:
N/A
Returns:
N/A # noqa: DAR202
Raises:
N/A
"""
self.channel.close()
LOG.debug(f"Channel to host {self.host} closed")
self.socket.socket_close()
def isalive(self) -> bool:
"""
Check if socket is alive and session is authenticated
Args:
N/A
Returns:
bool: True if socket is alive and session authenticated, else False
Raises:
N/A
"""
if self.socket.socket_isalive() and self.session.is_alive() and self._isauthenticated():
return True
return False
def read(self) -> bytes:
"""
Read data from the channel
Args:
N/A
Returns:
bytes: bytes output as read from channel
Raises:
N/A
"""
channel_read: bytes = self.channel.recv(65535)
return channel_read
def write(self, channel_input: str) -> None:
"""
Write data to the channel
Args:
channel_input: string to send to channel
Returns:
N/A # noqa: DAR202
Raises:
N/A
"""
self.channel.send(channel_input) # type: ignore
def set_timeout(self, timeout: int) -> None:
"""
Set session timeout
Args:
timeout: timeout in seconds
Returns:
N/A # noqa: DAR202
Raises:
N/A
"""
self.channel.settimeout(timeout)
class TransportTest (unittest.TestCase):
def setUp(self):
self.socks = LoopSocket()
self.sockc = LoopSocket()
self.sockc.link(self.socks)
self.tc = Transport(self.sockc)
self.ts = Transport(self.socks)
def tearDown(self):
self.tc.close()
self.ts.close()
self.socks.close()
self.sockc.close()
def setup_test_server(self):
host_key = RSAKey.from_private_key_file('tests/test_rsa.key')
public_host_key = RSAKey(data=str(host_key))
self.ts.add_server_key(host_key)
event = threading.Event()
self.server = NullServer()
self.assert_(not event.isSet())
self.ts.start_server(event, self.server)
self.tc.connect(hostkey=public_host_key)
self.tc.auth_password(username='******', password='******')
event.wait(1.0)
self.assert_(event.isSet())
self.assert_(self.ts.is_active())
def test_1_security_options(self):
o = self.tc.get_security_options()
self.assertEquals(type(o), SecurityOptions)
self.assert_(('aes256-cbc', 'blowfish-cbc') != o.ciphers)
o.ciphers = ('aes256-cbc', 'blowfish-cbc')
self.assertEquals(('aes256-cbc', 'blowfish-cbc'), o.ciphers)
try:
o.ciphers = ('aes256-cbc', 'made-up-cipher')
self.assert_(False)
except ValueError:
pass
try:
o.ciphers = 23
self.assert_(False)
except TypeError:
pass
def test_2_compute_key(self):
self.tc.K = 123281095979686581523377256114209720774539068973101330872763622971399429481072519713536292772709507296759612401802191955568143056534122385270077606457721553469730659233569339356140085284052436697480759510519672848743794433460113118986816826624865291116513647975790797391795651716378444844877749505443714557929L
self.tc.H = unhexlify('0C8307CDE6856FF30BA93684EB0F04C2520E9ED3')
self.tc.session_id = self.tc.H
key = self.tc._compute_key('C', 32)
self.assertEquals('207E66594CA87C44ECCBA3B3CD39FDDB378E6FDB0F97C54B2AA0CFBF900CD995',
hexlify(key).upper())
def test_3_simple(self):
"""
verify that we can establish an ssh link with ourselves across the
loopback sockets. this is hardly "simple" but it's simpler than the
later tests. :)
"""
host_key = RSAKey.from_private_key_file('tests/test_rsa.key')
public_host_key = RSAKey(data=str(host_key))
self.ts.add_server_key(host_key)
event = threading.Event()
server = NullServer()
self.assert_(not event.isSet())
self.assertEquals(None, self.tc.get_username())
self.assertEquals(None, self.ts.get_username())
self.assertEquals(False, self.tc.is_authenticated())
self.assertEquals(False, self.ts.is_authenticated())
self.ts.start_server(event, server)
self.tc.connect(hostkey=public_host_key,
username='******', password='******')
event.wait(1.0)
self.assert_(event.isSet())
self.assert_(self.ts.is_active())
self.assertEquals('slowdive', self.tc.get_username())
self.assertEquals('slowdive', self.ts.get_username())
self.assertEquals(True, self.tc.is_authenticated())
self.assertEquals(True, self.ts.is_authenticated())
def test_4_special(self):
"""
verify that the client can demand odd handshake settings, and can
renegotiate keys in mid-stream.
"""
host_key = RSAKey.from_private_key_file('tests/test_rsa.key')
public_host_key = RSAKey(data=str(host_key))
self.ts.add_server_key(host_key)
event = threading.Event()
server = NullServer()
self.assert_(not event.isSet())
self.ts.start_server(event, server)
options = self.tc.get_security_options()
options.ciphers = ('aes256-cbc',)
options.digests = ('hmac-md5-96',)
self.tc.connect(hostkey=public_host_key,
username='******', password='******')
event.wait(1.0)
self.assert_(event.isSet())
self.assert_(self.ts.is_active())
self.assertEquals('aes256-cbc', self.tc.local_cipher)
self.assertEquals('aes256-cbc', self.tc.remote_cipher)
self.assertEquals(12, self.tc.packetizer.get_mac_size_out())
self.assertEquals(12, self.tc.packetizer.get_mac_size_in())
self.tc.send_ignore(1024)
self.tc.renegotiate_keys()
self.ts.send_ignore(1024)
def test_5_keepalive(self):
"""
verify that the keepalive will be sent.
"""
self.tc.set_hexdump(True)
host_key = RSAKey.from_private_key_file('tests/test_rsa.key')
public_host_key = RSAKey(data=str(host_key))
self.ts.add_server_key(host_key)
event = threading.Event()
server = NullServer()
self.assert_(not event.isSet())
self.ts.start_server(event, server)
self.tc.connect(hostkey=public_host_key,
username='******', password='******')
event.wait(1.0)
self.assert_(event.isSet())
self.assert_(self.ts.is_active())
self.assertEquals(None, getattr(server, '_global_request', None))
self.tc.set_keepalive(1)
time.sleep(2)
self.assertEquals('*****@*****.**', server._global_request)
def test_6_bad_auth_type(self):
"""
verify that we get the right exception when an unsupported auth
type is requested.
"""
host_key = RSAKey.from_private_key_file('tests/test_rsa.key')
public_host_key = RSAKey(data=str(host_key))
self.ts.add_server_key(host_key)
event = threading.Event()
server = NullServer()
self.assert_(not event.isSet())
self.ts.start_server(event, server)
try:
self.tc.connect(hostkey=public_host_key,
username='******', password='******')
self.assert_(False)
except:
etype, evalue, etb = sys.exc_info()
self.assertEquals(BadAuthenticationType, etype)
self.assertEquals(['publickey'], evalue.allowed_types)
def test_7_bad_password(self):
"""
verify that a bad password gets the right exception, and that a retry
with the right password works.
"""
host_key = RSAKey.from_private_key_file('tests/test_rsa.key')
public_host_key = RSAKey(data=str(host_key))
self.ts.add_server_key(host_key)
event = threading.Event()
server = NullServer()
self.assert_(not event.isSet())
self.ts.start_server(event, server)
self.tc.ultra_debug = True
self.tc.connect(hostkey=public_host_key)
try:
self.tc.auth_password(username='******', password='******')
self.assert_(False)
except:
etype, evalue, etb = sys.exc_info()
self.assert_(issubclass(etype, SSHException))
self.tc.auth_password(username='******', password='******')
event.wait(1.0)
self.assert_(event.isSet())
self.assert_(self.ts.is_active())
def test_8_multipart_auth(self):
"""
verify that multipart auth works.
"""
host_key = RSAKey.from_private_key_file('tests/test_rsa.key')
public_host_key = RSAKey(data=str(host_key))
self.ts.add_server_key(host_key)
event = threading.Event()
server = NullServer()
self.assert_(not event.isSet())
self.ts.start_server(event, server)
self.tc.ultra_debug = True
self.tc.connect(hostkey=public_host_key)
remain = self.tc.auth_password(username='******', password='******')
self.assertEquals(['publickey'], remain)
key = DSSKey.from_private_key_file('tests/test_dss.key')
remain = self.tc.auth_publickey(username='******', key=key)
self.assertEquals([], remain)
event.wait(1.0)
self.assert_(event.isSet())
self.assert_(self.ts.is_active())
def test_9_interactive_auth(self):
"""
verify keyboard-interactive auth works.
"""
host_key = RSAKey.from_private_key_file('tests/test_rsa.key')
public_host_key = RSAKey(data=str(host_key))
self.ts.add_server_key(host_key)
event = threading.Event()
server = NullServer()
self.assert_(not event.isSet())
self.ts.start_server(event, server)
self.tc.ultra_debug = True
self.tc.connect(hostkey=public_host_key)
def handler(title, instructions, prompts):
self.got_title = title
self.got_instructions = instructions
self.got_prompts = prompts
return ['cat']
remain = self.tc.auth_interactive('commie', handler)
self.assertEquals(self.got_title, 'password')
self.assertEquals(self.got_prompts, [('Password', False)])
self.assertEquals([], remain)
event.wait(1.0)
self.assert_(event.isSet())
self.assert_(self.ts.is_active())
def test_A_interactive_auth_fallback(self):
"""
verify that a password auth attempt will fallback to "interactive"
if password auth isn't supported but interactive is.
"""
host_key = RSAKey.from_private_key_file('tests/test_rsa.key')
public_host_key = RSAKey(data=str(host_key))
self.ts.add_server_key(host_key)
event = threading.Event()
server = NullServer()
self.assert_(not event.isSet())
self.ts.start_server(event, server)
self.tc.ultra_debug = True
self.tc.connect(hostkey=public_host_key)
remain = self.tc.auth_password('commie', 'cat')
self.assertEquals([], remain)
event.wait(1.0)
self.assert_(event.isSet())
self.assert_(self.ts.is_active())
def test_B_exec_command(self):
"""
verify that exec_command() does something reasonable.
"""
self.setup_test_server()
chan = self.tc.open_session()
schan = self.ts.accept(1.0)
try:
chan.exec_command('no')
self.assert_(False)
except SSHException, x:
pass
chan = self.tc.open_session()
chan.exec_command('yes')
schan = self.ts.accept(1.0)
schan.send('Hello there.\n')
schan.send_stderr('This is on stderr.\n')
schan.close()
f = chan.makefile()
self.assertEquals('Hello there.\n', f.readline())
self.assertEquals('', f.readline())
f = chan.makefile_stderr()
self.assertEquals('This is on stderr.\n', f.readline())
self.assertEquals('', f.readline())
# now try it with combined stdout/stderr
chan = self.tc.open_session()
chan.exec_command('yes')
schan = self.ts.accept(1.0)
schan.send('Hello there.\n')
schan.send_stderr('This is on stderr.\n')
schan.close()
chan.set_combine_stderr(True)
f = chan.makefile()
self.assertEquals('Hello there.\n', f.readline())
self.assertEquals('This is on stderr.\n', f.readline())
self.assertEquals('', f.readline())
class AuthTest(unittest.TestCase):
def setUp(self):
self.socks = LoopSocket()
self.sockc = LoopSocket()
self.sockc.link(self.socks)
self.tc = Transport(self.sockc)
self.ts = Transport(self.socks)
def tearDown(self):
self.tc.close()
self.ts.close()
self.socks.close()
self.sockc.close()
def start_server(self):
host_key = RSAKey.from_private_key_file(_support("test_rsa.key"))
self.public_host_key = RSAKey(data=host_key.asbytes())
self.ts.add_server_key(host_key)
self.event = threading.Event()
self.server = NullServer()
self.assertTrue(not self.event.is_set())
self.ts.start_server(self.event, self.server)
def verify_finished(self):
self.event.wait(1.0)
self.assertTrue(self.event.is_set())
self.assertTrue(self.ts.is_active())
def test_1_bad_auth_type(self):
"""
verify that we get the right exception when an unsupported auth
type is requested.
"""
self.start_server()
try:
self.tc.connect(
hostkey=self.public_host_key,
username="******",
password="******",
)
self.assertTrue(False)
except:
etype, evalue, etb = sys.exc_info()
self.assertEqual(BadAuthenticationType, etype)
self.assertEqual(["publickey"], evalue.allowed_types)
def test_2_bad_password(self):
"""
verify that a bad password gets the right exception, and that a retry
with the right password works.
"""
self.start_server()
self.tc.connect(hostkey=self.public_host_key)
try:
self.tc.auth_password(username="******", password="******")
self.assertTrue(False)
except:
etype, evalue, etb = sys.exc_info()
self.assertTrue(issubclass(etype, AuthenticationException))
self.tc.auth_password(username="******", password="******")
self.verify_finished()
def test_3_multipart_auth(self):
"""
verify that multipart auth works.
"""
self.start_server()
self.tc.connect(hostkey=self.public_host_key)
remain = self.tc.auth_password(username="******",
password="******")
self.assertEqual(["publickey"], remain)
key = DSSKey.from_private_key_file(_support("test_dss.key"))
remain = self.tc.auth_publickey(username="******", key=key)
self.assertEqual([], remain)
self.verify_finished()
def test_4_interactive_auth(self):
"""
verify keyboard-interactive auth works.
"""
self.start_server()
self.tc.connect(hostkey=self.public_host_key)
def handler(title, instructions, prompts):
self.got_title = title
self.got_instructions = instructions
self.got_prompts = prompts
return ["cat"]
remain = self.tc.auth_interactive("commie", handler)
self.assertEqual(self.got_title, "password")
self.assertEqual(self.got_prompts, [("Password", False)])
self.assertEqual([], remain)
self.verify_finished()
def test_5_interactive_auth_fallback(self):
"""
verify that a password auth attempt will fallback to "interactive"
if password auth isn't supported but interactive is.
"""
self.start_server()
self.tc.connect(hostkey=self.public_host_key)
remain = self.tc.auth_password("commie", "cat")
self.assertEqual([], remain)
self.verify_finished()
def test_6_auth_utf8(self):
"""
verify that utf-8 encoding happens in authentication.
"""
self.start_server()
self.tc.connect(hostkey=self.public_host_key)
remain = self.tc.auth_password("utf8", _pwd)
self.assertEqual([], remain)
self.verify_finished()
def test_7_auth_non_utf8(self):
"""
verify that non-utf-8 encoded passwords can be used for broken
servers.
"""
self.start_server()
self.tc.connect(hostkey=self.public_host_key)
remain = self.tc.auth_password("non-utf8", "\xff")
self.assertEqual([], remain)
self.verify_finished()
def test_8_auth_gets_disconnected(self):
"""
verify that we catch a server disconnecting during auth, and report
it as an auth failure.
"""
self.start_server()
self.tc.connect(hostkey=self.public_host_key)
try:
remain = self.tc.auth_password("bad-server", "hello")
except:
etype, evalue, etb = sys.exc_info()
self.assertTrue(issubclass(etype, AuthenticationException))
@slow
def test_9_auth_non_responsive(self):
"""
verify that authentication times out if server takes to long to
respond (or never responds).
"""
self.tc.auth_timeout = 1 # 1 second, to speed up test
self.start_server()
self.tc.connect()
try:
remain = self.tc.auth_password("unresponsive-server", "hello")
except:
etype, evalue, etb = sys.exc_info()
self.assertTrue(issubclass(etype, AuthenticationException))
self.assertTrue("Authentication timeout" in str(evalue))
class TransportTest(unittest.TestCase):
def setUp(self):
self.socks = LoopSocket()
self.sockc = LoopSocket()
self.sockc.link(self.socks)
self.tc = Transport(self.sockc)
self.ts = Transport(self.socks)
def tearDown(self):
self.tc.close()
self.ts.close()
self.socks.close()
self.sockc.close()
def setup_test_server(self):
host_key = RSAKey.from_private_key_file('tests/test_rsa.key')
public_host_key = RSAKey(data=str(host_key))
self.ts.add_server_key(host_key)
event = threading.Event()
self.server = NullServer()
self.assert_(not event.isSet())
self.ts.start_server(event, self.server)
self.tc.connect(hostkey=public_host_key)
self.tc.auth_password(username='******', password='******')
event.wait(1.0)
self.assert_(event.isSet())
self.assert_(self.ts.is_active())
def test_1_security_options(self):
o = self.tc.get_security_options()
self.assertEquals(type(o), SecurityOptions)
self.assert_(('aes256-cbc', 'blowfish-cbc') != o.ciphers)
o.ciphers = ('aes256-cbc', 'blowfish-cbc')
self.assertEquals(('aes256-cbc', 'blowfish-cbc'), o.ciphers)
try:
o.ciphers = ('aes256-cbc', 'made-up-cipher')
self.assert_(False)
except ValueError:
pass
try:
o.ciphers = 23
self.assert_(False)
except TypeError:
pass
def test_2_compute_key(self):
self.tc.K = 123281095979686581523377256114209720774539068973101330872763622971399429481072519713536292772709507296759612401802191955568143056534122385270077606457721553469730659233569339356140085284052436697480759510519672848743794433460113118986816826624865291116513647975790797391795651716378444844877749505443714557929L
self.tc.H = unhexlify('0C8307CDE6856FF30BA93684EB0F04C2520E9ED3')
self.tc.session_id = self.tc.H
key = self.tc._compute_key('C', 32)
self.assertEquals(
'207E66594CA87C44ECCBA3B3CD39FDDB378E6FDB0F97C54B2AA0CFBF900CD995',
hexlify(key).upper())
def test_3_simple(self):
"""
verify that we can establish an ssh link with ourselves across the
loopback sockets. this is hardly "simple" but it's simpler than the
later tests. :)
"""
host_key = RSAKey.from_private_key_file('tests/test_rsa.key')
public_host_key = RSAKey(data=str(host_key))
self.ts.add_server_key(host_key)
event = threading.Event()
server = NullServer()
self.assert_(not event.isSet())
self.assertEquals(None, self.tc.get_username())
self.assertEquals(None, self.ts.get_username())
self.assertEquals(False, self.tc.is_authenticated())
self.assertEquals(False, self.ts.is_authenticated())
self.ts.start_server(event, server)
self.tc.connect(hostkey=public_host_key,
username='******',
password='******')
event.wait(1.0)
self.assert_(event.isSet())
self.assert_(self.ts.is_active())
self.assertEquals('slowdive', self.tc.get_username())
self.assertEquals('slowdive', self.ts.get_username())
self.assertEquals(True, self.tc.is_authenticated())
self.assertEquals(True, self.ts.is_authenticated())
def test_4_special(self):
"""
verify that the client can demand odd handshake settings, and can
renegotiate keys in mid-stream.
"""
host_key = RSAKey.from_private_key_file('tests/test_rsa.key')
public_host_key = RSAKey(data=str(host_key))
self.ts.add_server_key(host_key)
event = threading.Event()
server = NullServer()
self.assert_(not event.isSet())
self.ts.start_server(event, server)
options = self.tc.get_security_options()
options.ciphers = ('aes256-cbc', )
options.digests = ('hmac-md5-96', )
self.tc.connect(hostkey=public_host_key,
username='******',
password='******')
event.wait(1.0)
self.assert_(event.isSet())
self.assert_(self.ts.is_active())
self.assertEquals('aes256-cbc', self.tc.local_cipher)
self.assertEquals('aes256-cbc', self.tc.remote_cipher)
self.assertEquals(12, self.tc.packetizer.get_mac_size_out())
self.assertEquals(12, self.tc.packetizer.get_mac_size_in())
self.tc.send_ignore(1024)
self.tc.renegotiate_keys()
self.ts.send_ignore(1024)
def test_5_keepalive(self):
"""
verify that the keepalive will be sent.
"""
self.tc.set_hexdump(True)
host_key = RSAKey.from_private_key_file('tests/test_rsa.key')
public_host_key = RSAKey(data=str(host_key))
self.ts.add_server_key(host_key)
event = threading.Event()
server = NullServer()
self.assert_(not event.isSet())
self.ts.start_server(event, server)
self.tc.connect(hostkey=public_host_key,
username='******',
password='******')
event.wait(1.0)
self.assert_(event.isSet())
self.assert_(self.ts.is_active())
self.assertEquals(None, getattr(server, '_global_request', None))
self.tc.set_keepalive(1)
time.sleep(2)
self.assertEquals('*****@*****.**', server._global_request)
def test_6_bad_auth_type(self):
"""
verify that we get the right exception when an unsupported auth
type is requested.
"""
host_key = RSAKey.from_private_key_file('tests/test_rsa.key')
public_host_key = RSAKey(data=str(host_key))
self.ts.add_server_key(host_key)
event = threading.Event()
server = NullServer()
self.assert_(not event.isSet())
self.ts.start_server(event, server)
try:
self.tc.connect(hostkey=public_host_key,
username='******',
password='******')
self.assert_(False)
except:
etype, evalue, etb = sys.exc_info()
self.assertEquals(BadAuthenticationType, etype)
self.assertEquals(['publickey'], evalue.allowed_types)
def test_7_bad_password(self):
"""
verify that a bad password gets the right exception, and that a retry
with the right password works.
"""
host_key = RSAKey.from_private_key_file('tests/test_rsa.key')
public_host_key = RSAKey(data=str(host_key))
self.ts.add_server_key(host_key)
event = threading.Event()
server = NullServer()
self.assert_(not event.isSet())
self.ts.start_server(event, server)
self.tc.ultra_debug = True
self.tc.connect(hostkey=public_host_key)
try:
self.tc.auth_password(username='******', password='******')
self.assert_(False)
except:
etype, evalue, etb = sys.exc_info()
self.assert_(issubclass(etype, SSHException))
self.tc.auth_password(username='******', password='******')
event.wait(1.0)
self.assert_(event.isSet())
self.assert_(self.ts.is_active())
def test_8_multipart_auth(self):
"""
verify that multipart auth works.
"""
host_key = RSAKey.from_private_key_file('tests/test_rsa.key')
public_host_key = RSAKey(data=str(host_key))
self.ts.add_server_key(host_key)
event = threading.Event()
server = NullServer()
self.assert_(not event.isSet())
self.ts.start_server(event, server)
self.tc.ultra_debug = True
self.tc.connect(hostkey=public_host_key)
remain = self.tc.auth_password(username='******',
password='******')
self.assertEquals(['publickey'], remain)
key = DSSKey.from_private_key_file('tests/test_dss.key')
remain = self.tc.auth_publickey(username='******', key=key)
self.assertEquals([], remain)
event.wait(1.0)
self.assert_(event.isSet())
self.assert_(self.ts.is_active())
def test_9_interactive_auth(self):
"""
verify keyboard-interactive auth works.
"""
host_key = RSAKey.from_private_key_file('tests/test_rsa.key')
public_host_key = RSAKey(data=str(host_key))
self.ts.add_server_key(host_key)
event = threading.Event()
server = NullServer()
self.assert_(not event.isSet())
self.ts.start_server(event, server)
self.tc.ultra_debug = True
self.tc.connect(hostkey=public_host_key)
def handler(title, instructions, prompts):
self.got_title = title
self.got_instructions = instructions
self.got_prompts = prompts
return ['cat']
remain = self.tc.auth_interactive('commie', handler)
self.assertEquals(self.got_title, 'password')
self.assertEquals(self.got_prompts, [('Password', False)])
self.assertEquals([], remain)
event.wait(1.0)
self.assert_(event.isSet())
self.assert_(self.ts.is_active())
def test_A_interactive_auth_fallback(self):
"""
verify that a password auth attempt will fallback to "interactive"
if password auth isn't supported but interactive is.
"""
host_key = RSAKey.from_private_key_file('tests/test_rsa.key')
public_host_key = RSAKey(data=str(host_key))
self.ts.add_server_key(host_key)
event = threading.Event()
server = NullServer()
self.assert_(not event.isSet())
self.ts.start_server(event, server)
self.tc.ultra_debug = True
self.tc.connect(hostkey=public_host_key)
remain = self.tc.auth_password('commie', 'cat')
self.assertEquals([], remain)
event.wait(1.0)
self.assert_(event.isSet())
self.assert_(self.ts.is_active())
def test_B_exec_command(self):
"""
verify that exec_command() does something reasonable.
"""
self.setup_test_server()
chan = self.tc.open_session()
schan = self.ts.accept(1.0)
try:
chan.exec_command('no')
self.assert_(False)
except SSHException, x:
pass
chan = self.tc.open_session()
chan.exec_command('yes')
schan = self.ts.accept(1.0)
schan.send('Hello there.\n')
schan.send_stderr('This is on stderr.\n')
schan.close()
f = chan.makefile()
self.assertEquals('Hello there.\n', f.readline())
self.assertEquals('', f.readline())
f = chan.makefile_stderr()
self.assertEquals('This is on stderr.\n', f.readline())
self.assertEquals('', f.readline())
# now try it with combined stdout/stderr
chan = self.tc.open_session()
chan.exec_command('yes')
schan = self.ts.accept(1.0)
schan.send('Hello there.\n')
schan.send_stderr('This is on stderr.\n')
schan.close()
chan.set_combine_stderr(True)
f = chan.makefile()
self.assertEquals('Hello there.\n', f.readline())
self.assertEquals('This is on stderr.\n', f.readline())
self.assertEquals('', f.readline())
