def buildProtocol(self, addr): """ Create an instance of the server side of the SSH protocol. @type addr: L{twisted.internet.interfaces.IAddress} provider @param addr: The address at which the server will listen. @rtype: L{cowrie.ssh.transport.HoneyPotSSHTransport} @return: The built transport. """ _modulis = '/etc/ssh/moduli', '/private/etc/moduli' t = transport.HoneyPotSSHTransport() try: t.ourVersionString = self.cfg.get('ssh', 'version').encode('ascii') except: t.ourVersionString = b"SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2" t.supportedPublicKeys = list(self.privateKeys.keys()) for _moduli in _modulis: try: self.primes = primes.parseModuliFile(_moduli) break except IOError as err: pass if not self.primes: ske = t.supportedKeyExchanges[:] if b'diffie-hellman-group-exchange-sha1' in ske: ske.remove(b'diffie-hellman-group-exchange-sha1') log.msg("No moduli, no diffie-hellman-group-exchange-sha1") if b'diffie-hellman-group-exchange-sha256' in ske: ske.remove(b'diffie-hellman-group-exchange-sha256') log.msg("No moduli, no diffie-hellman-group-exchange-sha256") t.supportedKeyExchanges = ske # Reorder supported ciphers to resemble current openssh more t.supportedCiphers = [ b'aes128-ctr', b'aes192-ctr', b'aes256-ctr', b'aes128-cbc', b'3des-cbc', b'blowfish-cbc', b'cast128-cbc', b'aes192-cbc', b'aes256-cbc' ] t.supportedPublicKeys = [b'ssh-rsa', b'ssh-dss'] t.supportedMACs = [b'hmac-md5', b'hmac-sha1'] t.supportedCompressions = [b'*****@*****.**', b'zlib', b'none'] t.factory = self return t
def buildProtocol(self, addr): """ Create an instance of the server side of the SSH protocol. @type addr: L{twisted.internet.interfaces.IAddress} provider @param addr: The address at which the server will listen. @rtype: L{cowrie.ssh.transport.HoneyPotSSHTransport} @return: The built transport. """ t = transport.HoneyPotSSHTransport() t.ourVersionString = self.ourVersionString t.supportedPublicKeys = list(self.privateKeys.keys()) if not self.primes: ske = t.supportedKeyExchanges[:] if b'diffie-hellman-group-exchange-sha1' in ske: ske.remove(b'diffie-hellman-group-exchange-sha1') log.msg("No moduli, no diffie-hellman-group-exchange-sha1") if b'diffie-hellman-group-exchange-sha256' in ske: ske.remove(b'diffie-hellman-group-exchange-sha256') log.msg("No moduli, no diffie-hellman-group-exchange-sha256") t.supportedKeyExchanges = ske # Reorder supported ciphers to resemble current openssh more t.supportedCiphers = [ b'aes128-ctr', b'aes192-ctr', b'aes256-ctr', b'aes128-cbc', b'3des-cbc', b'blowfish-cbc', b'cast128-cbc', b'aes192-cbc', b'aes256-cbc' ] t.supportedPublicKeys = [b'ssh-rsa', b'ssh-dss'] t.supportedMACs = [b'hmac-md5', b'hmac-sha1'] t.supportedCompressions = [b'*****@*****.**', b'zlib', b'none'] t.factory = self return t
def buildProtocol(self, addr): """ Create an instance of the server side of the SSH protocol. @type addr: L{twisted.internet.interfaces.IAddress} provider @param addr: The address at which the server will listen. @rtype: L{cowrie.ssh.transport.HoneyPotSSHTransport} @return: The built transport. """ t: transport.SSHServerTransport if self.backend == "proxy": t = proxyTransport.FrontendSSHTransport() else: t = shellTransport.HoneyPotSSHTransport() t.ourVersionString = self.ourVersionString t.supportedPublicKeys = list(self.privateKeys.keys()) if not self.primes: ske = t.supportedKeyExchanges[:] if b"diffie-hellman-group-exchange-sha1" in ske: ske.remove(b"diffie-hellman-group-exchange-sha1") log.msg("No moduli, no diffie-hellman-group-exchange-sha1") if b"diffie-hellman-group-exchange-sha256" in ske: ske.remove(b"diffie-hellman-group-exchange-sha256") log.msg("No moduli, no diffie-hellman-group-exchange-sha256") t.supportedKeyExchanges = ske try: t.supportedCiphers = [ i.encode("utf-8") for i in CowrieConfig.get("ssh", "ciphers").split(",") ] except NoOptionError: # Reorder supported ciphers to resemble current openssh more t.supportedCiphers = [ b"aes128-ctr", b"aes192-ctr", b"aes256-ctr", b"aes256-cbc", b"aes192-cbc", b"aes128-cbc", b"3des-cbc", b"blowfish-cbc", b"cast128-cbc", ] try: t.supportedMACs = [ i.encode("utf-8") for i in CowrieConfig.get("ssh", "macs").split(",") ] except NoOptionError: # SHA1 and MD5 are considered insecure now. Use better algos # like SHA-256 and SHA-384 t.supportedMACs = [ b"hmac-sha2-512", b"hmac-sha2-384", b"hmac-sha2-256", b"hmac-sha1", b"hmac-md5", ] try: t.supportedCompressions = [ i.encode("utf-8") for i in CowrieConfig.get("ssh", "compression").split(",") ] except NoOptionError: t.supportedCompressions = [b"*****@*****.**", b"zlib", b"none"] t.factory = self return t
def buildProtocol(self, addr): """ Create an instance of the server side of the SSH protocol. @type addr: L{twisted.internet.interfaces.IAddress} provider @param addr: The address at which the server will listen. @rtype: L{cowrie.ssh.transport.HoneyPotSSHTransport} @return: The built transport. """ if CowrieConfig().get('honeypot', 'backend', fallback='shell') == 'proxy': t = proxyTransport.FrontendSSHTransport() else: t = shellTransport.HoneyPotSSHTransport() t.ourVersionString = self.ourVersionString t.supportedPublicKeys = list(self.privateKeys.keys()) if not self.primes: ske = t.supportedKeyExchanges[:] if b'diffie-hellman-group-exchange-sha1' in ske: ske.remove(b'diffie-hellman-group-exchange-sha1') log.msg("No moduli, no diffie-hellman-group-exchange-sha1") if b'diffie-hellman-group-exchange-sha256' in ske: ske.remove(b'diffie-hellman-group-exchange-sha256') log.msg("No moduli, no diffie-hellman-group-exchange-sha256") t.supportedKeyExchanges = ske try: t.supportedCiphers = [ i.encode('utf-8') for i in CowrieConfig().get('ssh', 'ciphers').split(',') ] except NoOptionError: # Reorder supported ciphers to resemble current openssh more t.supportedCiphers = [ b'aes128-ctr', b'aes192-ctr', b'aes256-ctr', b'aes256-cbc', b'aes192-cbc', b'aes128-cbc', b'3des-cbc', b'blowfish-cbc', b'cast128-cbc', ] try: t.supportedMACs = [ i.encode('utf-8') for i in CowrieConfig().get('ssh', 'macs').split(',') ] except NoOptionError: # SHA1 and MD5 are considered insecure now. Use better algos # like SHA-256 and SHA-384 t.supportedMACs = [ b'hmac-sha2-512', b'hmac-sha2-384', b'hmac-sha2-256', b'hmac-sha1', b'hmac-md5' ] try: t.supportedCompressions = [ i.encode('utf-8') for i in CowrieConfig().get('ssh', 'compression').split(',') ] except NoOptionError: t.supportedCompressions = [b'*****@*****.**', b'zlib', b'none'] # TODO: Newer versions of SSH will use ECDSA keys too as mentioned # at https://tools.ietf.org/html/draft-miller-ssh-agent-02#section-4.2.2 # # Twisted only supports below two keys t.supportedPublicKeys = [b'ssh-rsa', b'ssh-dss'] t.factory = self return t