def _verify_key(self) -> None: """ Verify target host public key, raise exception if invalid/unknown Args: N/A Returns: None Raises: ScrapliConnectionNotOpened: if session is unopened/None ScrapliAuthenticationFailed: if host is not in known hosts ScrapliAuthenticationFailed: if host is in known hosts but public key does not match """ if not self.session: raise ScrapliConnectionNotOpened known_hosts = SSHKnownHosts( self.plugin_transport_args.ssh_known_hosts_file) known_host_public_key = known_hosts.lookup( self._base_transport_args.host) if not known_host_public_key: raise ScrapliAuthenticationFailed( f"{self._base_transport_args.host} not in known_hosts!") remote_server_key = self.session.get_remote_server_key() remote_public_key = remote_server_key.get_base64() if known_host_public_key["public_key"] != remote_public_key: raise ScrapliAuthenticationFailed( f"{self._base_transport_args.host} in known_hosts but public key does not match!" )
def _verify_key_value(self) -> None: """ Verify target host public key, raise exception if invalid/unknown Args: N/A Returns: None Raises: ScrapliConnectionNotOpened: if session is unopened/None ScrapliAuthenticationFailed: if host is in known hosts but public key does not match or cannot glean remote server key from session. """ if not self.session: raise ScrapliConnectionNotOpened known_hosts = SSHKnownHosts(self.plugin_transport_args.ssh_known_hosts_file) known_host_public_key = known_hosts.lookup(self._base_transport_args.host) remote_server_key = self.session.get_server_host_key() if remote_server_key is None: raise ScrapliAuthenticationFailed( f"failed gleaning remote server ssh key for host {self._base_transport_args.host}" ) remote_public_key = remote_server_key.export_public_key().split()[1].decode() if known_host_public_key["public_key"] != remote_public_key: raise ScrapliAuthenticationFailed( f"{self._base_transport_args.host} in known_hosts but public key does not match!" )
def _verify_key(self) -> None: """ Verify target host public key, raise exception if invalid/unknown Args: N/A Returns: N/A # noqa: DAR202 Raises: KeyVerificationFailed: if public key verification fails """ known_hosts = SSHKnownHosts(self.ssh_known_hosts_file) if self.host not in known_hosts.hosts.keys(): raise KeyVerificationFailed(f"{self.host} not in known_hosts!") remote_server_key_info = self.session.hostkey() encoded_remote_server_key = remote_server_key_info[0] raw_remote_public_key = base64.encodebytes(encoded_remote_server_key) remote_public_key = raw_remote_public_key.replace(b"\n", b"").decode() if known_hosts.hosts[self.host]["public_key"] != remote_public_key: raise KeyVerificationFailed( f"{self.host} in known_hosts but public key does not match!" )
def _verify_key(self) -> None: """ Verify target host public key, raise exception if invalid/unknown Args: N/A Returns: N/A # noqa: DAR202 Raises: KeyVerificationFailed: if host is not in known hosts KeyVerificationFailed: if host is in known hosts but public key does not match """ known_hosts = SSHKnownHosts(self.ssh_known_hosts_file) if self.host not in known_hosts.hosts.keys(): raise KeyVerificationFailed(f"{self.host} not in known_hosts!") remote_server_key = self.session.get_remote_server_key() remote_public_key = remote_server_key.get_base64() if known_hosts.hosts[self.host]["public_key"] != remote_public_key: raise KeyVerificationFailed( f"{self.host} in known_hosts but public key does not match!" )
def _verify_key(self) -> None: """ Verify target host public key, raise exception if invalid/unknown Args: N/A Returns: None Raises: ScrapliConnectionNotOpened: if session is unopened/None ScrapliAuthenticationFailed: if public key verification fails """ if not self.session: raise ScrapliConnectionNotOpened known_hosts = SSHKnownHosts( self.plugin_transport_args.ssh_known_hosts_file) if self._base_transport_args.host not in known_hosts.hosts.keys(): raise ScrapliAuthenticationFailed( f"{self._base_transport_args.host} not in known_hosts!") remote_server_key_info = self.session.hostkey() encoded_remote_server_key = remote_server_key_info[0] raw_remote_public_key = base64.encodebytes(encoded_remote_server_key) remote_public_key = raw_remote_public_key.replace(b"\n", b"").decode() if known_hosts.hosts[self._base_transport_args. host]["public_key"] != remote_public_key: raise ScrapliAuthenticationFailed( f"{self._base_transport_args.host} in known_hosts but public key does not match!" )
def _verify_key(self) -> None: """ Verify target host public key, raise exception if invalid/unknown Args: N/A Returns: None Raises: ScrapliAuthenticationFailed: if host is not in known hosts """ known_hosts = SSHKnownHosts(self.plugin_transport_args.ssh_known_hosts_file) known_host_public_key = known_hosts.lookup(self._base_transport_args.host) if not known_host_public_key: raise ScrapliAuthenticationFailed( f"{self._base_transport_args.host} not in known_hosts!" )
def _verify_key(self) -> None: """ Verify target host public key, raise exception if invalid/unknown Args: N/A Returns: N/A # noqa: DAR202 Raises: KeyVerificationFailed: if host is not in known hosts """ known_hosts = SSHKnownHosts(self.ssh_known_hosts_file) if self.host not in known_hosts.hosts.keys(): raise KeyVerificationFailed(f"{self.host} not in known_hosts!")
def _verify_key_value(self) -> None: """ Verify target host public key, raise exception if invalid/unknown Args: N/A Returns: N/A # noqa: DAR202 Raises: KeyVerificationFailed: if host is in known hosts but public key does not match """ known_hosts = SSHKnownHosts(self.ssh_known_hosts_file) remote_server_key = self.session.get_server_host_key() remote_public_key = remote_server_key.export_public_key().split( )[1].decode() if known_hosts.hosts[self.host]["public_key"] != remote_public_key: raise KeyVerificationFailed( f"{self.host} in known_hosts but public key does not match!")
def test_init_ssh_known_hosts_file_explicit(): known_hosts = SSHKnownHosts(f"{TEST_DATA_DIR}/files/_ssh_known_hosts") with open(f"{TEST_DATA_DIR}/files/_ssh_known_hosts", "r") as f: ssh_known_hosts = f.read() assert known_hosts.ssh_known_hosts == ssh_known_hosts
def test_init_ssh_known_hosts_file_exceptions(): with pytest.raises(TypeError) as exc: SSHKnownHosts(None) assert str(exc.value) == "`ssh_known_hosts_file` expected str, got <class 'NoneType'>"
def test_init_ssh_known_hosts_file_no_hosts(): known_hosts = SSHKnownHosts(f"{UNIT_TEST_DIR}__init__.py") assert known_hosts.hosts == {}
def test_init_ssh_known_hosts_file_no_hosts(test_data_path): known_hosts = SSHKnownHosts(f"{test_data_path}/files/__init__.py") assert known_hosts.hosts == {}
def test_known_host_lookup_bad_host(real_ssh_known_hosts_file_path): known_hosts = SSHKnownHosts(real_ssh_known_hosts_file_path) assert known_hosts.lookup("bad.host") == {}
def test_known_host_lookup_exact_host_hashed(real_ssh_known_hosts_file_path): known_hosts = SSHKnownHosts(real_ssh_known_hosts_file_path) # remove the non-hashed known host entry in the loaded dict, leaving only the hashed entry del known_hosts.hosts["172.18.0.11"] assert known_hosts.lookup("172.18.0.11") != {}
def test_known_host_lookup_exact_host(real_ssh_known_hosts_file_path): known_hosts = SSHKnownHosts(real_ssh_known_hosts_file_path) assert known_hosts.lookup("172.18.0.11") != {}
def test_init_ssh_known_hosts_file_no_config_file(fs): known_hosts = SSHKnownHosts("") assert known_hosts.hosts == {}
def test_init_ssh_known_hosts_file_no_hosts(): known_hosts = SSHKnownHosts(f"{TEST_DATA_DIR}/files/__init__.py") assert known_hosts.hosts == {}
def test_init_ssh_known_hosts_file_explicit(real_ssh_known_hosts_file_path): known_hosts = SSHKnownHosts(real_ssh_known_hosts_file_path) with open(real_ssh_known_hosts_file_path, "r") as f: ssh_known_hosts = f.read() assert known_hosts.ssh_known_hosts == ssh_known_hosts