def verifyHostKey(self, pubKey, fingerprint):
#d = defer.Deferred()
#d.addCallback(lambda x:defer.succeed(1))
#d.callback(2)
#return d
goodKey = isInKnownHosts(options['host'], pubKey,
{'known-hosts': None})
if goodKey == 1: # good key
return defer.succeed(1)
elif goodKey == 2: # AAHHHHH changed
return defer.fail(error.ConchError('bad host key'))
else:
if options['host'] == self.transport.getPeer()[1]:
host = options['host']
khHost = options['host']
else:
host = '%s (%s)' % (options['host'],
self.transport.getPeer()[1])
khHost = '%s,%s' % (options['host'],
self.transport.getPeer()[1])
keyType = common.getNS(pubKey)[0]
ques = """The authenticity of host '%s' can't be established.\r
%s key fingerprint is %s.""" % (host, {
'ssh-dss': 'DSA',
'ssh-rsa': 'RSA'
}[keyType], fingerprint)
ques += '\r\nAre you sure you want to continue connecting (yes/no)? '
return deferredAskFrame(ques,
1).addCallback(self._cbVerifyHostKey,
pubKey, khHost, keyType)
def verifyHostKey(self, pubKey, fingerprint):
# d = defer.Deferred()
# d.addCallback(lambda x:defer.succeed(1))
# d.callback(2)
# return d
goodKey = isInKnownHosts(options["host"], pubKey,
{"known-hosts": None})
if goodKey == 1: # good key
return defer.succeed(1)
elif goodKey == 2: # AAHHHHH changed
return defer.fail(error.ConchError("bad host key"))
else:
if options["host"] == self.transport.getPeer().host:
host = options["host"]
khHost = options["host"]
else:
host = "{} ({})".format(options["host"],
self.transport.getPeer().host)
khHost = "{},{}".format(options["host"],
self.transport.getPeer().host)
keyType = common.getNS(pubKey)[0]
ques = """The authenticity of host '{}' can't be established.\r
{} key fingerprint is {}.""".format(
host,
{
b"ssh-dss": "DSA",
b"ssh-rsa": "RSA"
}[keyType],
fingerprint,
)
ques += "\r\nAre you sure you want to continue connecting (yes/no)? "
return deferredAskFrame(ques,
1).addCallback(self._cbVerifyHostKey,
pubKey, khHost, keyType)
def verifyHostKey(self, pubKey, fingerprint):
#d = defer.Deferred()
#d.addCallback(lambda x:defer.succeed(1))
#d.callback(2)
#return d
goodKey = isInKnownHosts(options['host'], pubKey, {'known-hosts': None})
if goodKey == 1: # good key
return defer.succeed(1)
elif goodKey == 2: # AAHHHHH changed
return defer.fail(error.ConchError('bad host key'))
else:
if options['host'] == self.transport.getPeer()[1]:
host = options['host']
khHost = options['host']
else:
host = '%s (%s)' % (options['host'],
self.transport.getPeer()[1])
khHost = '%s,%s' % (options['host'],
self.transport.getPeer()[1])
keyType = common.getNS(pubKey)[0]
ques = """The authenticity of host '%s' can't be established.\r
%s key fingerprint is %s.""" % (host,
{'ssh-dss':'DSA', 'ssh-rsa':'RSA'}[keyType],
fingerprint)
ques+='\r\nAre you sure you want to continue connecting (yes/no)? '
return deferredAskFrame(ques, 1).addCallback(self._cbVerifyHostKey, pubKey, khHost, keyType)
def test_notInKnownHosts(self):
"""
L{default.isInKnownHosts} should return C{0} when a host with a key
is not in the known hosts file.
"""
r = default.isInKnownHosts(
"not.there", b"irrelevant",
{"known-hosts": FilePath(self.hostsOption).path})
self.assertEqual(0, r)
def test_notInKnownHosts(self):
"""
L{default.isInKnownHosts} should return C{0} when a host with a key
is not in the known hosts file.
"""
r = default.isInKnownHosts(
"not.there", b"irrelevant",
{"known-hosts": FilePath(self.hostsOption).path})
self.assertEqual(0, r)
def test_inKnownHostsKeyChanged(self):
"""
L{default.isInKnownHosts} should return C{2} when a host with a key
other than the given one is in the known hosts file.
"""
host = self.hashedEntries[b"4.3.2.1"].toString().split()[0]
r = default.isInKnownHosts(
host, Key.fromString(otherSampleKey).blob(),
{"known-hosts": FilePath(self.hostsOption).path})
self.assertEqual(2, r)
def test_inKnownHostsKeyChanged(self):
"""
L{default.isInKnownHosts} should return C{2} when a host with a key
other than the given one is in the known hosts file.
"""
host = self.hashedEntries[b"4.3.2.1"].toString().split()[0]
r = default.isInKnownHosts(
host, Key.fromString(otherSampleKey).blob(),
{"known-hosts": FilePath(self.hostsOption).path})
self.assertEqual(2, r)
def test_inKnownHosts(self):
"""
L{default.isInKnownHosts} should return C{1} when a host with a key
is in the known hosts file.
"""
host = self.hashedEntries[b"4.3.2.1"].toString().split()[0]
r = default.isInKnownHosts(
host,
Key.fromString(sampleKey).blob(),
{"known-hosts": FilePath(self.hostsOption).path},
)
self.assertEqual(1, r)
def verifyHostKey(transport, host, pubKey, fingerprint):
retVal = isInKnownHosts(host, pubKey, transport.factory.options)
if retVal == 1:
return defer.succeed(retVal)
elif retVal == 0:
errmsg = "Not existent key"
elif retVal == 2:
errmsg = "Changed key"
else:
errmsg = "Unknown return %s" % retVal
log.err(errmsg)
return defer.fail(error.ConchError(errmsg))
def verifyHostKey(self, pubkey, fingerprint):
cfg = config.configuration
name = self.factory.alias or self.factory.hostname
options = {'known-hosts': cfg.get('Server', 'known hosts')}
found = isInKnownHosts(name, pubkey, options)
if found == 0:
log.err('host key for %s not found' % name)
return defer.fail(error.ConchError('host key for %s not found' % name))
elif found == 2:
log.err('host key for %s has changed' % name)
return defer.fail(error.ConchError('host key for %s has changed' % name))
else:
return defer.succeed(1)
