def _verify_key_value(self) -> None: """ Verify target host public key, raise exception if invalid/unknown Args: N/A Returns: None Raises: ScrapliConnectionNotOpened: if session is unopened/None ScrapliAuthenticationFailed: if host is in known hosts but public key does not match or cannot glean remote server key from session. """ if not self.session: raise ScrapliConnectionNotOpened known_hosts = SSHKnownHosts(self.plugin_transport_args.ssh_known_hosts_file) known_host_public_key = known_hosts.lookup(self._base_transport_args.host) remote_server_key = self.session.get_server_host_key() if remote_server_key is None: raise ScrapliAuthenticationFailed( f"failed gleaning remote server ssh key for host {self._base_transport_args.host}" ) remote_public_key = remote_server_key.export_public_key().split()[1].decode() if known_host_public_key["public_key"] != remote_public_key: raise ScrapliAuthenticationFailed( f"{self._base_transport_args.host} in known_hosts but public key does not match!" )
def _verify_key(self) -> None: """ Verify target host public key, raise exception if invalid/unknown Args: N/A Returns: None Raises: ScrapliConnectionNotOpened: if session is unopened/None ScrapliAuthenticationFailed: if host is not in known hosts ScrapliAuthenticationFailed: if host is in known hosts but public key does not match """ if not self.session: raise ScrapliConnectionNotOpened known_hosts = SSHKnownHosts( self.plugin_transport_args.ssh_known_hosts_file) known_host_public_key = known_hosts.lookup( self._base_transport_args.host) if not known_host_public_key: raise ScrapliAuthenticationFailed( f"{self._base_transport_args.host} not in known_hosts!") remote_server_key = self.session.get_remote_server_key() remote_public_key = remote_server_key.get_base64() if known_host_public_key["public_key"] != remote_public_key: raise ScrapliAuthenticationFailed( f"{self._base_transport_args.host} in known_hosts but public key does not match!" )
def _verify_key(self) -> None: """ Verify target host public key, raise exception if invalid/unknown Args: N/A Returns: None Raises: ScrapliAuthenticationFailed: if host is not in known hosts """ known_hosts = SSHKnownHosts(self.plugin_transport_args.ssh_known_hosts_file) known_host_public_key = known_hosts.lookup(self._base_transport_args.host) if not known_host_public_key: raise ScrapliAuthenticationFailed( f"{self._base_transport_args.host} not in known_hosts!" )
def _verify_key(self) -> None: """ Verify target host public key, raise exception if invalid/unknown Args: N/A Returns: None Raises: ScrapliConnectionNotOpened: if session is unopened/None ScrapliAuthenticationFailed: if public key verification fails """ if not self.session: raise ScrapliConnectionNotOpened known_hosts = SSHKnownHosts( self.plugin_transport_args.ssh_known_hosts_file) known_host_public_key = known_hosts.lookup( self._base_transport_args.host) if not known_host_public_key: raise ScrapliAuthenticationFailed( f"{self._base_transport_args.host} not in known_hosts!") remote_server_key_info = self.session.hostkey() encoded_remote_server_key = remote_server_key_info[0] raw_remote_public_key = base64.encodebytes(encoded_remote_server_key) remote_public_key = raw_remote_public_key.replace(b"\n", b"").decode() if known_host_public_key["public_key"] != remote_public_key: raise ScrapliAuthenticationFailed( f"{self._base_transport_args.host} in known_hosts but public key does not match!" )
def test_known_host_lookup_bad_host(real_ssh_known_hosts_file_path): known_hosts = SSHKnownHosts(real_ssh_known_hosts_file_path) assert known_hosts.lookup("bad.host") == {}
def test_known_host_lookup_exact_host_hashed(real_ssh_known_hosts_file_path): known_hosts = SSHKnownHosts(real_ssh_known_hosts_file_path) # remove the non-hashed known host entry in the loaded dict, leaving only the hashed entry del known_hosts.hosts["172.18.0.11"] assert known_hosts.lookup("172.18.0.11") != {}
def test_known_host_lookup_exact_host(real_ssh_known_hosts_file_path): known_hosts = SSHKnownHosts(real_ssh_known_hosts_file_path) assert known_hosts.lookup("172.18.0.11") != {}