def login(self, ip, user, passwd, port=22, key=None, key_pass=None):
'login to ssh server'
self.set_missing_host_key_policy(AutoAddPolicy())
if key:
try:
key_file = RSAKey.from_private_key_file(key)
except PasswordRequiredException:
key_file = RSAKey.from_private_key_file(key, key_pass)
else:
key_file = None
try:
self.connect(ip, port, user, passwd, pkey=key_file)
self.login_status = True
except AuthenticationException:
print "Error: user or password error, info: ", \
"ip:", ip, self.error_get()[1]
self.login_status = False
except socket.error:
print "Error: do't connect to host: %s, info: %s " % \
(ip, str(self.error_get()[1]))
self.login_status = False
except Exception:
self.login_status = False
print "Error: host: %s unknow errow, info: %s" % (
ip, str(self.error_get()[1]))
def clean(self):
data = super(KeyAddForm, self).clean()
key_type = data.get('key_type')
public_key = data.get('public_key')
try:
if key_type == "ssh-rsa":
k = RSAKey(data=base64.b64decode(public_key))
elif key_type == "ssh-dss":
k = DSSKey(data=base64.b64decode(public_key))
elif key_type.startswith('ecdsa'):
k = ECDSAKey(data=base64.b64decode(public_key))
else:
raise forms.ValidationError(
_("Unsupport key type: %(keytype)s"),
code='invalid keytype',
params={'key_type': key_type}
)
data['key_type'] = k.get_name()
data['public_key'] = base64.b64encode(k.get_base64())
except (TypeError, SSHException, UnicodeDecodeError) as err:
if len(public_key) > 30:
body = public_key[0:30]
else:
body = public_key
raise forms.ValidationError(
_("Body of SSH public key is invalid:\n%(body)s\n"
"Error: %(err)s"),
code='invalid key body',
params={'body': body + "...", 'err': err}
)
return data
def getRsaKeyFile(filename, password=None):
try:
key = RSAKey(filename=filename, password=password)
except IOError:
log.info('Generating new server RSA key and saving in file %r.' % filename)
key = RSAKey.generate(1024)
key.write_private_key_file(filename, password=password)
return key
def compute_fingerprint(self):
data = base64.b64decode(self.key)
if self.key_type == "ssh-rsa":
pkey = RSAKey(data=data)
elif self.key_type == "ssh-dss":
pkey = DSSKey(data=data)
return ":".join(re.findall(r"..", hexlify(pkey.get_fingerprint())))
def test_6_compare_rsa(self):
# verify that the private & public keys compare equal
key = RSAKey.from_private_key_file(test_path('test_rsa.key'))
self.assertEqual(key, key)
pub = RSAKey(data=key.asbytes())
self.assertTrue(key.can_sign())
self.assertTrue(not pub.can_sign())
self.assertEqual(key, pub)
def test_6_compare_rsa(self):
# verify that the private & public keys compare equal
key = RSAKey.from_private_key_file('tests/test_rsa.key')
self.assertEquals(key, key)
pub = RSAKey(data=str(key))
self.assert_(key.can_sign())
self.assert_(not pub.can_sign())
self.assertEquals(key, pub)
def get_rsa_key_file(filename, password=None):
try:
key = RSAKey(filename=filename, password=password)
except IOError:
logger.info('RSA Key file not found, generating a new one: {}'.format(filename))
key = RSAKey.generate(1024)
key.write_private_key_file(filename, password=password)
return key
def getIdentityKey(self):
keyfile = os.path.abspath(os.path.join(self.getLocalBuildoutPath(),'hostout_rsa'))
keyfile = self.options.get('identity-file', keyfile)
if not os.path.exists(keyfile):
key = RSAKey.generate(1024)
key.write_private_key_file(keyfile)
else:
key = RSAKey.from_private_key_file(keyfile)
return keyfile, "ssh-rsa %s hostout@hostout" % key.get_base64()
def test_8_sign_rsa(self):
# verify that the rsa private key can sign and verify
key = RSAKey.from_private_key_file(test_path('test_rsa.key'))
msg = key.sign_ssh_data(b'ice weasels')
self.assertTrue(type(msg) is Message)
msg.rewind()
self.assertEqual('ssh-rsa', msg.get_text())
sig = bytes().join([byte_chr(int(x, 16)) for x in SIGNED_RSA.split(':')])
self.assertEqual(sig, msg.get_binary())
msg.rewind()
pub = RSAKey(data=key.asbytes())
self.assertTrue(pub.verify_ssh_sig(b'ice weasels', msg))
def test_8_sign_rsa(self):
# verify that the rsa private key can sign and verify
key = RSAKey.from_private_key_file('tests/test_rsa.key')
msg = key.sign_ssh_data(rng, 'ice weasels')
self.assert_(type(msg) is Message)
msg.rewind()
self.assertEquals('ssh-rsa', msg.get_string())
sig = ''.join([chr(int(x, 16)) for x in SIGNED_RSA.split(':')])
self.assertEquals(sig, msg.get_string())
msg.rewind()
pub = RSAKey(data=str(key))
self.assert_(pub.verify_ssh_sig('ice weasels', msg))
def load_ssh_key(self, length=2048):
cluster_name = self.get_active_cluster()
cluster_folder = os.path.join(self.config_folder, cluster_name)
filename = cluster_name + "_rsa"
filepath = os.path.join(cluster_folder, filename)
if os.path.exists(filepath):
self.log.debug("loading private key: %s", filepath)
k = RSAKey(filename=filepath)
else:
self.log.debug("generating new private key: %s", filepath)
k = RSAKey.generate(length)
k.write_private_key_file(filepath)
return filepath, k
def test_keyfile_is_actually_encrypted(self):
# Read an existing encrypted private key
file_ = test_path('test_rsa_password.key')
password = '******'
newfile = file_ + '.new'
newpassword = '******'
key = RSAKey(filename=file_, password=password)
# Write out a newly re-encrypted copy with a new password.
# When the bug under test exists, this will ValueError.
try:
key.write_private_key_file(newfile, password=newpassword)
self.assert_keyfile_is_encrypted(newfile)
finally:
os.remove(newfile)
def _check_keypair_from_file(self, ref_fingerprint, private_key_path):
"""Function to check if a certain keypair from a file matches the fingerprint
from a reference one
:param str ref_fingerprint: fingerprint to be compared
:raises: KeypairError: if the keypair is not valid, or if the fingerprint to check
and the one computed from the private key is not the same
:raises: KeyNotAccessible: if the private key is password protected
and the password provided is not correct
"""
pkey=None
# This block avoid repetition of checks after it is done for the first instance
if self._SSH_KEY_CHECKED==True:
if self._SSH_KEY_ACCESS_ERROR==True: # This avoid user entering the code right the second time
raise KeyNotAccessible#("Unable to access key file `"+private_key_path+": Invalid password")
else:
return
try:
pkey=DSSKey.from_private_key_file(private_key_path)
except PasswordRequiredException:
try:
asked_password = getpass.getpass('Enter passphrase for '+private_key_path+ ':')
pkey=DSSKey.from_private_key_file(private_key_path,asked_password)
except SSHException:
self._SSH_KEY_CHECKED=True
self._SSH_KEY_ACCESS_ERROR=True # This avoid user entering the code right the second time
raise KeyNotAccessible#("Unable to access key file `"+private_key_path+": Invalid password")
except SSHException:
try:
pkey=RSAKey.from_private_key_file(private_key_path)
except PasswordRequiredException:
try:
asked_password = getpass.getpass('Enter passphrase for '+private_key_path+ ':')
pkey=RSAKey.from_private_key_file(private_key_path,asked_password)
except SSHException:
self._SSH_KEY_CHECKED=True
self._SSH_KEY_ACCESS_ERROR=True # This avoid user entering the code right the second time
raise KeyNotAccessible#("Unable to access key file `"+private_key_path+": Invalid password")
except SSHException:
raise KeypairError('File `%s` is neither a valid DSA key '
'or RSA key' % private_key_path)
fingerprint = str.join(
':', (i.encode('hex') for i in pkey.get_fingerprint()))
if ref_fingerprint!=fingerprint:
raise KeypairError(
"Keypair from "+private_key_path+" is present but has "
"different fingerprint. Aborting!")
self._SSH_KEY_CHECKED=True
return
def dehydrate(self, bundle):
if bundle.obj.key_type == "ssh-rsa":
key = RSAKey(data=base64.b64decode(bundle.obj.public_key))
elif bundle.obj.key_type == "ssh-rsa":
key = DSSKey(data=base64.b64decode(bundle.obj.public_key))
elif bundle.obj.key_type.startswith("ecdsa"):
key = ECDSAKey(data=base64.b64decode(bundle.obj.public_key))
else:
raise HydrationError(
"Unknown key type: %s" % bundle.object.key_type
)
bundle.data['fingerprint'] = u(hexlify(key.get_fingerprint()))
return bundle
def test_2_load_rsa(self):
key = RSAKey.from_private_key_file('tests/test_rsa.key')
self.assertEquals('ssh-rsa', key.get_name())
exp_rsa = FINGER_RSA.split()[1].replace(':', '')
my_rsa = hexlify(key.get_fingerprint())
self.assertEquals(exp_rsa, my_rsa)
self.assertEquals(PUB_RSA.split()[1], key.get_base64())
self.assertEquals(1024, key.get_bits())
s = StringIO()
key.write_private_key(s)
self.assertEquals(RSA_PRIVATE_OUT, s.getvalue())
s.seek(0)
key2 = RSAKey.from_private_key(s)
self.assertEquals(key, key2)
def test_2_load_rsa(self):
key = RSAKey.from_private_key_file(_support("test_rsa.key"))
self.assertEqual("ssh-rsa", key.get_name())
exp_rsa = b(FINGER_RSA.split()[1].replace(":", ""))
my_rsa = hexlify(key.get_fingerprint())
self.assertEqual(exp_rsa, my_rsa)
self.assertEqual(PUB_RSA.split()[1], key.get_base64())
self.assertEqual(1024, key.get_bits())
s = StringIO()
key.write_private_key(s)
self.assertEqual(RSA_PRIVATE_OUT, s.getvalue())
s.seek(0)
key2 = RSAKey.from_private_key(s)
self.assertEqual(key, key2)
def test_3_simple(self):
"""
verify that we can establish an ssh link with ourselves across the
loopback sockets. this is hardly "simple" but it's simpler than the
later tests. :)
"""
host_key = RSAKey.from_private_key_file('tests/test_rsa.key')
public_host_key = RSAKey(data=bytes(host_key))
self.ts.add_server_key(host_key)
event = threading.Event()
server = NullServer()
self.assert_(not event.isSet())
self.assertEquals(None, self.tc.get_username())
self.assertEquals(None, self.ts.get_username())
self.assertEquals(False, self.tc.is_authenticated())
self.assertEquals(False, self.ts.is_authenticated())
self.ts.start_server(event, server)
self.tc.connect(hostkey=public_host_key,
username='******', password='******')
event.wait(1.0)
self.assert_(event.isSet())
self.assert_(self.ts.is_active())
self.assertEquals('slowdive', self.tc.get_username())
self.assertEquals('slowdive', self.ts.get_username())
self.assertEquals(True, self.tc.is_authenticated())
self.assertEquals(True, self.ts.is_authenticated())
def _connect(
self, hostname=None, port=None, username=None, password=None,
accept_missing_host_key=None, timeout=None, compress=None, pkey=None,
look_for_keys=None, allow_agent=None, key_filename=None,
proxy_type=None, proxy_ip=None, proxy_port=None, sock=None):
connect_kwargs = dict(self.connect_kwargs)
connect_kwargs.update({
k: locals().get(k) for k in self.connect_kwargs
if locals().get(k) is not None})
connect_kwargs["port"] = int(connect_kwargs.get("port"))
ssh = ExtendedParamikoSSHClient()
if bool(self.accept_missing_host_key or accept_missing_host_key):
ssh.set_missing_host_key_policy(AutoAddPolicy())
if connect_kwargs.get("pkey") is not None:
connect_kwargs["pkey"] = RSAKey.from_private_key(
io.StringIO(unicode(connect_kwargs["pkey"])))
proxy_type = proxy_type or self.proxy_type
proxy_ip = proxy_ip or self.proxy_ip
proxy_port = proxy_port or self.proxy_port
if connect_kwargs.get("sock") is not None:
pass
elif all([proxy_type, proxy_ip, proxy_port]):
connect_kwargs["sock"] = create_connection(
(connect_kwargs.get("hostname"), connect_kwargs.get("port")),
proxy_type, proxy_ip, int(proxy_port))
ssh.connect(**connect_kwargs)
return ssh
def _get_keys(self):
keys = []
admin_remote = self._get_remote(self.admin_ip)
key_string = '/root/.ssh/id_rsa'
with admin_remote.open(key_string) as f:
keys.append(RSAKey.from_private_key(f))
return keys
def connect(self, instance, ssh_user, ssh_ports, cmd, ssh_key_name):
"""
execute a command on instance with ssh and return if cmd param is not None
connect to ssh if cmd is None
:param instance:
:param ssh_user:
:param ssh_ports:
:param ssh_key_name:
:param cmd: execute this command if not None
:return:
"""
# get instance public ip
ssh_ip = instance.ip
# we need to find the ssh key
try:
key_file = open(os.path.join(os.path.expanduser(self._key_path), ssh_key_name), 'r')
except FileNotFoundError:
try:
key_file = open(os.path.join(os.path.expanduser(self._key_path), ssh_key_name + '.pem'), 'r')
except FileNotFoundError:
raise CourirSshException('private key %(key_name)s nor %(key_name)s.pem not found' % {
'key_name': ssh_key_name
})
client = SSHClient()
client.set_missing_host_key_policy(AutoAddPolicy())
logger.debug('connecting to %s with port %s and user %s', ssh_ip, ssh_ports[0], ssh_user)
mykey = RSAKey.from_private_key(key_file)
# we try with each ssh_port we have
for count, ssh_port in enumerate(ssh_ports):
try:
logger.debug(ssh_ip)
logger.debug(ssh_port)
client.connect(hostname=ssh_ip, port=int(ssh_port), username=ssh_user, pkey=mykey, timeout=4)
if cmd is None:
with NamedTemporaryFile(mode='w+') as tmp_key_file:
mykey.write_private_key(tmp_key_file, password=None)
tmp_key_file.flush()
cmd = 'ssh -i %s %s@%s -p %s' % (tmp_key_file.name, ssh_user, ssh_ip, ssh_port)
logger.debug(cmd)
os.system(cmd)
else:
stdin, stdout, stderr = client.exec_command(command=cmd)
out_str = stdout.read()
out_err = stderr.read().strip(' \t\n\r')
print(out_str)
if out_err != '':
print(out_err)
sys.exit(1)
except (ConnectionRefusedError, socket.timeout):
#Â we will try another tcp port
if count < len(ssh_ports):
continue
else:
raise CourirSshException('connection error')
def _get_keys(self):
keys = []
admin_remote = self._get_remote(self.admin_ip)
for key_string in ['/root/.ssh/id_rsa', '/root/.ssh/bootstrap.rsa']:
with admin_remote.open(key_string) as f:
keys.append(RSAKey.from_private_key(f))
return keys
def create_ssh_rsa_key_pair(passphrase, bits=2048):
random_generator = Random.new().read
keypair = RSA.generate(bits, random_generator)
# extract keys
privkey = keypair.exportKey('PEM', passphrase, pkcs=1)
pubkey = '%s %s %s' % (keypair.publickey().exportKey("OpenSSH"), config.SSH_PRIV_KEY, str(datetime.now()))
# writing keys to files
priv_key_file = config.get_priv_ssh_key()
pub_key_file = '%s.pub' % priv_key_file
with open("%s" % priv_key_file, 'w', stat.S_IWUSR | stat.S_IRUSR) as f:
f.write("%s" % privkey)
f.close()
os.chmod(priv_key_file, stat.S_IWUSR | stat.S_IRUSR)
with open("%s" % pub_key_file, 'w') as f:
f.write("%s" % pubkey)
f.close()
# Get fingerprint and encode it in format aa:bb:cc:dd:...
fingerprint = RSAKey.from_private_key_file(priv_key_file, password=passphrase).get_fingerprint().encode('hex')
fingerprint = ':'.join(fingerprint[i:i + 2] for i in xrange(0, len(fingerprint), 2))
# If running under Windows, convert OpenSSH private key to PuTTY private key,
# because pageant cannot load OpenSSH keys.
if util.platform_is_windows():
priv_key_file_putty = '%s.ppk' % priv_key_file
cmd = '"%s" "%s" -e -o "%s"' % (util.get_path_to_exe('puttygencmd.exe'), priv_key_file, priv_key_file_putty)
util.run(cmd)
os.remove(priv_key_file)
os.rename(priv_key_file_putty, priv_key_file)
return fingerprint
def _set_authentication(self, password, private_key, private_key_pass):
'''Authenticate the transport. prefer password if given'''
if password is None:
# Use Private Key.
if not private_key:
# Try to use default key.
if os.path.exists(os.path.expanduser('~/.ssh/id_rsa')):
private_key = '~/.ssh/id_rsa'
elif os.path.exists(os.path.expanduser('~/.ssh/id_dsa')):
private_key = '~/.ssh/id_dsa'
else:
raise CredentialException("No password or key specified.")
if isinstance(private_key, (AgentKey, RSAKey)):
# use the paramiko agent or rsa key
self._tconnect['pkey'] = private_key
else:
# isn't a paramiko AgentKey or RSAKey, try to build a
# key from what we assume is a path to a key
private_key_file = os.path.expanduser(private_key)
try: # try rsa
self._tconnect['pkey'] = RSAKey.from_private_key_file(
private_key_file, private_key_pass)
except paramiko.SSHException: # if it fails, try dss
# pylint:disable=r0204
self._tconnect['pkey'] = DSSKey.from_private_key_file(
private_key_file, private_key_pass)
def test_certificates(self):
# PKey.load_certificate
key = RSAKey.from_private_key_file(test_path('test_rsa.key'))
self.assertTrue(key.public_blob is None)
key.load_certificate(test_path('test_rsa.key-cert.pub'))
self.assertTrue(key.public_blob is not None)
self.assertEqual(key.public_blob.key_type, '*****@*****.**')
self.assertEqual(key.public_blob.comment, 'test_rsa.key.pub')
# Delve into blob contents, for test purposes
msg = Message(key.public_blob.key_blob)
self.assertEqual(msg.get_text(), '*****@*****.**')
nonce = msg.get_string()
e = msg.get_mpint()
n = msg.get_mpint()
self.assertEqual(e, key.public_numbers.e)
self.assertEqual(n, key.public_numbers.n)
# Serial number
self.assertEqual(msg.get_int64(), 1234)
# Prevented from loading certificate that doesn't match
key1 = Ed25519Key.from_private_key_file(test_path('test_ed25519.key'))
self.assertRaises(
ValueError,
key1.load_certificate,
test_path('test_rsa.key-cert.pub'),
)
def test_salt_size(self):
# Read an existing encrypted private key
file_ = test_path('test_rsa_password.key')
password = '******'
newfile = file_ + '.new'
newpassword = '******'
key = RSAKey(filename=file_, password=password)
# Write out a newly re-encrypted copy with a new password.
# When the bug under test exists, this will ValueError.
try:
key.write_private_key_file(newfile, password=newpassword)
# Verify the inner key data still matches (when no ValueError)
key2 = RSAKey(filename=newfile, password=newpassword)
self.assertEqual(key, key2)
finally:
os.remove(newfile)
def sftp_server():
"""
Set up an in-memory SFTP server thread. Yields the client Transport/socket.
The resulting client Transport (along with all the server components) will
be the same object throughout the test session; the `sftp` fixture then
creates new higher level client objects wrapped around the client
Transport, as necessary.
"""
# Sockets & transports
socks = LoopSocket()
sockc = LoopSocket()
sockc.link(socks)
tc = Transport(sockc)
ts = Transport(socks)
# Auth
host_key = RSAKey.from_private_key_file(_support("test_rsa.key"))
ts.add_server_key(host_key)
# Server setup
event = threading.Event()
server = StubServer()
ts.set_subsystem_handler("sftp", SFTPServer, StubSFTPServer)
ts.start_server(event, server)
# Wait (so client has time to connect? Not sure. Old.)
event.wait(1.0)
# Make & yield connection.
tc.connect(username="******", password="******")
yield tc
def setup_test_server(
self, client_options=None, server_options=None, connect_kwargs=None,
):
host_key = RSAKey.from_private_key_file(_support('test_rsa.key'))
public_host_key = RSAKey(data=host_key.asbytes())
self.ts.add_server_key(host_key)
if client_options is not None:
client_options(self.tc.get_security_options())
if server_options is not None:
server_options(self.ts.get_security_options())
event = threading.Event()
self.server = NullServer()
self.assertTrue(not event.is_set())
self.ts.start_server(event, self.server)
if connect_kwargs is None:
connect_kwargs = dict(
hostkey=public_host_key,
username='******',
password='******',
)
self.tc.connect(**connect_kwargs)
event.wait(1.0)
self.assertTrue(event.is_set())
self.assertTrue(self.ts.is_active())
def test_L_handshake_timeout(self):
"""
verify that we can get a hanshake timeout.
"""
# Tweak client Transport instance's Packetizer instance so
# its read_message() sleeps a bit. This helps prevent race conditions
# where the client Transport's timeout timer thread doesn't even have
# time to get scheduled before the main client thread finishes
# handshaking with the server.
# (Doing this on the server's transport *sounds* more 'correct' but
# actually doesn't work nearly as well for whatever reason.)
class SlowPacketizer(Packetizer):
def read_message(self):
time.sleep(1)
return super(SlowPacketizer, self).read_message()
# NOTE: prettttty sure since the replaced .packetizer Packetizer is now
# no longer doing anything with its copy of the socket...everything'll
# be fine. Even tho it's a bit squicky.
self.tc.packetizer = SlowPacketizer(self.tc.sock)
# Continue with regular test red tape.
host_key = RSAKey.from_private_key_file(_support('test_rsa.key'))
public_host_key = RSAKey(data=host_key.asbytes())
self.ts.add_server_key(host_key)
event = threading.Event()
server = NullServer()
self.assertTrue(not event.is_set())
self.tc.handshake_timeout = 0.000000000001
self.ts.start_server(event, server)
self.assertRaises(EOFError, self.tc.connect,
hostkey=public_host_key,
username='******',
password='******')
def test_ssh_exception(self):
"""Test that we get ssh exception in output with correct arguments"""
self.server.kill()
host = '127.0.0.10'
_socket = make_socket(host)
port = _socket.getsockname()[1]
server = start_server(_socket, ssh_exception=True)
hosts = [host]
client = ParallelSSHClient(hosts, port=port,
user='******', password='******',
pkey=RSAKey.generate(1024))
output = client.run_command(self.fake_cmd, stop_on_errors=False)
gevent.sleep(1)
client.pool.join()
self.assertTrue('exception' in output[host],
msg="Got no exception for host %s - expected connection error" % (
host,))
try:
raise output[host]['exception']
except SSHException, ex:
self.assertEqual(ex.args[1], host,
msg="Exception host argument is %s, should be %s" % (
ex.args[1], host,))
self.assertEqual(ex.args[2], port,
msg="Exception port argument is %s, should be %s" % (
ex.args[2], port,))
def get(nodes_file, request):
"""Return the logs"""
args = dict(request.args.items())
try:
container = args.pop('container')
except KeyError:
raise errors.BadRequest('No container on URL arguments')
results = dict()
with open(nodes_file) as f:
nodes = yaml.load(f)
try:
rsa_key_file = nodes.pop('rsa_key')
pkey = RSAKey.from_private_key_file(rsa_key_file)
except Exception as e:
print('Failed to read RSA Key, {} {}'.format(type(e), e))
raise
ssh = SSHClient()
ssh.set_missing_host_key_policy(AutoAddPolicy)
cmd = 'docker logs {container} {args}'.format(
container=container,
args=' '.join(['--{}={}'.format(a, args[a]) for a in args]))
for _, ips in nodes.items():
for ip in ips:
ssh.connect(hostname=ip, username='******', pkey=pkey)
print('ssh root@{ip} {cmd}'.format(ip=ip, cmd=cmd))
_in, _out, _err = ssh.exec_command(cmd)
status = _out.channel.recv_exit_status()
results[ip] = dict(
status=status, stdout=_out.read(), stderr=_err.read())
ssh.close()
return results
def test_3a_long_banner(self):
"""
verify that a long banner doesn't mess up the handshake.
"""
host_key = RSAKey.from_private_key_file(test_path('test_rsa.key'))
public_host_key = RSAKey(data=host_key.asbytes())
self.ts.add_server_key(host_key)
event = threading.Event()
server = NullServer()
self.assertTrue(not event.is_set())
self.socks.send(LONG_BANNER)
self.ts.start_server(event, server)
self.tc.connect(hostkey=public_host_key,
username='******',
password='******')
event.wait(1.0)
self.assertTrue(event.is_set())
self.assertTrue(self.ts.is_active())
def __init__(self, ctx):
self.manager = InstanceManager.make()
self.settings = self.manager.settings
try:
ctx.connect_kwargs.pkey = RSAKey.from_private_key_file(
self.manager.settings.key_path)
self.connect = ctx.connect_kwargs
except (IOError, PasswordRequiredException, SSHException) as e:
raise BenchError('Failed to load SSH key', e)
def pKeyConnect(self, ssh_config):
try:
pKey = RSAKey.from_private_key_file(filename=ssh_config.ssh_key)
except PasswordRequiredException:
if ssh_config.ssh_key_pass:
pKey = RSAKey.from_private_key_file(
filename=ssh_config.ssh_key,
password=ssh_config.ssh_key_pass)
else:
err_msg = 'Fail to Load RSAKey({}), make sure password for key is correct.' \
.format(ssh_config.ssh_key)
logging.warning(err_msg)
raise ImportRSAkeyFaild(err_msg)
else:
self.client.connect(hostname=ssh_config.remote_host,
port=ssh_config.remote_port,
username=ssh_config.remote_user,
pkey=pKey)
def test_pkey_to_credential(self):
key = RSAKey.generate(bits=2048)
credential = Credential.objects.create(user=self.user1,
remote_user='******')
credential.key = key
credential.save()
credential_copy = Credential.objects.get(pk=credential.pk)
self.assertEqual(key.get_fingerprint(),
credential_copy.key.get_fingerprint())
def test_load_rsa_password(self):
key = RSAKey.from_private_key_file(_support('test_rsa_password.key'),
'television')
self.assertEqual('ssh-rsa', key.get_name())
exp_rsa = b(FINGER_RSA.split()[1].replace(':', ''))
my_rsa = hexlify(key.get_fingerprint())
self.assertEqual(exp_rsa, my_rsa)
self.assertEqual(PUB_RSA.split()[1], key.get_base64())
self.assertEqual(1024, key.get_bits())
def test_load_RSA_key_new_format(self):
key = RSAKey.from_private_key_file(_support('test_rsa_2k_o.key'),
b'television')
self.assertEqual('ssh-rsa', key.get_name())
self.assertEqual(PUB_RSA_2K_OPENSSH.split()[1], key.get_base64())
self.assertEqual(2048, key.get_bits())
exp_rsa = b(FINGER_RSA_2K_OPENSSH.split()[1].replace(':', ''))
my_rsa = hexlify(key.get_fingerprint())
self.assertEqual(exp_rsa, my_rsa)
def prepare_ssh_command(config_name,
server,
hostname,
client_id,
tool,
param,
username='******',
timeout=30,
**kwargs):
"""
:param config_name:
:param server:
:param hostname:
:param client_id:
:param tool:
:param param:
:param username:
:param timeout:
:return:
"""
global management_result
current_path = os.path.dirname(os.path.abspath(__file__))
key_path = os.path.join(current_path, '../ssh/key')
try:
key = RSAKey.from_private_key_file(key_path)
except SSHException:
g.user.logger.error(
'Exception trying to connect to server: SSH key must be in PEM format : ssh-keygen -m PEM'
)
g.user.logger.error(traceback.format_exc())
raise Exception('Failed to connect to server!')
ssh = SSHClient()
ssh.set_missing_host_key_policy(AutoAddPolicy())
is_connected = ssh_open_connection(ssh, hostname, username, key, timeout,
**kwargs)
if not is_connected:
raise Exception('Failed to connect to server!')
tool_cmd = {
"ping": "ping -c 10 {}",
"dig": "dig {}",
"traceroute": "traceroute {}"
}
if ":" in param:
tool_cmd = {
"ping": "ping6 -c 10 {}",
"dig": "dig {}",
"traceroute": "traceroute6 {}"
}
cmd = tool_cmd.get(tool).format(param)
update_result_global_stream_result(config_name, server, client_id, tool,
stream_result, "False")
t = Thread(target=exec_command,
args=(ssh, cmd, config_name, server, client_id, tool))
t.start()
management_result[config_name][server][client_id]['ssh'] = ssh
management_result[config_name][server][client_id]['thread'] = t
def generate_pub_pri_keys(self):
try:
key = RSAKey.generate(2048)
string_io = StringIO()
key.write_private_key(string_io)
return key.get_base64(), string_io.getvalue()
except BaseException:
pass
return None, None
def get_ssh_to_remote_by_key(self, ip, keyfile):
try:
with open(keyfile) as f:
keys = [RSAKey.from_private_key(f)]
except IOError:
logger.warning('Loading of SSH key from file failed. Trying to use'
' SSH agent ...')
keys = Agent().get_keys()
return SSHClient(ip, private_keys=keys)
def get_private_keys(self, force=False):
if force or self._keys is None:
self._keys = []
for key_string in [
'/root/.ssh/id_rsa', '/root/.ssh/bootstrap.rsa'
]:
with self.get_admin_remote().open(key_string) as f:
self._keys.append(RSAKey.from_private_key(f))
return self._keys
def match_fingerprint(self, pvt_file, pw, fingerprint):
try:
sshKey = RSAKey.from_private_key_file(pvt_file, pw)
keybytes = md5(sshKey.asbytes()).hexdigest()
printableFingerprint = ':'.join(
a + b for a, b in zip(keybytes[::2], keybytes[1::2]))
return printableFingerprint == fingerprint.__str__()
except PasswordRequiredException:
return False
def test_A_interactive_auth_fallback(self):
"""
verify that a password auth attempt will fallback to "interactive"
if password auth isn't supported but interactive is.
"""
host_key = RSAKey.from_private_key_file('tests/test_rsa.key')
public_host_key = RSAKey(data=str(host_key))
self.ts.add_server_key(host_key)
event = threading.Event()
server = NullServer()
self.assert_(not event.isSet())
self.ts.start_server(event, server)
self.tc.ultra_debug = True
self.tc.connect(hostkey=public_host_key)
remain = self.tc.auth_password('commie', 'cat')
self.assertEquals([], remain)
event.wait(1.0)
self.assert_(event.isSet())
self.assert_(self.ts.is_active())
def ensure_local_ssh_key(name):
from paramiko import RSAKey
if os.path.exists(get_ssh_key_path(name)):
ssh_key = RSAKey.from_private_key_file(get_ssh_key_path(name))
else:
logger.info("Creating key pair %s", name)
ssh_key = new_ssh_key()
makedirs(os.path.dirname(get_ssh_key_path(name)), exist_ok=True)
ssh_key.write_private_key_file(get_ssh_key_path(name))
return ssh_key
def generate_ssh_key_pairs(filename, phrase):
""" SSH key pairs generator for remote docker host provider
Args:
filename (str):The filename path where ssh keys will be saved.
phrase (str):The password phrase.
Returns:
"""
# generating private key
prv = RSAKey.generate(bits=2048, progress_func=None)
prv.write_private_key_file(filename, password=phrase)
# generating public key
pub = RSAKey(filename=filename, password=phrase)
with open("%s.pub" % filename, "w") as f:
f.write("%s %s" % (pub.get_name(), pub.get_base64()))
f.write(" %s" % "moitoi_docker_hive_key")
def sftp_authentication(self):
try:
transport = Transport((ip_server, 222))
privatekeyfile = os.path.expanduser('./priv_key')
mykey = RSAKey.from_private_key_file(privatekeyfile)
transport.connect(username='******', pkey=mykey)
sftp_client = SFTPClient.from_transport(transport)
return sftp_client, transport
except Exception, e:
print "SFTP Authentication Fail:" + str(e)
def _get_ssh_key(self):
"""
Fetch locally stored SSH key.
"""
try:
self.ssh_key = RSAKey.from_private_key_file(self.ssh_key_filepath)
logger.info(f'Found SSH key at self {self.ssh_key_filepath}')
except SSHException as error:
logger.error(error)
return self.ssh_key
def get_ssh_to_remote(self, ip):
keys = []
for key_string in ['/root/.ssh/id_rsa', '/root/.ssh/bootstrap.rsa']:
with self.get_admin_remote().open(key_string) as f:
keys.append(RSAKey.from_private_key(f))
return SSHClient(ip,
username=settings.SSH_CREDENTIALS['login'],
password=settings.SSH_CREDENTIALS['password'],
private_keys=keys)
def setup_test_server(self, client_options=None, server_options=None):
host_key = RSAKey.from_private_key_file('tests/test_rsa.key')
public_host_key = RSAKey(data=str(host_key))
self.ts.add_server_key(host_key)
if client_options is not None:
client_options(self.tc.get_security_options())
if server_options is not None:
server_options(self.ts.get_security_options())
event = threading.Event()
self.server = NullServer()
self.assert_(not event.isSet())
self.ts.start_server(event, self.server)
self.tc.connect(hostkey=public_host_key,
username='******', password='******')
event.wait(1.0)
self.assert_(event.isSet())
self.assert_(self.ts.is_active())
def __get_ssh_key(self):
""" Fetch local ssh key """
try:
self.ssh_key = RSAKey.from_private_key_file(
self.ssh_key_filepath, self.password)
logger.info(f'Found SSH key at {self.ssh_key_filepath}')
except SSHException as error:
logger.error(error)
return self.ssh_key
def create_keypair(private_key_path: str) -> str:
"""
Create the key-pair using the supplied filename
:param private_key_path: full path to the key pair to generate
:return: string contents of the public key
"""
private_key = RSAKey.generate(bits=2048)
private_key.write_private_key_file(private_key_path, password=None)
pub = RSAKey(filename=private_key_path, password=None)
public_key_contents = f'{pub.get_name()} {pub.get_base64()} panhandler'
with open("%s.pub" % private_key_path, "w") as f:
f.write(public_key_contents)
return public_key_contents
def _create_connection(self) -> Connection:
return Connection(
host=self.hostname,
user=self.user,
port=self.port,
config=self.ssh_config,
connect_timeout=self.connect_timeout,
connect_kwargs={
'pkey': RSAKey(filename=os.path.expanduser(self.key_file))
} if self.key_file else None)
def test_3_load_rsa_password(self):
key = RSAKey.from_private_key_file(
_support("test_rsa_password.key"), "television"
)
self.assertEqual("ssh-rsa", key.get_name())
exp_rsa = b(FINGER_RSA.split()[1].replace(":", ""))
my_rsa = hexlify(key.get_fingerprint())
self.assertEqual(exp_rsa, my_rsa)
self.assertEqual(PUB_RSA.split()[1], key.get_base64())
self.assertEqual(1024, key.get_bits())
def run_ssh_cmd_single(vm, cmd, _async=False, needs_pty=False):
'''
sometime /etc/sudoers is configured to require a tty to execute a command with sudo. In this case, set needs_pty to
True. But if needs_pty is True, you cannot run a command asyncrounously (check if this is really true)
Defaults !requiretty
If aysnc is true, return code is 0 and stdout and stderr are both empty strings. That's because the function
returns before they are available
:param vm:
:param cmd:
:param needs_pty:
:return:
'''
try:
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
if vm.priv_key:
pkey = RSAKey.from_private_key(StringIO(
vm.priv_key)) # assuming it is an RSAKey
ssh.connect(hostname=vm.ip,
port=22,
username=vm.username,
pkey=pkey)
else:
ssh.connect(hostname=vm.ip,
port=22,
username=vm.username,
password=vm.password)
logger.debug('Executing command on the remote host {0}: {1}'.format(
vm.benchsuite_name, cmd))
stdin, stdout, stderr = ssh.exec_command(cmd, get_pty=needs_pty)
if _async:
return (0, '', '')
out = sanitize_output(stdout.read().decode("utf-8"))
err = sanitize_output(stderr.read().decode("utf-8"))
exit_status = stdout.channel.recv_exit_status()
return (exit_status, out, err)
# chan = ssh.get_transport().open_session()
# chan.get_pty()
# chan.exec_command(cmd)
# print(chan.recv(1024))
finally:
ssh.close()
def __get_ssh_key(self):
"""Fetch locally stored SSH key."""
try:
query_cmd = """SELECT * FROM keys WHERE host='""" + self.host + """'"""
self.cur.execute(query_cmd)
key_string = self.cur.fetchone()[1]
self.key_file_obj = StringIO(key_string)
self.ssh_key = RSAKey.from_private_key(self.key_file_obj)
except SSHException as error:
logger.error(error)
return self.ssh_key
def create_client(self):
private = RSAKey(filename=self.get_private_key_file())
client = SSHClient()
client.set_missing_host_key_policy(AutoAddPolicy())
client.load_host_keys(self.get_host_keys_file())
client.connect(self.server.host,
pkey=private,
look_for_keys=False,
port=self.server.port,
username=self.server.user)
return client
def __init__(self, kwargs):
self.key = RSAKey.from_private_key(
io.StringIO(kwargs['asymKeys']['private']))
self.ip_address = kwargs['ip_address']
self.username = kwargs['username']
self.sshclient = SSHClient()
self.sshclient.set_missing_host_key_policy(AutoAddPolicy())
return super().__init__()
def generate_host_key(self, filename):
from paramiko import RSAKey
bits = 4096
if self.config.has_option('ssh', 'HostKeyBits'):
bits = self.config.getint('ssh', 'HostKeyBits')
# generate private key and save,
self.log.info('Generating {bits}-bit RSA public/private keypair.'
.format(bits=bits))
priv_key = RSAKey.generate(bits=bits)
priv_key.write_private_key_file(filename, password=None)
self.log.debug('{filename} saved.'.format(filename=filename))
# save public key,
pub = RSAKey(filename=filename, password=None)
with open('{0}.pub'.format(filename,), 'w') as fp:
fp.write("{0} {1}".format(pub.get_name(), pub.get_base64()))
self.log.debug('{filename}.pub saved.'.format(filename=filename))
return priv_key
def _get_ssh_key(self):
"""Fetch locally stored SSH key."""
try:
self.ssh_key = RSAKey.from_private_key_file(self.ssh_key_filepath)
LOGGER.info(f"Found SSH key at self {self.ssh_key_filepath}")
return self.ssh_key
except SSHException as e:
LOGGER.error(e)
except Exception as e:
LOGGER.error(f"Unexpected error occurred: {e}")
raise e
def connect(self):
try:
# Build a public key object from the server (agent) key file
if self.publicKeyType == 'rsa':
agent_public_key = RSAKey(
data=base64.decodestring(self.publicKey))
elif self.publicKeyType == 'dss':
agent_public_key = DSSKey(
data=base64.decodestring(self.publicKey))
# Build a private key object from the manager key file, and connect to the agent:
if self.privateKeyFile != None:
# Using client (manager) private key to authenticate
if self.privateKeyType == "rsa":
user_private_key = RSAKey.from_private_key_file(
self.privateKeyFile)
elif self.privateKeyType == "dss":
user_private_key = DSSKey.from_private_key_file(
self.privateKeyFile)
self.ssh.connect(hostkey=agent_public_key,
username=self.username,
pkey=user_private_key)
else:
# Using client (manager) password to authenticate
self.ssh.connect(hostkey=agent_public_key,
username=self.username,
password=self.password)
# Request a new channel to the server, of type "session".
self.chan = self.ssh.open_session()
# Request a "netconf" subsystem on the server:
self.chan.invoke_subsystem(C.NETCONF_SSH_SUBSYSTEM)
except Exception, exp:
syslog.openlog("YencaP Manager")
syslog.syslog(syslog.LOG_ERR, str(exp))
syslog.closelog()
return C.FAILED
def ConnectionHandle(client, priv):
try:
t = Transport(client)
ip, port = client.getpeername()
t.local_version = 'SSH-2.0-' + choice(self.random_servers)
t.add_server_key(RSAKey(file_obj=StringIO(priv)))
t.start_server(server=SSHHandle(ip, port))
chan = t.accept(1)
if not chan is None:
chan.close()
except:
pass
