Example #1
0
        def run(self):

            # I have a problem where I have multiple identity files in my ~/.ssh, and I want to use only identities loaded into the agent
            # since openssh does not seem to have an option to use only an agent we have a workaround,
            # by passing the -o IdentityFile option a path that does not exist, openssh can't use any other identities, and can only use the agent.
            # This is a little "racy" in that a tempfile with the same path could concievably be created between the unlink and openssh attempting to use it
            # but since the pub key is extracted from the agent not the identity file I can't see anyway an attacker could use this to trick a user into uploading the attackers key.
            logger_debug("testAuthThread started")
            import tempfile, os
            (fd, path) = tempfile.mkstemp()
            os.close(fd)
            os.unlink(path)

            ssh_cmd = '{sshbinary} -o IdentityFile={nonexistantpath} -o PasswordAuthentication=no -o PubkeyAuthentication=yes -o StrictHostKeyChecking=yes -l {login} {host} echo "success_testauth"'.format(
                sshbinary=self.keydistObject.sshpaths.sshBinary,
                login=self.keydistObject.username,
                host=self.keydistObject.host,
                nonexistantpath=path)

            logger_debug('testAuthThread: attempting: ' + ssh_cmd)
            ssh = subprocess.Popen(ssh_cmd,
                                   stdout=subprocess.PIPE,
                                   stderr=subprocess.STDOUT,
                                   shell=True,
                                   universal_newlines=True)
            stdout, stderr = ssh.communicate()
            ssh.wait()

            logger_debug('testAuthThread: stdout of ssh command: ' +
                         str(stdout))
            logger_debug('testAuthThread: stderr of ssh command: ' +
                         str(stderr))

            if 'success_testauth' in stdout:
                logger_debug(
                    'testAuthThread: got success_testauth in stdout :)')
                self.keydistObject.authentication_success = True
                newevent = KeyDist.sshKeyDistEvent(
                    KeyDist.EVT_KEYDIST_AUTHSUCCESS, self.keydistObject)
            else:
                logger_debug(
                    'testAuthThread: did not see success_testauth in stdout, posting EVT_KEYDIST_AUTHFAIL event'
                )
                newevent = KeyDist.sshKeyDistEvent(
                    KeyDist.EVT_KEYDIST_AUTHFAIL, self.keydistObject)

            if (not self.stopped()):
                logger_debug(
                    'testAuthThread: self.stopped() == False, so posting event: '
                    + str(newevent))
                wx.PostEvent(self.keydistObject.notifywindow.GetEventHandler(),
                             newevent)
Example #2
0
        def run(self):
        
            # I have a problem where I have multiple identity files in my ~/.ssh, and I want to use only identities loaded into the agent
            # since openssh does not seem to have an option to use only an agent we have a workaround, 
            # by passing the -o IdentityFile option a path that does not exist, openssh can't use any other identities, and can only use the agent.
            # This is a little "racy" in that a tempfile with the same path could conceivably be created between the unlink and openssh attempting to use it
            # but since the pub key is extracted from the agent not the identity file I can't see anyway an attacker could use this to trick a user into uploading the attackers key.
            threadid = threading.currentThread().ident
            logger.debug("testAuthThread %i: started"%threadid)
            import tempfile
            fd=tempfile.NamedTemporaryFile(delete=True)
            path=fd.name
            fd.close()
            
            ssh_cmd = '{sshbinary} -o ConnectTimeout=10 -o IdentityFile={nonexistantpath} -o PasswordAuthentication=no -o ChallengeResponseAuthentication=no -o KbdInteractiveAuthentication=no -o PubkeyAuthentication=yes -o StrictHostKeyChecking=no -l {login} {host} echo "success_testauth"'.format(sshbinary=self.keydistObject.keyModel.sshpaths.sshBinary,
                                                                                                                                                                                                             login=self.keydistObject.username,

                                                                                                                                                                                                             host=self.keydistObject.host,
                                                                                                                                                                                                             nonexistantpath=path)

            logger.debug('testAuthThread: attempting: ' + ssh_cmd)
            ssh = subprocess.Popen(ssh_cmd,stdout=subprocess.PIPE,stderr=subprocess.STDOUT,shell=True,universal_newlines=True, startupinfo=self.keydistObject.startupinfo, creationflags=self.keydistObject.creationflags)
            stdout, stderr = ssh.communicate()
            ssh.wait()

            logger.debug("testAuthThread %i: stdout of ssh command: "%threadid + str(stdout))
            logger.debug("testAuthThread %i: stderr of ssh command: "%threadid + str(stderr))


            if 'Could not resolve hostname' in stdout:
                logger.debug('Network error.')
                newevent = KeyDist.sshKeyDistEvent(KeyDist.EVT_KEYDIST_NETWORK_ERROR,self.keydistObject)
            elif 'success_testauth' in stdout:
                logger.debug("testAuthThread %i: got success_testauth in stdout :)"%threadid)
                self.keydistObject.authentication_success = True
                newevent = KeyDist.sshKeyDistEvent(KeyDist.EVT_KEYDIST_AUTHSUCCESS,self.keydistObject)
            elif 'Agent admitted' in stdout:
                logger.debug("testAuthThread %i: the ssh agent has an error. Try rebooting the computer")
                self.keydistObject.cancel("Sorry, there is a problem with the SSH agent.\nThis sort of thing usually occurs if you delete your key and create a new one.\nThe easiest solution is to reboot your computer and try again.")
                return
            else:
                logger.debug("testAuthThread %i: did not see success_testauth in stdout, posting EVT_KEYDIST_AUTHFAIL event"%threadid)
                newevent = KeyDist.sshKeyDistEvent(KeyDist.EVT_KEYDIST_AUTHFAIL,self.keydistObject)

            if (not self.stopped()):
                logger.debug("testAuthThread %i: self.stopped() == False, so posting event: "%threadid + str(newevent))
                wx.PostEvent(self.keydistObject.notifywindow.GetEventHandler(),newevent)
            logger.debug("testAuthThread %i: stopped"%threadid)
Example #3
0
    def testAuth(self,keyModel,username=None,host=None):
        if username!=None:
            self.username=username
        if host!=None:
            self.host=host
        if self.username==None:
            raise Exception("I don't know what username you are tring to login with")
        from logger.Logger import logger
        logger.debug("in passwordAuth.testAuth")
        import tempfile
        import sys
        from logger.Logger import logger
        import subprocess
        fd=tempfile.NamedTemporaryFile(delete=True)
        path=fd.name
        fd.close()

        auth=False
        try:
        
            ssh_cmd = ['{sftpBinary}','-o','ConnectTimeout=10','-o','IdentityFile="{nonexistantpath}"','-o','PasswordAuthentication=no','-o','ChallengeResponseAuthentication=no','-o','KbdInteractiveAuthentication=no','-o','PubkeyAuthentication=yes','-o','StrictHostKeyChecking=no','-P','{port}','{login}@{host}']
            cmd=[]
            for s in ssh_cmd:
                cmd.append(s.format(sftpBinary=self.keydistObject.keyModel.sshpaths.sftpBinary,login=self.username, host=self.host, nonexistantpath=path,port=self.port))
            logger.debug('testAuthThread: attempting: %s'%cmd)
            if sys.platform.startswith("win"):
                ssh = subprocess.Popen(" ".join(cmd),shell=True,stdout=subprocess.PIPE,stderr=subprocess.STDOUT,universal_newlines=True, startupinfo=self.keydistObject.startupinfo, creationflags=self.keydistObject.creationflags)
            else:
                ssh = subprocess.Popen(cmd,shell=False,stdout=subprocess.PIPE,stderr=subprocess.STDOUT,stdin=subprocess.PIPE,universal_newlines=True, startupinfo=self.keydistObject.startupinfo, creationflags=self.keydistObject.creationflags)
            stdout, stderr = ssh.communicate('quit\n\n')

            logger.debug("passwordAuth.testAuth: stdout of ssh command: " + str(stdout))
            logger.debug("passwordAuth.testAuth: stderr of ssh command: " + str(stderr))

            if ssh.returncode==0:
                auth=True
            else:
                auth=False
        except Exception as e:
            import traceback
            logger.debug("passwordAuth.testAuth raised an exception %s"%e)
            logger.debug(traceback.format_exc())
            raise e

        return auth
Example #4
0
        def run(self):
        
            # I have a problem where I have multiple identity files in my ~/.ssh, and I want to use only identities loaded into the agent
            # since openssh does not seem to have an option to use only an agent we have a workaround, 
            # by passing the -o IdentityFile option a path that does not exist, openssh can't use any other identities, and can only use the agent.
            # This is a little "racy" in that a tempfile with the same path could concievably be created between the unlink and openssh attempting to use it
            # but since the pub key is extracted from the agent not the identity file I can't see anyway an attacker could use this to trick a user into uploading the attackers key.
            logger_debug("testAuthThread started")
            import tempfile, os
            (fd,path)=tempfile.mkstemp()
            os.close(fd)
            os.unlink(path)
            
            ssh_cmd = '{sshbinary} -o IdentityFile={nonexistantpath} -o PasswordAuthentication=no -o PubkeyAuthentication=yes -o StrictHostKeyChecking=yes -l {login} {host} echo "success_testauth"'.format(sshbinary=self.keydistObject.sshpaths.sshBinary,
                                                                                                                                                                                                             login=self.keydistObject.username,
                                                                                                                                                                                                             host=self.keydistObject.host,
                                                                                                                                                                                                             nonexistantpath=path)

            logger_debug('testAuthThread: attempting: ' + ssh_cmd)
            ssh = subprocess.Popen(ssh_cmd,stdout=subprocess.PIPE,stderr=subprocess.STDOUT,shell=True,universal_newlines=True)
            stdout, stderr = ssh.communicate()
            ssh.wait()

            logger_debug('testAuthThread: stdout of ssh command: ' + str(stdout))
            logger_debug('testAuthThread: stderr of ssh command: ' + str(stderr))

            if 'success_testauth' in stdout:
                logger_debug('testAuthThread: got success_testauth in stdout :)')
                self.keydistObject.authentication_success = True
                newevent = KeyDist.sshKeyDistEvent(KeyDist.EVT_KEYDIST_AUTHSUCCESS,self.keydistObject)
            else:
                logger_debug('testAuthThread: did not see success_testauth in stdout, posting EVT_KEYDIST_AUTHFAIL event')
                newevent = KeyDist.sshKeyDistEvent(KeyDist.EVT_KEYDIST_AUTHFAIL,self.keydistObject)

            if (not self.stopped()):
                logger_debug('testAuthThread: self.stopped() == False, so posting event: ' + str(newevent))
                wx.PostEvent(self.keydistObject.notifywindow.GetEventHandler(),newevent)
Example #5
0
    def testAuth(self, keyModel, username=None, host=None):
        if username != None:
            self.username = username
        if host != None:
            self.host = host
        if self.username == None:
            raise Exception("I don't know what username you are tring to login with")
        from logger.Logger import logger

        logger.debug("in passwordAuth.testAuth")
        import tempfile
        import sys
        from logger.Logger import logger
        import subprocess

        fd = tempfile.NamedTemporaryFile(delete=True)
        path = fd.name
        fd.close()

        auth = False
        try:

            ssh_cmd = [
                "{sftpBinary}",
                "-o",
                "ConnectTimeout=10",
                "-o",
                'IdentityFile="{nonexistantpath}"',
                "-o",
                "PasswordAuthentication=no",
                "-o",
                "ChallengeResponseAuthentication=no",
                "-o",
                "KbdInteractiveAuthentication=no",
                "-o",
                "PubkeyAuthentication=yes",
                "-o",
                "StrictHostKeyChecking=no",
                "-P",
                "{port}",
                "{login}@{host}",
            ]
            cmd = []
            for s in ssh_cmd:
                cmd.append(
                    s.format(
                        sftpBinary=self.keydistObject.keyModel.sshpaths.sftpBinary,
                        login=self.username,
                        host=self.host,
                        nonexistantpath=path,
                        port=self.port,
                    )
                )
            logger.debug("testAuthThread: attempting: %s" % cmd)
            if sys.platform.startswith("win"):
                ssh = subprocess.Popen(
                    " ".join(cmd),
                    shell=True,
                    stdout=subprocess.PIPE,
                    stderr=subprocess.STDOUT,
                    universal_newlines=True,
                    startupinfo=self.keydistObject.startupinfo,
                    creationflags=self.keydistObject.creationflags,
                )
            else:
                ssh = subprocess.Popen(
                    cmd,
                    shell=False,
                    stdout=subprocess.PIPE,
                    stderr=subprocess.STDOUT,
                    stdin=subprocess.PIPE,
                    universal_newlines=True,
                    startupinfo=self.keydistObject.startupinfo,
                    creationflags=self.keydistObject.creationflags,
                )
            stdout, stderr = ssh.communicate("quit\n\n")

            logger.debug("passwordAuth.testAuth: stdout of ssh command: " + str(stdout))
            logger.debug("passwordAuth.testAuth: stderr of ssh command: " + str(stderr))

            if ssh.returncode == 0:
                auth = True
            else:
                auth = False
        except Exception as e:
            import traceback

            logger.debug("passwordAuth.testAuth raised an exception %s" % e)
            logger.debug(traceback.format_exc())
            raise e

        return auth