def __init__(self, **kwargs):
Protocol.__init__(self, **kwargs)
self.client = None
self.shell = None
self.cancel = False
# Since each protocol may be created in it's own thread, we must
# re-initialize the random number generator to make sure that
# child threads have no way of guessing the numbers of the parent.
# If we don't, PyCrypto generates an error message for security
# reasons.
try:
Crypto.Random.atfork()
except AttributeError:
# pycrypto versions that have no "Random" module also do not
# detect the missing atfork() call, so they do not raise.
pass
# Paramiko client stuff.
self._system_host_keys = paramiko.HostKeys()
self._host_keys = paramiko.HostKeys()
self._host_keys_filename = None
if self.verify_fingerprint:
self._missing_host_key = self._reject_host_key
else:
self._missing_host_key = self._add_host_key
def test_save(self):
hostdict = paramiko.HostKeys('hostfile.temp')
self.assertEqual(2,len(hostdict))
hh = '|1|BMsIC6cUIP2zBuXR3t2LRcJYjzM=|hpkJMysjTk/+zzUUzxQEa2ieq6c='
key = paramiko.RSAKey(data=decodebytes(keyblob))
hostdict.add(hh, 'ssh-rsa', key)
hostdict.save('hostfile.temp')
hostdict2 = paramiko.HostKeys('hostfile.temp')
self.assertEqual(3,len(hostdict2))
x = hostdict['foo.example.com']
fp = hexlify(x['ssh-rsa'].get_fingerprint()).upper()
self.assertEqual(b'7EC91BB336CB6D810B124B1353C32396', fp)
def test_5_dict(self):
hostdict = paramiko.HostKeys('hostfile.temp')
self.assertTrue('secure.example.com' in hostdict)
self.assertTrue(hostdict.clear_host('secure.example.com'))
self.assertTrue('secure.example.com' not in hostdict)
self.assertFalse(hostdict.clear_host('secure.example.com'))
hostdict = paramiko.HostKeys('hostfile.temp')
self.assertTrue('secure.example.com' in hostdict)
hostdict.clear_host('secure.example.com')
hostdict.save('hostfile.temp')
hostdict.load('hostfile.temp')
self.assertTrue('secure.example.com' not in hostdict)
def test_1_load(self):
try:
badhost = paramiko.HostKeys('badfile.temp')
except IOError:
pass
else:
assert False, "Attempted to open a file which does not exist"
hostdict = paramiko.HostKeys('hostfile.temp')
self.assertEqual(2, len(hostdict))
self.assertEqual(1, len(list(hostdict.values())[0]))
self.assertEqual(1, len(list(hostdict.values())[1]))
fp = hexlify(hostdict['secure.example.com']['ssh-rsa'].get_fingerprint()).upper()
self.assertEqual(b'E6684DB30E109B67B70FF1DC5C7F1363', fp)
def test_1_load(self):
hostdict = paramiko.HostKeys('hostfile.temp')
self.assertEqual(2, len(hostdict))
self.assertEqual(1, len(list(hostdict.values())[0]))
self.assertEqual(1, len(list(hostdict.values())[1]))
fp = hexlify(hostdict['secure.example.com']['ssh-rsa'].get_fingerprint()).upper()
self.assertEqual(b'E6684DB30E109B67B70FF1DC5C7F1363', fp)
def __init__(self, device_handler):
capabilities = Capabilities(device_handler.get_capabilities())
Session.__init__(self, capabilities)
self._host = None
self._host_keys = paramiko.HostKeys()
self._transport = None
self._connected = False
self._channel = None
self._channel_id = None
self._channel_name = None
self._buffer = StringIO()
# parsing-related, see _parse()
self._device_handler = device_handler
self._parsing_state10 = 0
self._parsing_pos10 = 0
self._parsing_pos11 = 0
self._parsing_state11 = 0
self._expchunksize = 0
self._curchunksize = 0
self._inendpos = 0
self._size_num_list = []
self._message_list = []
self._closing = threading.Event()
self.logger = SessionLoggerAdapter(logger, {'session': self})
def __init__(self):
'''
initialize
'''
self.__t = None
self.__chan = None
self.__sock = None
self.__temp_buf = ""
Thread.__init__(self)
self.setDaemon(True)
self.__host_keys = paramiko.HostKeys()
self.__wait_resp = Event()
self.__wait_resp.clear()
self.__wait_rept = Event()
self.__wait_rept.clear()
self.__response_buffer = ""
self.__hello_buffer = ""
self.__session_id = None
self.__isCOMPLD = False
self.__error_message = ""
self.__isOpen = False
self.__send_data = ""
self.__protocol_ver = "1.0"
self.__notification_list = []
self.__wait_string = ("", {})
self.__host_name = ""
self.__exp_protocol_version = ""
self.__notification_list_print = []
def test_wrong_number_of_fields(self):
"""
hostdict should not have any entries if the number of fields is incorrect
"""
hostdict = paramiko.HostKeys('broken_hostfile.temp')
self.assertEqual(0, len(hostdict))
"""
def test_load(self):
hostdict = paramiko.HostKeys("hostfile.temp")
self.assertEqual(2, len(hostdict))
self.assertEqual(1, len(list(hostdict.values())[0]))
self.assertEqual(1, len(list(hostdict.values())[1]))
fp = hexlify(hostdict["secure.example.com"]
["ssh-rsa"].get_fingerprint()).upper()
self.assertEqual(b"E6684DB30E109B67B70FF1DC5C7F1363", fp)
def test_clear(self):
hostdict = paramiko.HostKeys()
hh = '|1|BMsIC6cUIP2zBuXR3t2LRcJYjzM=|hpkJMysjTk/+zzUUzxQEa2ieq6c='
key = paramiko.RSAKey(data=decodebytes(keyblob))
hostdict.add(hh, 'ssh-rsa', key)
self.assertEqual(1, len(list(hostdict)))
hostdict.clear()
self.assertEqual(0, len(list(hostdict)))
def __init__(self, capabilities):
Session.__init__(self, capabilities)
self._host_keys = paramiko.HostKeys()
self._transport = None
self._connected = False
self._channel = None
self._buffer = StringIO() # for incoming data
# parsing-related, see _parse()
self._parsing_state = 0
self._parsing_pos = 0
def test_add(self):
hostdict = paramiko.HostKeys("hostfile.temp")
hh = "|1|BMsIC6cUIP2zBuXR3t2LRcJYjzM=|hpkJMysjTk/+zzUUzxQEa2ieq6c="
key = paramiko.RSAKey(data=decodebytes(keyblob))
hostdict.add(hh, "ssh-rsa", key)
self.assertEqual(3, len(list(hostdict)))
x = hostdict["foo.example.com"]
fp = hexlify(x["ssh-rsa"].get_fingerprint()).upper()
self.assertEqual(b"7EC91BB336CB6D810B124B1353C32396", fp)
self.assertTrue(hostdict.check("foo.example.com", key))
def test_delitem(self):
hostdict = paramiko.HostKeys('hostfile.temp')
target = 'happy.example.com'
entry = hostdict[target] # will KeyError if not present
del hostdict[target]
try:
entry = hostdict[target]
except KeyError:
pass # Good
else:
assert False, "Entry was not deleted from HostKeys on delitem!"
def SunucuKomut():
keyayarlari = paramiko.HostKeys()
keyayarlari.load("/home/aloneft/.ssh/id_rsa")
keyayarlari.lookup("server IP")
t = paramiko.Transport("server IP")
t = paramiko.Transport(("server IP"))
t.start_client()
host_key = t.get_remote_server_key()
keyayarlari.add("server IP", host_key.get_name(), host_key())
keyayarlari.save("/home/aloneft/Desktop/known_hosts")
istemci.load_system_host_keys()
test = istemci.connect("server IP" , port = 22, username = "******" , password = "******" )
def check_ssh(opts, args):
try:
server_name = args.pop(0)
except IndexError:
raise Result(nagios.NAGIOS_STATUS_WTF,
'You must provide a hostname.')
try:
hosts = paramiko.HostKeys(filename=opts.known_hosts_file)
except IOError, detail:
raise Result(nagios.NAGIOS_STATUS_WTF,
'%s: %s' % (opts.known_hosts_file, detail.strerror))
def send() -> None:
"""Main entry point for send command.
Sends all curated files to the remote FTP server.
"""
# Load curation files objects
trembl_files = TrEMBLFiles()
new_files = NewFiles()
pep_files = PepFiles()
sub_files = SubFiles()
logfiles = LogFiles()
pid_files = PidFiles()
seq_files = SeqFiles()
# Load FTP credentials
try:
remote_server = os.environ["REMOTE_SERVER"]
remote_user = os.environ["REMOTE_USER"]
remote_key = os.environ["REMOTE_KEY"]
known_hosts = os.environ["KNOWN_HOSTS"]
except KeyError as err:
raise click.ClickException(
f"Could not detect an environment variable for {err}s.")
# Create SFTP connection and do the transfers
try:
key = paramiko.Ed25519Key.from_private_key_file(remote_key)
except FileNotFoundError as err:
raise click.ClickException(
f"There was a problem loading the remote key file, please check your configuration:\n{err}"
)
try:
hostkeys = paramiko.HostKeys(filename=known_hosts)
hkey = hostkeys[remote_server]["ecdsa-sha2-nistp256"]
except FileNotFoundError as err:
raise click.ClickException(
f"There was a problem loading the known hosts file, please check your configuration:\n{err}"
)
except KeyError as err:
raise click.ClickException(
f"Host {str(err)} not found in known_hosts file.")
transport = paramiko.Transport((remote_server, 22))
transport.connect(username=remote_user, pkey=key, hostkey=hkey)
with paramiko.SFTPClient.from_transport(transport) as sftp:
new_entries = [trembl_files, new_files, pep_files, sub_files]
_send_new_entries(new_entries, sftp)
for updates in [logfiles, pid_files, seq_files]:
_send_updates(updates, sftp)
transport.close()
def test_3_dict(self):
hostdict = paramiko.HostKeys('hostfile.temp')
self.assert_('secure.example.com' in hostdict)
self.assert_('not.example.com' not in hostdict)
self.assert_(hostdict.has_key('secure.example.com'))
self.assert_(not hostdict.has_key('not.example.com'))
x = hostdict.get('secure.example.com', None)
self.assert_(x is not None)
fp = hexlify(x['ssh-rsa'].get_fingerprint()).upper()
self.assertEquals('E6684DB30E109B67B70FF1DC5C7F1363', fp)
i = 0
for key in hostdict:
i += 1
self.assertEquals(2, i)
def test_dict(self):
hostdict = paramiko.HostKeys("hostfile.temp")
self.assertTrue("secure.example.com" in hostdict)
self.assertTrue("not.example.com" not in hostdict)
self.assertTrue("secure.example.com" in hostdict)
self.assertTrue("not.example.com" not in hostdict)
x = hostdict.get("secure.example.com", None)
self.assertTrue(x is not None)
fp = hexlify(x["ssh-rsa"].get_fingerprint()).upper()
self.assertEqual(b"E6684DB30E109B67B70FF1DC5C7F1363", fp)
i = 0
for key in hostdict:
i += 1
self.assertEqual(2, i)
def __init__(self, device_handler):
capabilities = Capabilities(device_handler.get_capabilities())
Session.__init__(self, capabilities)
self._host_keys = paramiko.HostKeys()
self._transport = None
self._connected = False
self._channel = None
self._channel_id = None
self._channel_name = None
self._buffer = StringIO() # for incoming data
# parsing-related, see _parse()
self._parsing_state = 0
self._parsing_pos = 0
self._device_handler = device_handler
def test_entry_delitem(self):
hostdict = paramiko.HostKeys('hostfile.temp')
target = 'happy.example.com'
entry = hostdict[target]
key_type_list = [key_type for key_type in entry]
for key_type in key_type_list:
del entry[key_type]
# will KeyError if not present
for key_type in key_type_list:
try:
del entry[key_type]
except KeyError:
pass # Good
else:
assert False, "Key was not deleted from Entry on delitem!"
def update_kh(vm, vm_dns):
# print("in create_vm")
# wait for sshd
# we can do this or just use while loop below
# until we get the connection
# time.sleep(5)
# for vm in vm_dns:
# print(vm)
paramiko.util.log_to_file("aws_ssh.log")
kh = os.path.expanduser(os.path.join("~", ".ssh", "known_hosts"))
while True:
try:
t = paramiko.Transport(vm, 22)
t.connect()
except ssh_exception.SSHException:
# this will print a lot without the above time.sleep
# print("problem with ssh connection to " + vm)
continue
else:
print("connected to " + vm + "\n")
try:
key = t.get_remote_server_key()
print("got host key from " + vm + "\n")
except ssh_exception.SSHException:
print("failed to get host key from " + vm + "\n")
continue
else:
t.close()
print("connected closed with " + vm + "\n")
try:
hostfile = paramiko.HostKeys(filename=kh)
except paramiko.hostkeys.HostKeyEntry.InvalidHostKey:
pass
else:
hostfile.add(hostname=vm, key=key, keytype=key.get_name())
hostfile.save(filename=kh)
print("added " + vm + " to " + kh + "\n")
break
def __init__(self, device_handler):
capabilities = Capabilities(device_handler.get_capabilities())
Session.__init__(self, capabilities)
self._host = None
self._host_keys = paramiko.HostKeys()
self._transport = None
self._connected = False
self._channel = None
self._channel_id = None
self._channel_name = None
self._buffer = StringIO()
self._device_handler = device_handler
self._message_list = []
self._closing = threading.Event()
self.parser = DefaultXMLParser(self) # SAX or DOM parser
self.logger = SessionLoggerAdapter(logger, {'session': self})
def test_4_dict_set(self):
hostdict = paramiko.HostKeys('hostfile.temp')
key = paramiko.RSAKey(data=base64.decodestring(keyblob))
key_dss = paramiko.DSSKey(data=base64.decodestring(keyblob_dss))
hostdict['secure.example.com'] = {'ssh-rsa': key, 'ssh-dss': key_dss}
hostdict['fake.example.com'] = {}
hostdict['fake.example.com']['ssh-rsa'] = key
self.assertEquals(3, len(hostdict))
self.assertEquals(2, len(hostdict.values()[0]))
self.assertEquals(1, len(hostdict.values()[1]))
self.assertEquals(1, len(hostdict.values()[2]))
fp = hexlify(hostdict['secure.example.com']
['ssh-rsa'].get_fingerprint()).upper()
self.assertEquals('7EC91BB336CB6D810B124B1353C32396', fp)
fp = hexlify(hostdict['secure.example.com']
['ssh-dss'].get_fingerprint()).upper()
self.assertEquals('4478F0B9A23CC5182009FF755BC1D26C', fp)
def test_dict_set(self):
hostdict = paramiko.HostKeys("hostfile.temp")
key = paramiko.RSAKey(data=decodebytes(keyblob))
key_dss = paramiko.DSSKey(data=decodebytes(keyblob_dss))
hostdict["secure.example.com"] = {"ssh-rsa": key, "ssh-dss": key_dss}
hostdict["fake.example.com"] = {}
hostdict["fake.example.com"]["ssh-rsa"] = key
self.assertEqual(3, len(hostdict))
self.assertEqual(2, len(list(hostdict.values())[0]))
self.assertEqual(1, len(list(hostdict.values())[1]))
self.assertEqual(1, len(list(hostdict.values())[2]))
fp = hexlify(hostdict["secure.example.com"]
["ssh-rsa"].get_fingerprint()).upper()
self.assertEqual(b"7EC91BB336CB6D810B124B1353C32396", fp)
fp = hexlify(hostdict["secure.example.com"]
["ssh-dss"].get_fingerprint()).upper()
self.assertEqual(b"4478F0B9A23CC5182009FF755BC1D26C", fp)
def test_connect_wrong_input(self, stdout_mock, input_mock):
key_io = StringIO("""-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACB69SvZKJh/9VgSL0G27b5xVYa8nethH3IERbi0YqJDXwAAAKhjwAdrY8AH
awAAAAtzc2gtZWQyNTUxOQAAACB69SvZKJh/9VgSL0G27b5xVYa8nethH3IERbi0YqJDXw
AAAEA9tGQi2IrprbOSbDCF+RmAHd6meNSXBUQ2ekKXm4/8xnr1K9komH/1WBIvQbbtvnFV
hryd62EfcgRFuLRiokNfAAAAI2FsZXhfZ2F5bm9yQEFsZXhzLU1hY0Jvb2stQWlyLmxvY2
FsAQI=
-----END OPENSSH PRIVATE KEY-----""")
key = paramiko.Ed25519Key.from_private_key(key_io)
hostname = "0.0.0.0"
key_type = key.get_name().replace("ssh-", "").upper()
inputs = ["asd", "yes", "yoo", "no"]
input_mock.side_effect = inputs
ssh_connection = SSHConnection(hostname=hostname,
known_hosts_file=self.known_hosts_file)
ssh_connection._socket = paramiko.SSHClient()
with self.assertLogs("gvm.connections", level="INFO") as cm:
hostkeys = paramiko.HostKeys(filename=self.known_hosts_file)
ssh_connection._ssh_authentication_input_loop(hostkeys=hostkeys,
key=key)
ret = stdout_mock.getvalue()
self.assertEqual(
cm.output,
[
"INFO:gvm.connections:Warning: "
f"Host '{hostname}' ({key_type}) not added to "
"the list of known hosts."
],
)
self.assertEqual(
ret,
f"The authenticity of host '{hostname}' can't be established.\n"
f"{key_type} key fingerprint is "
"J6VESFdD3xSChn8y9PzWzeF+1tl892mOy2TqkMLO4ow.\n"
"Are you sure you want to continue connecting (yes/no)? "
"Please type 'yes' or 'no': "
"Do you want to add 0.0.0.0 to known_hosts (yes/no)? "
"Please type 'yes' or 'no': ",
)
def test_connect_adding_and_dont_save_hostkey(self, input_mock):
key_io = StringIO("""-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACB69SvZKJh/9VgSL0G27b5xVYa8nethH3IERbi0YqJDXwAAAKhjwAdrY8AH
awAAAAtzc2gtZWQyNTUxOQAAACB69SvZKJh/9VgSL0G27b5xVYa8nethH3IERbi0YqJDXw
AAAEA9tGQi2IrprbOSbDCF+RmAHd6meNSXBUQ2ekKXm4/8xnr1K9komH/1WBIvQbbtvnFV
hryd62EfcgRFuLRiokNfAAAAI2FsZXhfZ2F5bm9yQEFsZXhzLU1hY0Jvb2stQWlyLmxvY2
FsAQI=
-----END OPENSSH PRIVATE KEY-----""")
key = paramiko.Ed25519Key.from_private_key(key_io)
key_type = key.get_name().replace("ssh-", "").upper()
hostname = "0.0.0.0"
input_mock.side_effect = ["yes", "no"]
ssh_connection = SSHConnection(hostname=hostname,
known_hosts_file=self.known_hosts_file)
ssh_connection._socket = paramiko.SSHClient()
keys = self.known_hosts_file.read_text(encoding="utf-8")
self.assertEqual(
keys,
"127.0.0.1 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBOZWi"
"fs+DoMqIa5Nr0wiVrzQNpMbUwaLzuSTN6rNrYA\n",
)
with self.assertLogs("gvm.connections", level="INFO") as cm:
hostkeys = paramiko.HostKeys(filename=self.known_hosts_file)
ssh_connection._ssh_authentication_input_loop(hostkeys=hostkeys,
key=key)
keys = self.known_hosts_file.read_text(encoding="utf-8")
self.assertEqual(
cm.output,
[
"INFO:gvm.connections:Warning: "
f"Host '{hostname}' ({key_type}) not added to "
"the list of known hosts."
],
)
self.assertEqual(
keys,
"127.0.0.1 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBOZWi"
"fs+DoMqIa5Nr0wiVrzQNpMbUwaLzuSTN6rNrYA\n",
)
def __init__(self, device_handler):
capabilities = Capabilities(device_handler.get_capabilities())
Session.__init__(self, capabilities)
self._host_keys = paramiko.HostKeys()
self._transport = None
self._connected = False
self._channel = None
self._channel_id = None
self._channel_name = None
self._buffer = StringIO() # for incoming data
# parsing-related, see _parse()
self._device_handler = device_handler
self._parsing_state10 = 0
self._parsing_pos10 = 0
self._parsing_pos11 = 0
self._parsing_state11 = 0
self._expchunksize = 0
self._curchunksize = 0
self._inendpos = 0
self._size_num_list = []
self._message_list = []
def test_user_denies_auth(self, input_mock):
key_io = StringIO("""-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACB69SvZKJh/9VgSL0G27b5xVYa8nethH3IERbi0YqJDXwAAAKhjwAdrY8AH
awAAAAtzc2gtZWQyNTUxOQAAACB69SvZKJh/9VgSL0G27b5xVYa8nethH3IERbi0YqJDXw
AAAEA9tGQi2IrprbOSbDCF+RmAHd6meNSXBUQ2ekKXm4/8xnr1K9komH/1WBIvQbbtvnFV
hryd62EfcgRFuLRiokNfAAAAI2FsZXhfZ2F5bm9yQEFsZXhzLU1hY0Jvb2stQWlyLmxvY2
FsAQI=
-----END OPENSSH PRIVATE KEY-----""")
key = paramiko.Ed25519Key.from_private_key(key_io)
hostname = "0.0.0.0"
input_mock.return_value = "no"
ssh_connection = SSHConnection(hostname=hostname,
known_hosts_file=self.known_hosts_file)
ssh_connection._socket = paramiko.SSHClient()
with self.assertRaises(
SystemExit,
msg="User denied key. Host key verification failed."):
hostkeys = paramiko.HostKeys(filename=self.known_hosts_file)
ssh_connection._ssh_authentication_input_loop(hostkeys=hostkeys,
key=key)
parser = argparse.ArgumentParser()
parser.add_argument('host', action='store', help='host to connect to')
parser.add_argument('-p',
'--port',
action='store',
dest='port',
default='22',
help='port to connect to')
parser.add_argument('--known_hosts',
action='store',
dest='known_hosts',
default='~/.ssh/known_hosts',
help='known_hosts file')
args = parser.parse_args()
host = args.host
port = args.port
known_hosts = os.path.expanduser(args.known_hosts)
transport = paramiko.Transport(host, port)
transport.connect()
key = transport.get_remote_server_key()
print(key.get_base64())
transport.close()
hostfile = paramiko.HostKeys(filename=known_hosts)
hostfile.add(hostname=host, key=key, keytype=key.get_name())
hostfile.save(filename=known_hosts)
def __init__(self,
local_path,
remote_url,
identity_files=None,
port=None,
fix_symlinks=False,
ssh_config_path=None,
ssh_agent=False,
exclude_file=None,
known_hosts_path=None,
delete=True,
allow_unknown=False):
"""Init the needed parameters and the SFTPClient."""
self.local_path = os.path.realpath(os.path.expanduser(local_path))
self.logger = logger or configure_logging()
if not os.path.exists(self.local_path):
self.logger.error("Local path MUST exist. Exiting.")
sys.exit(1)
if exclude_file:
with open(exclude_file) as f:
# As in rsync's exclude from, ignore lines with leading ; and #
# and treat each path as relative (thus by removing the leading
# /)
exclude_list = [
line.rstrip().lstrip("/") for line in f
if not line.startswith((";", "#"))
]
# actually, is a set of excluded files
self.exclude_list = {
g
for pattern in exclude_list
for g in glob.glob(path_join(self.local_path, pattern))
}
else:
self.exclude_list = set()
username, password, hostname, self.remote_path = parse_username_password_hostname(
remote_url)
identity_files = identity_files or []
proxy_command = None
if ssh_config_path:
try:
with open(os.path.expanduser(ssh_config_path)) as c_file:
ssh_config = paramiko.SSHConfig()
ssh_config.parse(c_file)
c = ssh_config.lookup(hostname)
hostname = c.get("hostname", hostname)
username = c.get("user", username)
port = int(c.get("port", port))
identity_files = c.get("identityfile", identity_files)
proxy_command = c.get("proxycommand")
except Exception as e:
# it could be safe to continue anyway,
# because parameters could have been manually specified
self.logger.error(
"Error while parsing ssh_config file: %s. Trying to continue anyway...",
e)
# Set default values
if not username:
username = getuser() # defaults to current user
port = port or 22
allow_unknown = allow_unknown or False
self.chown = False
self.fix_symlinks = fix_symlinks or False
self.delete = delete if delete is not None else True
if ssh_agent:
agent, agent_keys = get_ssh_agent_keys(self.logger)
else:
agent, agent_keys = None, None
if not identity_files and not password and not agent_keys:
self.logger.error(
"You need to specify either a password, an identity or to enable the ssh-agent support."
)
sys.exit(1)
# only root can change file owner
if username == 'root':
self.chown = True
sock = (hostname, port)
if proxy_command is not None:
sock = paramiko.proxy.ProxyCommand(proxy_command)
try:
transport = paramiko.Transport(sock)
except socket.gaierror:
self.logger.error(
"Hostname not known. Are you sure you inserted it correctly?")
sys.exit(1)
try:
ssh_host = hostname if port == 22 else "[{}]:{}".format(
hostname, port)
known_hosts = None
"""
Before starting the transport session, we have to configure it.
Specifically, we need to configure the preferred PK algorithm.
If the system already knows a public key of a specific kind for
a remote host, we have to peek its type as the preferred one.
"""
if known_hosts_path:
known_hosts = paramiko.HostKeys()
known_hosts_path = os.path.realpath(
os.path.expanduser(known_hosts_path))
try:
known_hosts.load(known_hosts_path)
except IOError:
self.logger.error(
"Error while loading known hosts file at {}. Exiting..."
.format(known_hosts_path))
sys.exit(1)
known_keys = known_hosts.lookup(ssh_host)
if known_keys is not None:
# one or more keys are already known
# set their type as preferred
transport.get_security_options().key_types = \
tuple(known_keys.keys())
transport.start_client()
if not known_hosts:
self.logger.warning(
"Security warning: skipping known hosts check...")
else:
pubk = transport.get_remote_server_key()
if ssh_host in known_hosts.keys():
if not known_hosts.check(ssh_host, pubk):
self.logger.error(
"Security warning: "
"remote key fingerprint {} for hostname "
"{} didn't match the one in known_hosts {}. "
"Exiting...".format(
pubk.get_base64(),
ssh_host,
known_hosts.lookup(hostname),
))
sys.exit(1)
elif not allow_unknown:
prompt = (
"The authenticity of host '{}' can't be established.\n"
"{} key is {}.\n"
"Are you sure you want to continue connecting? [y/n] "
).format(ssh_host, pubk.get_name(), pubk.get_base64())
try:
# Renamed to `input` in Python 3.x
response = raw_input(prompt)
except NameError:
response = input(prompt)
# Note: we do not modify the user's known_hosts file
if not (response == "y" or response == "yes"):
self.logger.error("Host authentication failed.")
sys.exit(1)
def perform_key_auth(pkey):
try:
transport.auth_publickey(username=username, key=pkey)
return True
except paramiko.SSHException:
self.logger.warning(
"Authentication with identity {}... failed".format(
pkey.get_base64()[:10]))
return False
if password: # Password auth, if specified.
transport.auth_password(username=username, password=password)
elif agent_keys: # SSH agent keys have higher priority
for pkey in agent_keys:
if perform_key_auth(pkey):
break # Authentication worked.
else: # None of the keys worked.
raise paramiko.SSHException
elif identity_files: # Then follow identity file (specified from CL or ssh_config)
# Try identity files one by one, until one works
for key_path in identity_files:
key_path = os.path.expanduser(key_path)
try:
key = paramiko.RSAKey.from_private_key_file(key_path)
except paramiko.PasswordRequiredException:
pk_password = getpass(
"It seems that your identity from '{}' is encrypted. "
"Please enter your password: "******"Incorrect passphrase. Cannot decode private key from '{}'."
.format(key_path))
continue
except IOError or paramiko.SSHException:
self.logger.error(
"Something went wrong while opening '{}'. Skipping it."
.format(key_path))
continue
if perform_key_auth(key):
break # Authentication worked.
else: # None of the keys worked.
raise paramiko.SSHException
else: # No authentication method specified, we shouldn't arrive here.
assert False
except paramiko.SSHException:
self.logger.error(
"None of the provided authentication methods worked. Exiting.")
transport.close()
sys.exit(1)
finally:
if agent:
agent.close()
self.sftp = paramiko.SFTPClient.from_transport(transport)
if self.remote_path.startswith("~"):
# nasty hack to let getcwd work without changing dir!
self.sftp.chdir('.')
self.remote_path = self.remote_path.replace(
"~", self.sftp.getcwd()) # home is the initial sftp dir
