def _setup_hostkey(): hostkey = paramiko.RSAKey(filename="test_rsa.key") print('Read key: ' + u(hexlify(hostkey.get_fingerprint()))) return hostkey
class Server(paramiko.ServerInterface): # 'data' is the output of base64.b64encode(key) # (using the "user_rsa_key" files) data = (b'AAAAB3NzaC1yc2EAAAABIwAAAIEAyO4it3fHlmGZWJaGrfeHOVY7RWO3P9M7hp' b'fAu7jJ2d7eothvfeuoRFtJwhUmZDluRdFyhFY/hFAh76PJKGAusIqIQKlkJxMC' b'KDqIexkgHAfID/6mqvmnSJf0b5W8v5h2pI/stOSwTQ+pxVhwJ9ctYDhRSlF0iT' b'UWT10hcuO4Ks8=') good_pub_key = paramiko.RSAKey(data=decodebytes(data)) commands = [ b'$SHELL -ilc "locale charmap"', b'$SHELL -ic "locale charmap"' ] encodings = ['UTF-8', 'GBK', 'UTF-8\r\n', 'GBK\r\n'] def __init__(self, encodings=[]): self.shell_event = threading.Event() self.exec_event = threading.Event() self.cmd_to_enc = self.get_cmd2enc(encodings) self.password_verified = False self.key_verified = False def get_cmd2enc(self, encodings): n = len(self.commands) while len(encodings) < n: encodings.append(random.choice(self.encodings)) return dict(zip(self.commands, encodings[0:n])) def check_channel_request(self, kind, chanid): if kind == 'session': return paramiko.OPEN_SUCCEEDED return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED def check_auth_password(self, username, password): print('Auth attempt with username: {!r} & password: {!r}'.format( username, password)) # noqa if (username in ['robey', 'bar', 'foo']) and (password == 'foo'): return paramiko.AUTH_SUCCESSFUL return paramiko.AUTH_FAILED def check_auth_publickey(self, username, key): print('Auth attempt with username: {!r} & key: {!r}'.format( username, u(hexlify(key.get_fingerprint())))) # noqa if (username in ['robey', 'keyonly']) and (key == self.good_pub_key): return paramiko.AUTH_SUCCESSFUL if username == 'pkey2fa' and key == self.good_pub_key: self.key_verified = True return paramiko.AUTH_PARTIALLY_SUCCESSFUL return paramiko.AUTH_FAILED def check_auth_interactive(self, username, submethods): if username in ['pass2fa', 'pkey2fa']: self.username = username prompt = 'Verification code: ' if self.password_verified else 'Password: '******'', '', prompt) return paramiko.AUTH_FAILED def check_auth_interactive_response(self, responses): if self.username in ['pass2fa', 'pkey2fa']: if not self.password_verified: if responses[0] == 'password': print('password verified') self.password_verified = True if self.username == 'pkey2fa': return self.check_auth_interactive(self.username, '') else: print('wrong password: {}'.format(responses[0])) return paramiko.AUTH_FAILED else: if responses[0] == 'passcode': print('totp verified') return paramiko.AUTH_SUCCESSFUL else: print('wrong totp: {}'.format(responses[0])) return paramiko.AUTH_FAILED else: return paramiko.AUTH_FAILED def get_allowed_auths(self, username): if username == 'keyonly': return 'publickey' if username == 'pass2fa': return 'keyboard-interactive' if username == 'pkey2fa': if not self.key_verified: return 'publickey' else: return 'keyboard-interactive' return 'password,publickey' def check_channel_exec_request(self, channel, command): if command not in self.commands: ret = False else: ret = True self.encoding = self.cmd_to_enc[command] channel.send(self.encoding) channel.shutdown(1) self.exec_event.set() return ret def check_channel_shell_request(self, channel): self.shell_event.set() return True def check_channel_pty_request(self, channel, term, width, height, pixelwidth, pixelheight, modes): return True def check_channel_window_change_request(self, channel, width, height, pixelwidth, pixelheight): channel.send('resized') return True
def host_key(self): if not os.path.isfile(self.host_key_path): self.gen_host_key() return paramiko.RSAKey(filename=self.host_key_path)
import socket import paramiko import threading import sys host_key = paramiko.RSAKey(filename='id_rsa') class Server(paramiko.ServerInterface): def __init__(self): self.event = threading.Event() def check_channel_request(self, kind, chanid): if kind == 'session': return paramiko.OPEN_SUCCEEDED return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED def check_auth_password(self, username, password): if (username == 'vagrant') and (password == 'vagrant'): return paramiko.AUTH_SUCCESSFUL return paramiko.AUTH_FAILED server = sys.argv[1] ssh_port = int(sys.argv[2]) try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) sock.bind((server, ssh_port)) sock.listen(100)
import base64 from binascii import hexlify import os import socket import sys import threading import traceback import paramiko from paramiko.py3compat import b, u, decodebytes # setup logging paramiko.util.log_to_file('demo_server.log') host_key = paramiko.RSAKey(filename='host.key') #host_key = paramiko.DSSKey(filename='test_dss.key') print('Read key: ' + u(hexlify(host_key.get_fingerprint()))) class Server(paramiko.ServerInterface): # 'data' is the output of base64.b64encode(key) # (using the "user_rsa_key" files) data = ( b'AAAAB3NzaC1yc2EAAAADAQABAAACAQDQzL0E/aSxNtAhx6Jsn5Q9hkTiPnFWxo+gbf9YlPTzc9BxqH/ovatWkWXRhrI+bbMVwVVGJF/wvr0PAZ2HJhrTa6EteL/eyzdO5c4s+cW4jlmfmtb826ylKKVR056S5DfSiWqAcU7qg9m2FNnC6Uaerje3lWkB/MhpP6/+6/s2ytnfYu7EGIRz1FLGO+9V+OB3ep3mwUHTFrvji9zSWs5ssOpaxAi6KLCBgKvHsuOQ00KezRJORv7xTPmFnZOk4QISqGmWLPo0KThNCfPCHS7rTMehvywHOuSOVrGDik7xWTS6i6b5KOIJIn0JTMa+RXn+qcgBsMWZRxwJcLDN2fVK7n7bLQYWhSH/4lQpEcbnMVDFI76dUpXt3YMGZ+M8wZ9Tg4xmmABmws1bF8asfUwBvKvrhGJmBSBIQBAbzOT+NM3jEmgmkYUGJofFAimI9OsPp0CO0mc9vz2gw8/b1JAfVt//ZandX4bG0GBSWFMz0QUREOwV2fnJah7MfpG7D5IiiSE33W580Osw3vF9AAh3yjCN/ZIjpkA7SifGiEhL0bCXrCq4UPuOW1/gjed4QiY/OK0EJO8ZS5nKhpis74H3evZePQPX/p/Ju0h9QEFv80MvqI/J0QWuF4jBUYEuXZFPEJdE4t71F/eY2wsI9vwxRxmSzPtYCFOnpx19gV3wVw==' ) good_pub_key = paramiko.RSAKey(data=decodebytes(data)) def __init__(self, transport): self.event = threading.Event()
#!/usr/bin/env python2.7 import socket, sys, threading import paramiko if sys.version_info.major == 2: import thread #generate keys with 'ssh-keygen -t rsa -f server.key' HOST_KEY = paramiko.RSAKey(filename='server.key') SSH_PORT = 2222 LOGFILE = 'logins.txt' #File to log the user:password combinations to LOGFILE_LOCK = threading.Lock() class SSHServerHandler(paramiko.ServerInterface): def __init__(self): self.event = threading.Event() def check_auth_password(self, username, password): LOGFILE_LOCK.acquire() try: logfile_handle = open(LOGFILE, "a") print("New login: "******":" + password) logfile_handle.write(username + ":" + password + "\n") logfile_handle.close() finally: LOGFILE_LOCK.release() return paramiko.AUTH_FAILED def get_allowed_auths(self, username): return 'password'
def run(self): oSocketConnection, address = self.oSocket.accept() self.connectionID = '%s:%d-%s:%d' % (self.oSocket.getsockname() + address) oSocketConnection.settimeout(self.options.timeout) self.oOutput.LineTimestamped('%s connection' % self.connectionID) dListener = dListeners[self.oSocket.getsockname()[1]] if THP_REFERENCE in dListener: dListener = dListeners[dListener[THP_REFERENCE]] try: oSSLConnection = None oSSLContext = dListener.get(THP_SSLCONTEXT, None) oSSHConnection = None oSSHFile = None if oSSLContext != None: oSSLConnection = oSSLContext.wrap_socket(oSocketConnection, server_side=True) self.connection = oSSLConnection elif dListener.get(THP_SSH, None) != None: if ModuleLoaded('paramiko'): if THP_KEYFILE in dListener[THP_SSH]: oRSAKey = paramiko.RSAKey( filename=dListener[THP_SSH][THP_KEYFILE]) else: oRSAKey = paramiko.RSAKey.generate(1024) self.oOutput.LineTimestamped( '%s SSH generated RSA key' % self.connectionID) oTransport = paramiko.Transport(oSocketConnection) if THP_BANNER in dListener[THP_SSH]: oTransport.local_version = dListener[THP_SSH][ THP_BANNER] oTransport.load_server_moduli() oTransport.add_server_key(oRSAKey) oSSHServer = cSSHServer(self.oOutput, self.connectionID) try: oTransport.start_server(server=oSSHServer) except paramiko.SSHException: self.oOutput.LineTimestamped( '%s SSH negotiation failed' % self.connectionID) raise self.oOutput.LineTimestamped( '%s SSH banner %s' % (self.connectionID, oTransport.remote_version)) oSSHConnection = oTransport.accept(20) if oSSHConnection is None: self.oOutput.LineTimestamped('%s SSH no channel' % self.connectionID) raise self.oOutput.LineTimestamped('%s SSH authenticated' % self.connectionID) oSSHServer.oEvent.wait(10) if not oSSHServer.oEvent.is_set(): self.oOutput.LineTimestamped('%s SSH no shell' % self.connectionID) raise self.connection = oSSHConnection oSSHFile = oSSHConnection.makefile('rU') else: self.oOutput.LineTimestamped( '%s can not create SSH server, Python module paramiko missing' % self.connectionID) self.connection = oSocketConnection else: self.connection = oSocketConnection if THP_BANNER in dListener: self.connection.send(ReplaceAliases(dListener[THP_BANNER])) self.oOutput.LineTimestamped('%s send banner' % self.connectionID) for i in range(0, dListener.get(THP_LOOP, 1)): if oSSHFile == None: data = self.connection.recv(self.options.readbuffer) else: data = oSSHFile.readline() self.oOutput.LineTimestamped('%s data %s' % (self.connectionID, repr(data))) for splitdata in SplitIfRequested(dListener, data): if splitdata != data: self.oOutput.LineTimestamped( '%s splitdata %s' % (self.connectionID, repr(splitdata))) if THP_REPLY in dListener: self.connection.send( ReplaceAliases(dListener[THP_REPLY])) self.oOutput.LineTimestamped('%s send reply' % self.connectionID) if THP_MATCH in dListener: dKeys = {} for item in dListener[THP_MATCH].items(): for key in item[1].keys(): dKeys[key] = 1 + dKeys.get(key, 0) if THP_REGEX in dKeys and THP_STARTSWITH in dKeys: self.oOutput.LineTimestamped( 'THP_MATCH cannot contain both THP_REGEX and THP_STARTSWITH!' ) elif THP_REGEX in dKeys: matches = [] for matchname, dMatch in dListener[ THP_MATCH].items(): if THP_REGEX in dMatch: oMatch = re.search(dMatch[THP_REGEX], splitdata) if oMatch != None: matches.append([ len(oMatch.group()), dMatch, matchname ]) if self.ProcessMatches(matches, dListener): break elif THP_STARTSWITH in dKeys: matches = [] for matchname, dMatch in dListener[ THP_MATCH].items(): if THP_STARTSWITH in dMatch and splitdata.startswith( dMatch[THP_STARTSWITH]): matches.append([ len(dMatch[THP_STARTSWITH]), dMatch, matchname ]) if self.ProcessMatches(matches, dListener): break #a# is it necessary to close both oSSLConnection and oSocketConnection? if oSSLConnection != None: oSSLConnection.shutdown(socket.SHUT_RDWR) oSSLConnection.close() oSocketConnection.shutdown(socket.SHUT_RDWR) oSocketConnection.close() self.oOutput.LineTimestamped('%s closed' % self.connectionID) except socket.timeout: self.oOutput.LineTimestamped('%s timeout' % self.connectionID) except Exception as e: self.oOutput.LineTimestamped("%s exception '%s'" % (self.connectionID, str(e)))
import os import paramiko import socket import sys import threading CWD = os.path.dirname(os.path.realpath(__file__)) HOSTKEY = paramiko.RSAKey(filename=os.path.join(CWD, 'test_rsa.key')) class Server (paramiko.ServerInterface): def _init_(self): self.event = threading.Event() def check_channel_request(self, kind, chanid): if kind == 'session': return paramiko.OPEN_SUCCEEDED return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED def check_auth_password(self, username, password): if (username == 'flint') and (password == 'Piastra!'): return paramiko.AUTH_SUCCESSFUL if __name__ == '__main__': server = '127.0.0.1' ssh_port = 2222 try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) sock.bind((server, ssh_port))
import socket import paramiko import threading import sys host_key = paramiko.RSAKey(key=1).generate(2048) class Server(paramiko.ServerInterface): def __init__(self): self.event = threading.Event() def check_channel_request(self, kind, chanid): if kind == 'session': return paramiko.OPEN_SUCCEEDED return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED def check_auth_password(self, username, password): if username == 'wsrtk' and password == 'none': return paramiko.AUTH_SUCCESSFUL return paramiko.AUTH_FAILED server = sys.argv[1] ssh_port = int(sys.argv[2])
def export_credemtel_fiscal_documents(self): invoice = self.env.ref("l10n_it_account.1").id credit_note = self.env.ref("l10n_it_account.2").id vat_company = self.env.user.company_id.vat adattamento_ora = timedelta(hours=2) now = datetime.now() + adattamento_ora timestamp = datetime.strftime(now, '%Y%m%d%H%M%S') exist_nc = False exist_f = False nome_zip_f = vat_company + '_F_' + timestamp + '.zip' zipf = zipfile.ZipFile(PATH + nome_zip_f, 'w') nome_zip_nc = vat_company + '_NC_' + timestamp + '.zip' zipnc = zipfile.ZipFile(PATH + nome_zip_nc, 'w') ftp_service = self.env['sdi.channel'].search([ ('channel_type', '=', 'ftp'), ('active_web_server', '=', True) ]) key = paramiko.RSAKey(data=base64.decodebytes(SSH_KEY)) cnopts = pysftp.CnOpts() cnopts.hostkeys.add(ftp_service.url, 'ssh-rsa', key) with pysftp.Connection(ftp_service.url, username=ftp_service.username, password=ftp_service.password, cnopts=cnopts) as ftp: docs = self.env['fatturapa.attachment.out'].search([ '&', ('create_date', '>=', '2020-10-01 00:00:00'), ('exported_zip', '=', False) ]) logging.info(docs) for doc in docs: if doc.out_invoice_ids[ 0].fiscal_document_type_id.id == invoice: zipf.writestr(doc.name, base64.b64decode(doc.datas)) doc.out_invoice_ids[0].fatturapa_state = 'sent' doc.exported_zip = 1 exist_f = True if doc.out_invoice_ids[ 0].fiscal_document_type_id.id == credit_note: zipnc.writestr(doc.name, base64.b64decode(doc.datas)) doc.out_invoice_ids[0].fatturapa_state = 'sent' doc.exported_zip = 1 exist_nc = True zipf.close() zipnc.close() if exist_f: ftp.put(PATH + nome_zip_f, FTP_PATH + nome_zip_f) logging.info("File Caricato") if exist_nc: ftp.put(PATH + nome_zip_nc, FTP_PATH + nome_zip_nc) logging.info("File Caricato") ftp.close()
return paramiko.OPEN_SUCCEEDED else: return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED def check_auth_password(self, username, password): if (username == "justin") and (password == "lovesthepython"): return paramiko.AUTH_SUCCESSFUL else: return paramiko.AUTH_FAILED if __name__ == "__main__": # Using the key from the Paramiko demo files: github.com/paramiko/paramiko/blob/master/tests/test_rsa.key host_key = paramiko.RSAKey(filename="./test_rsa.key") parser = argparse.ArgumentParser() parser.add_argument("host_address", default="127.0.0.1", help="IP address of the SSH server") parser.add_argument("host_port", type=int, default=22, help="Used port of the SSH server") args = parser.parse_args() try: server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) server_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
def connectRouter(): router = paramiko.SSHClient() key = paramiko.RSAKey(data=base64.decodestring(R_key_string)) router.get_host_keys().add(R_ip, 'ssh-rsa', key) router.connect(R_ip, username='******', password=R_pass) return router
ZlQfAP+VyuKn1fzaVd6fyg4ObBWbZn2U/Iyp1/6Zw2da4A+/JnkSFp4vbcmAzb7T Hv724kGPGw/96viGK83l7h2oDGI7RG189sM4HSQKq/fkzfTLoPyZasExjAC4L5Jg NkpBd73Ai9ZnGRSRly6w8ikvCZjEVrOoHW2L+QKBgEDDshNVtD3LGQVCIuqyHlh0 n/k0vGMGr9XXqdYFAAduAI1ceW8xlaFrvPdJMrp4rs+is4/UjoA1W9pKcz8tviw/ jIV3Lhe0jgCHLrnhjXuILu8JrQttDLGGuWaEuFF2nq+cCZL5nFnFpB7EIk8DA4m9 Iw76HvUwUAE+Yjo2yiP5AoGBAIQE0d3CgtNuZh2Sb4kHw1PjHFBQCaN9UKUTFEjn sOl+Ku0YRt86jnRyJyJYpvvzgtv6y/57p4S4Z3gSjp98jSjNlIBow+DyjIBpb6Yl jS3K1uK/EGJhV2cPTiAOsFx9QlJpw3UsirCMn1911Nj7QU3kAsJ6Kt5s+wpKFMsM 3WdLAoGAGBPkHq3TUXEVrQQbGDMsi1b6vBB9sW1xU6uzXVX1zWNxye+7ETazl4+8 YFtBG5fRs86uvQd1gfYZCYkBk+pCh8nsMswuhh5jIEgvnxCKF9OEQugjp/gjAYqc U81RlNbwezBrqj89Hffq7slsEmc3RECi8TyelimOJck2KD9Kg7g= -----END RSA PRIVATE KEY-----""" hostname = "172.16.6.226" port = 22 username = '******' passwd = 'edong' cmd = 'uptime' priv_key = paramiko.RSAKey(file_obj=StringIO(priv_str)) paramiko.util.log_to_file('paramiko.info') trans_mode = paramiko.Transport((hostname, port)) trans_mode.connect(username=username, password=passwd, pkey=priv_key) ssh = paramiko.SSHClient() ssh._transport = trans_mode stdin, stdout, stderr = ssh.exec_command(cmd) res = stdout.read() print(res.decode()) trans_mode.close()
class Server(paramiko.ServerInterface): # 'data' is the output of base64.b64encode(key) # (using the "user_rsa_key" files) data = (b'AAAAB3NzaC1yc2EAAAABIwAAAIEAyO4it3fHlmGZWJaGrfeHOVY7RWO3P9M7hp' b'fAu7jJ2d7eothvfeuoRFtJwhUmZDluRdFyhFY/hFAh76PJKGAusIqIQKlkJxMC' b'KDqIexkgHAfID/6mqvmnSJf0b5W8v5h2pI/stOSwTQ+pxVhwJ9ctYDhRSlF0iT' b'UWT10hcuO4Ks8=') good_pub_key = paramiko.RSAKey(data=decodebytes(data)) def __init__(self): self.event = threading.Event() def check_channel_request(self, kind, chanid): if kind == 'session': return paramiko.OPEN_SUCCEEDED return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED def check_auth_password(self, username, password): if (username == 'robey') and (password == 'foo'): return paramiko.AUTH_SUCCESSFUL return paramiko.AUTH_FAILED def check_auth_publickey(self, username, key): print('Auth attempt with key: ' + u(hexlify(key.get_fingerprint()))) if (username == 'robey') and (key == self.good_pub_key): return paramiko.AUTH_SUCCESSFUL return paramiko.AUTH_FAILED def check_auth_gssapi_with_mic(self, username, gss_authenticated=paramiko.AUTH_FAILED, cc_file=None): """ .. note:: We are just checking in `AuthHandler` that the given user is a valid krb5 principal! We don't check if the krb5 principal is allowed to log in on the server, because there is no way to do that in python. So if you develop your own SSH server with paramiko for a certain platform like Linux, you should call ``krb5_kuserok()`` in your local kerberos library to make sure that the krb5_principal has an account on the server and is allowed to log in as a user. .. seealso:: `krb5_kuserok() man page <http://www.unix.com/man-page/all/3/krb5_kuserok/>`_ """ if gss_authenticated == paramiko.AUTH_SUCCESSFUL: return paramiko.AUTH_SUCCESSFUL return paramiko.AUTH_FAILED def check_auth_gssapi_keyex(self, username, gss_authenticated=paramiko.AUTH_FAILED, cc_file=None): if gss_authenticated == paramiko.AUTH_SUCCESSFUL: return paramiko.AUTH_SUCCESSFUL return paramiko.AUTH_FAILED def enable_auth_gssapi(self): return True def get_allowed_auths(self, username): return 'gssapi-keyex,gssapi-with-mic,password,publickey' def check_channel_shell_request(self, channel): self.event.set() return True def check_channel_pty_request(self, channel, term, width, height, pixelwidth, pixelheight, modes): return True
#!/usr/bin/env python2.7 import socket, sys, threading, thread import paramiko #generate keys with 'ssh-keygen -t rsa -f server.key' HOST_KEY = paramiko.RSAKey(filename='/var/log/contrSSH/server.key') SSH_PORT = 22 LOGFILE = '/var/log/contrSSH/logins.log' #File to log the user:password combinations to LOGFILE_LOCK = threading.Lock() class SSHServerHandler(paramiko.ServerInterface): def __init__(self): self.event = threading.Event() def check_auth_password(self, username, password): LOGFILE_LOCK.acquire() try: logfile_handle = open(LOGFILE, "a") print("New login: "******":" + password) logfile_handle.write(username + ":" + password + "\n") logfile_handle.close() finally: LOGFILE_LOCK.release() return paramiko.AUTH_FAILED def get_allowed_auths(self, username): return 'password' def handleConnection(client):
#!/usr/bin/python3 import socket import paramiko import threading import sys # Load key # Very good programming host_key = paramiko.RSAKey(filename='../keys/ssh_host_rsa_key') class Server(paramiko.ServerInterface): def __init__(self): self.event = threading.Event() def check_channel_request(self, kind, chanid): if kind == 'session': return paramiko.OPEN_SUCCEEDED return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED def check_auth_password(self, username, password): if (username == 'root') and (password == 'toor'): return paramiko.AUTH_SUCCESSFUL return paramiko.AUTH_FAILED server = sys.argv[1] ssh_port = int(sys.argv[2]) try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
def _importKey(filename, allow_prompt=True, logger=None): ''' Import a RSA or DSA key from file contents If the key file requires a passphrase, ask for it only if allow_prompt is True. Otherwise, reraise the paramiko.PasswordRequiredException. If the key fails to load as a RSA key, try loading as DSA key. If it fails both, then raises a ValueError with the reported errors from both RSA and DSA attempts. ''' # Try RSA first try: key = paramiko.RSAKey(filename=filename) if logger: logger.debug('Loaded unprotected RSA key from %s', filename) return key except paramiko.PasswordRequiredException: # Need passphrase for RSA key if not allow_prompt: return RuntimeError('RSA Key is Passphrase-Protected') retries = 3 while retries: try: passphrase = user_password( 'Enter passphrase for RSA key [%s]: ' % filename) key = paramiko.RSAKey(filename=filename, password=passphrase) if logger: logger.debug('Loaded passphrase protected RSA key from %s', filename) return key except paramiko.SSHException as e: print(repr(e)) retries -= 1 return Exception('3 failed passphrase attempts for %s' % filename) except paramiko.SSHException as e: rsa_exception = e if logger: logger.debug('Failed to load %s as RSA key\n\t%s', filename, repr(rsa_exception)) # Format error - could be ECDSA key instead... try: key = paramiko.ECDSAKey(filename=filename) if logger: logger.debug('Loaded unprotected ECDSA key from %s', filename) return key except paramiko.PasswordRequiredException: # Need passphrase for ECDSA key if not allow_prompt: return RuntimeError('ECDSA Key is Passphrase-Protected') retries = 3 while retries: try: passphrase = user_password( 'Enter passphrase for ECDSA key [%s]: ' % filename) key = paramiko.ECDSAKey(filename=filename, password=passphrase) if logger: logger.debug( 'Loaded passphrase protected ECDSA key from %s', filename) return key except paramiko.SSHException as e: print(repr(e)) retries -= 1 return Exception('3 failed passphrase attempts for %s' % filename) except paramiko.SSHException as e: ecdsa_exception = e if logger: logger.debug('Failed to load %s as ECDSA key\n\t%s', filename, repr(ecdsa_exception)) # Format error - could be DSA key instead... try: key = paramiko.DSSKey(filename=filename) if logger: logger.debug('Loaded unprotected DSA key from %s', filename) return key except paramiko.PasswordRequiredException: # Need passphrase for DSA key if not allow_prompt: return RuntimeError('DSA Key is Passphrase-Protected') retries = 3 while retries: try: passphrase = user_password( 'Enter passphrase for DSA key [%s]: ' % filename) key = paramiko.DSSKey(filename=filename, password=passphrase) if logger: logger.debug('Loaded passphrase protected DSA key from %s', filename) return key except paramiko.SSHException as e: print(repr(e)) retries -= 1 return Exception('3 failed passphrase attempts for %s' % filename) except paramiko.SSHException as e: dsa_exception = e if logger: logger.debug('Failed to load %s as DSA key\n\t%s', filename, repr(dsa_exception)) # Give up on using this key if logger: logger.error( 'Unable to load key from [%s] | RSA failure: %r | ECDSA failure: %r | DSA failure: %r' % (filename, rsa_exception, ecdsa_exception, dsa_exception)) # Return, rather than raise the exception - Caller just needs something to # fill the deferred_keys entry with that's not a paramiko.PKey and not None. return RuntimeError('Unrecognized key: %s' % filename)
def start(self): """This will connect to the server and start port forwarding to the given port of the localhost""" self.client.load_system_host_keys() logger.debug('Connecting to ssh host %s:%d ...' % (self.server, self.server_ssh_port)) pk = paramiko.RSAKey(filename=self.private_key_file) try: self.client.connect(self.server, self.server_ssh_port, username=self.ssh_user, pkey=pk, look_for_keys=False) self.stopped = False except Exception as e: logger.error('*** Failed to connect to %s:%d: %r' % (self.server, self.server_ssh_port, e)) if self.fallback_server_ssh_port is not None: try: logger.debug('Connecting to fallback ssh host %s:%d ...' % (self.fallback_ssh_server, self.fallback_server_ssh_port)) self.client.connect(self.fallback_ssh_server, self.fallback_server_ssh_port, username=self.ssh_user, pkey=pk, look_for_keys=False) self.stopped = False except Exception as e: logger.error( '*** Failed to fallback connect to %s:%d: %r' % (self.fallback_ssh_server, self.fallback_server_ssh_port, e)) if self.error_callback: self.error_callback(e) return else: if self.error_callback: self.error_callback(e) return try: stdin, stdout, stderr = run_method_with_timeout( lambda: self.client.exec_command(self.session_token), timeout_s=10) except (TimeoutException, paramiko.SSHException): raise TunnelError('Connection to the server seems to be lost.') try: self.portForwardingRequestException = None if self.forward_tunnel: thr = threading.Thread(target=self._forward_remote_port) else: thr = threading.Thread(target=self._forward_local_port) thr.setDaemon(True) thr.start() if self.start_callback: start_callback_thread = threading.Thread( target=self.start_callback) start_callback_thread.setDaemon(True) start_callback_thread.start() self.keep_alive() except KeyboardInterrupt as e: self.stop() logger.info('Ctrl-c: Port forwarding stopped.') # sys.exit(0) except EOFError as e: # Tunnel is stopped. self.stop() logger.debug(e) except: self.stop() raise
def host_key(self): host_key_path = os.path.join(config['ROOT_PATH'], 'keys', 'host_rsa_key') if not os.path.isfile(host_key_path): self.gen_host_key(host_key_path) return paramiko.RSAKey(filename=host_key_path)
"(", "").replace(")", "").replace("'", "") data = data.split() d1 = "-Name: " + data[0] d2 = "-FQDN: " + data[1] d3 = "-Provider: " + data[2] chan.send(" " + d1 + "\r\n") chan.send(" " + d2 + "\r\n") chan.send(" " + d3 + "\r\n") logger = logging.getLogger("access.log") logger.setLevel(logging.INFO) lh = logging.FileHandler(LOG_FILE) logger.addHandler(lh) host_key = paramiko.RSAKey(filename="rsa.key") print "\nKey: " + u(hexlify(host_key.get_fingerprint())) print "" class Server(paramiko.ServerInterface): def __init__(self, client_address): self.event = threading.Event() self.client_address = client_address def check_channel_request(self, kind, chanid): if kind == "session": return paramiko.OPEN_SUCCEEDED return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED
def to_paramiko_private_key(pkey): """Convert private key (str) to paramiko-specific RSAKey object.""" return paramiko.RSAKey(file_obj=six.StringIO(pkey))
def generate_host_key(pkey: paramiko.PKey): key_fh = StringIO() pkey.write_private_key(key_fh) key_fh.seek(0) key_obj = paramiko.RSAKey(file_obj=key_fh) return key_obj.get_base64()
import socket import paramiko import threading import sys host_key = paramiko.RSAKey(filename='/etc/ssh/ssh_host_rsa_key') class Server(paramiko.ServerInterface): data = ( b'AAAAB3NzaC1yc2EAAAADAQABAAABAQDJSfJAOSf5Hl8AIJaZU1DFDXSkEaci' b'BDZTMd2WlhNaGWajADvFDKSjI0Wlp2tpnXmkAuKKuB9cd2fT5EMCNny3BW/5' b'p/pmi9TadbP9nwpOJmfH7j0TLRnG2Fhn4CxDOY3RLQIf5nZtk0bTaY4168bG' b'G+c4B75sRS4q5/shGs0LELu8NOhdEqbmVteL/51K4rle5N354Fatbnrlpk7j' b'JBaKWSLJ8Jk9C5dkNHCtjb/pQ8gt9O6tst7IasU32pB0mWIQWEjd/ZtqZSSq' b'uXTq5Xbby+H6BIkbuEKGLzbQc+dwgflwJvZ6MIvbQZR5/wFD41jPtEdF/JlZKeUX8gdMylJ9' ) def _init_(self): self.event = threading.Event() def check_channel_request(self, kind, chanid): if kind == 'session': return paramiko.OPEN_SUCCEEDED return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED def check_auth_password(self, username, password): if (username == 'mjlee') and (password == 'mjlee'): return paramiko.AUTH_SUCCESSFUL return paramiko.AUTH_FAILED
def run(self, name, image, entrypoint, command): # noqa """Run a one-off command""" self._create_container(name, image, command, copy.deepcopy(RUN_TEMPLATE), entrypoint=entrypoint) # wait for the container to get scheduled for _ in range(30): states = self._get_state(name) if states and len(states.get('states', [])) == 1: state = states.get('states')[0] break time.sleep(1) else: raise RuntimeError('container did not report state') try: machineID = state.get('machineID') # find the machine machines = self._get_machines() if not machines: raise RuntimeError('no available hosts to run command') # find the machine's primaryIP primaryIP = None for m in machines.get('machines', []): if m['id'] == machineID: primaryIP = m['primaryIP'] if not primaryIP: raise RuntimeError('could not find host') # prepare ssh key file_obj = cStringIO.StringIO(base64.b64decode(self.pkey)) pkey = paramiko.RSAKey(file_obj=file_obj) # grab output via docker logs over SSH ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) ssh.connect(primaryIP, username="******", pkey=pkey) # share a transport tran = ssh.get_transport() def _do_ssh(cmd): chan = tran.open_session() # get a pty so stdout/stderr look right chan.get_pty() out = chan.makefile() chan.exec_command(cmd) rc, output = chan.recv_exit_status(), out.read() return rc, output # wait for container to launch # we loop indefinitely here, as we have no idea how long the docker pull will take while True: rc, _ = _do_ssh('docker inspect {name}'.format(**locals())) if rc == 0: break time.sleep(1) else: raise RuntimeError('failed to create container') # wait for container to start for _ in range(2): _rc, _output = _do_ssh( 'docker inspect {name}'.format(**locals())) if _rc != 0: raise RuntimeError('failed to inspect container') _container = json.loads(_output) started_at = _container[0]["State"]["StartedAt"] if not started_at.startswith('0001'): break time.sleep(1) else: raise RuntimeError('container failed to start') # wait for container to complete for _ in range(1200): _rc, _output = _do_ssh( 'docker inspect {name}'.format(**locals())) if _rc != 0: raise RuntimeError('failed to inspect container') _container = json.loads(_output) finished_at = _container[0]["State"]["FinishedAt"] if not finished_at.startswith('0001'): break time.sleep(1) else: raise RuntimeError('container timed out') # gather container output _rc, output = _do_ssh('docker logs {name}'.format(**locals())) if _rc != 0: raise RuntimeError('could not attach to container') # determine container exit code _rc, _output = _do_ssh('docker inspect {name}'.format(**locals())) if _rc != 0: raise RuntimeError('could not determine exit code') container = json.loads(_output) rc = container[0]["State"]["ExitCode"] finally: # cleanup self._destroy_container(name) self._wait_for_destroy(name) # return rc and output return rc, output
import random import socket # import sys import threading # import traceback import paramiko from binascii import hexlify from paramiko.py3compat import u, decodebytes from tests.utils import make_tests_data_path # setup logging paramiko.util.log_to_file(make_tests_data_path('sshserver.log')) host_key = paramiko.RSAKey(filename=make_tests_data_path('test_rsa.key')) # host_key = paramiko.DSSKey(filename='test_dss.key') print('Read key: ' + u(hexlify(host_key.get_fingerprint()))) banner = u'\r\n\u6b22\u8fce\r\n' event_timeout = 5 class Server(paramiko.ServerInterface): # 'data' is the output of base64.b64encode(key) # (using the "user_rsa_key" files) data = (b'AAAAB3NzaC1yc2EAAAABIwAAAIEAyO4it3fHlmGZWJaGrfeHOVY7RWO3P9M7hp' b'fAu7jJ2d7eothvfeuoRFtJwhUmZDluRdFyhFY/hFAh76PJKGAusIqIQKlkJxMC' b'KDqIexkgHAfID/6mqvmnSJf0b5W8v5h2pI/stOSwTQ+pxVhwJ9ctYDhRSlF0iT' b'UWT10hcuO4Ks8=')
def main(): # exit script upon CTRL+C signal.signal(signal.SIGINT, signal_handler) # process script arguments args = load_arguments() # display version and exit if args.version: print("ssh_to_telnet_proxy" + " : " + __version__) sys.exit(0) # set logging basic configuration logging.basicConfig(level=args.loglevel.upper(), format='%(asctime)s ' '%(filename)s: ' '%(levelname)s: ' '%(funcName)s(): ' '%(lineno)d:\t' '%(message)s') # setup paramiko local logging paramiko.util.log_to_file(args.logfile) # Define server key host_key = paramiko.RSAKey(filename=args.key) # now connect try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) sock.bind(("", args.port)) except Exception as e: print("*** Bind failed: " + str(e)) traceback.print_exc() sys.exit(1) try: while True: client = None try: sock.listen(100) print("Listening for connection ...") client, addr = sock.accept() except Exception as e: print("*** Listen/accept failed: " + str(e)) traceback.print_exc() sys.exit(1) print("Got a connection!") try: new_thread = threading.Thread(name="ssh_session", target=start_ssh_session_thread, kwargs={ "client": client, "host_key": host_key }) new_thread.start() except Exception as e: logger.error("*** Caught exception: " + str(e.__class__) + ": " + str(e)) traceback.print_exc() sys.exit(1) except KeyboardInterrupt: print('Server closing') sock.close()
class PServer(paramiko.ServerInterface): # 'data' is the output of base64.b64encode(key) # (using the "user_rsa_key" files) data = ( b"AAAAB3NzaC1yc2EAAAABIwAAAIEAyO4it3fHlmGZWJaGrfeHOVY7RWO3P9M7hp" b"fAu7jJ2d7eothvfeuoRFtJwhUmZDluRdFyhFY/hFAh76PJKGAusIqIQKlkJxMC" b"KDqIexkgHAfID/6mqvmnSJf0b5W8v5h2pI/stOSwTQ+pxVhwJ9ctYDhRSlF0iT" b"UWT10hcuO4Ks8=" ) good_pub_key = paramiko.RSAKey(data=decodebytes(data)) usePty = False pty = None def __init__(self): self.event = threading.Event() def check_channel_request(self, kind, chanid): if kind == "session": return paramiko.OPEN_SUCCEEDED return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED def check_auth_password(self, username, password): if (username == "test") and (password == "password"): return paramiko.AUTH_SUCCESSFUL return paramiko.AUTH_FAILED def check_auth_publickey(self, username, key): return paramiko.AUTH_FAILED def check_auth_gssapi_with_mic( self, username, gss_authenticated=paramiko.AUTH_FAILED, cc_file=None ): return paramiko.AUTH_FAILED def check_auth_gssapi_keyex( self, username, gss_authenticated=paramiko.AUTH_FAILED, cc_file=None ): # if gss_authenticated == paramiko.AUTH_SUCCESSFUL: # return paramiko.AUTH_SUCCESSFUL return paramiko.AUTH_FAILED def enable_auth_gssapi(self): return False def get_allowed_auths(self, username): return "password" def check_channel_shell_request(self, channel): self.event.set() print("Requested a shell") return True def check_channel_pty_request( self, channel, term, width, height, pixelwidth, pixelheight, modes ): print("Requested a Psuedo-terminal, term: {}, width: {}, height: {}, pixelwidth: {}, pixelheight: {}, modes: {}" .format(term, width, height, pixelwidth, pixelheight, modes)) termString = bytes.decode(term, "ascii") if "xterm" in termString: self.usePty = True self.pty = server.Xterm(channel, term, width, height, pixelwidth, pixelheight, modes) return True else: print("Can only emulate xterm ptys") return False def check_channel_window_change_request(self, channel, width, height, pixelwidth, pixelheight): print("Requested a window resize, width: {}, height: {}, pixelWidth: {}, pixelHeight: {}" .format(width, height, pixelwidth, pixelheight)) self.pty.resize(width, height, pixelwidth, pixelheight) return True def get_banner(self): if server.ServerInfo.banner is None: return "", "en-US" return server.ServerInfo.banner.join("\r\n"), "en-US"
#!/usr/bin/env python """Fake SSH Server Utilizing Paramiko""" import argparse import threading import socket import sys import traceback import paramiko LOG = open("logs/log.txt", "a") HOST_KEY = paramiko.RSAKey(filename='keys/private.key') SSH_BANNER = "SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3" def handle_cmd(cmd, chan): """Branching statements to handle and prepare a response for a command""" response = "" if cmd.startswith("sudo"): send_ascii("sudo.txt", chan) return elif cmd.startswith("ls"): response = "pw.txt" elif cmd.startswith("version"): response = "Super Amazing Awesome (tm) Shell v1.1" elif cmd.startswith("pwd"): response = "/home/clippy" elif cmd.startswith("cd"): send_ascii("cd.txt", chan) return elif cmd.startswith("cat"): send_ascii("cat.txt", chan)
#!/usr/bin/env python # -*- coding: utf-8 -*- import socket import paramiko import threading import sys # Paramikoのデモファイルに含まれている鍵ファイルを利用 host_key = paramiko.RSAKey(filename='test_rsa.key') class Server(paramiko.ServerInterface): def __init__(self): self.event = threading.Event() def check_channel_request(self, kind, chanid): if kind == 'session': return paramiko.OPEN_SUCCEEDED return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED def check_auth_password(self, username, password): if (username == 'justin') and (password == 'lovesthepython'): return paramiko.AUTH_SUCCESSFUL return paramiko.AUTH_FAILED server = sys.argv[1] port = int(sys.argv[2]) try:
def Connect(hostname, username, password=None, port=22, ssh_keys=(), timeout=TIMEOUT_DEFAULT): """Makes a paramiko SSH connection to a device. Args: hostname: A string, the hostname or IP address to connect to. username: A string, the username to use on the connection. password: A string, the password to use on the connection. port: An int, the port number to connect to. ssh_keys: A tuple of strings, SSH private keys (optional; may be None). timeout: A float, the number of seconds before a connection times out. Returns: A paramiko.SSHClient() instance """ options = SshOptions() hostname, port, username = options.Lookup(hostname, port, username) ssh_client = None def RaiseError(e, msg): """Raises an exception, disconnecting the SSH client. Args: e: An Exception. msg: An object, exception arguments. """ raise e(msg) try: ssh_client = paramiko.SSHClient() # Always auto-add remote SSH host keys. ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) ssh_client.load_system_host_keys() # Connect using paramiko with a timeout parameter (requires paramiko 1.7) if ssh_keys: pkeys = [] for key in ssh_keys: logging.debug( 'Using SSH private key for device authentication.') # Use a virtual temporary file to store the key. ssh_key_fileobj = cStringIO.StringIO() ssh_key_fileobj.write(key) ssh_key_fileobj.reset() try: pkeys.append(paramiko.DSSKey(file_obj=ssh_key_fileobj)) logging.debug('Using SSH DSA key for %r', hostname) except (IndexError, paramiko.SSHException) as e: if (isinstance(e, IndexError) or 'not a valid DSA private key file' in str(e)): ssh_key_fileobj.reset() try: logging.debug('Using SSH RSA key for %r', hostname) pkeys.append( paramiko.RSAKey(file_obj=ssh_key_fileobj)) except (IndexError, paramiko.SSHException) as e: raise exceptions.AuthenticationError(str(e)) else: raise exceptions.ConnectError('SSHException: %s' % str(e)) else: logging.debug('Using password for %r', hostname) pkeys = [None] for pkey in pkeys: saved_exception = None try: ssh_client.connect(hostname=hostname, port=port, username=username, password=password, pkey=pkey, timeout=timeout, allow_agent=FLAGS.use_ssh_agent, look_for_keys=False) break except (paramiko.AuthenticationException, paramiko.SSHException) as e: saved_exception = e if saved_exception is not None: raise saved_exception # pylint: disable=raising-bad-type transport = ssh_client.get_transport() # Sometimes we have to authenticate a second time, eg. on Force10 # we always fail the first authentication (if we try pkey + pass, # the pass succeeds; but if we do pass only, we have to do it # twice). connect() above will have authenticated once. if not transport.is_authenticated(): if pkeys != [None]: for pkey in pkeys: try: transport.auth_publickey(username, pkey) break except paramiko.SSHException: pass if not transport.is_authenticated(): if password is not None: try: transport.auth_password(username, password) except paramiko.SSHException: pass if not transport.is_authenticated(): msg = 'Not authenticated after two attempts on %r' % hostname RaiseError(exceptions.ConnectError, msg) except EOFError: msg = 'EOFError connecting to: %r' % hostname RaiseError(exceptions.ConnectError, msg) except paramiko.AuthenticationException as e: msg = 'Authentication error connecting to %s: %s' % (hostname, str(e)) RaiseError(exceptions.AuthenticationError, msg) except paramiko.SSHException as e: msg = 'SSHException connecting to %s: %s' % (hostname, str(e)) RaiseError(exceptions.ConnectError, msg) except socket.timeout as e: msg = 'Timed-out while connecting to %s: %s' % (hostname, str(e)) RaiseError(exceptions.ConnectError, msg) except socket.error as e: msg = 'Socket error connecting to %r: %s %s' % (hostname, e.__class__, e) RaiseError(exceptions.ConnectError, msg) return ssh_client