def login(self, ip, user, passwd, port=22, key=None, key_pass=None): 'login to ssh server' self.set_missing_host_key_policy(AutoAddPolicy()) if key: try: key_file = RSAKey.from_private_key_file(key) except PasswordRequiredException: key_file = RSAKey.from_private_key_file(key, key_pass) else: key_file = None try: self.connect(ip, port, user, passwd, pkey=key_file) self.login_status = True except AuthenticationException: print "Error: user or password error, info: ", \ "ip:", ip, self.error_get()[1] self.login_status = False except socket.error: print "Error: do't connect to host: %s, info: %s " % \ (ip, str(self.error_get()[1])) self.login_status = False except Exception: self.login_status = False print "Error: host: %s unknow errow, info: %s" % ( ip, str(self.error_get()[1]))
def clean(self): data = super(KeyAddForm, self).clean() key_type = data.get('key_type') public_key = data.get('public_key') try: if key_type == "ssh-rsa": k = RSAKey(data=base64.b64decode(public_key)) elif key_type == "ssh-dss": k = DSSKey(data=base64.b64decode(public_key)) elif key_type.startswith('ecdsa'): k = ECDSAKey(data=base64.b64decode(public_key)) else: raise forms.ValidationError( _("Unsupport key type: %(keytype)s"), code='invalid keytype', params={'key_type': key_type} ) data['key_type'] = k.get_name() data['public_key'] = base64.b64encode(k.get_base64()) except (TypeError, SSHException, UnicodeDecodeError) as err: if len(public_key) > 30: body = public_key[0:30] else: body = public_key raise forms.ValidationError( _("Body of SSH public key is invalid:\n%(body)s\n" "Error: %(err)s"), code='invalid key body', params={'body': body + "...", 'err': err} ) return data
def getRsaKeyFile(filename, password=None): try: key = RSAKey(filename=filename, password=password) except IOError: log.info('Generating new server RSA key and saving in file %r.' % filename) key = RSAKey.generate(1024) key.write_private_key_file(filename, password=password) return key
def compute_fingerprint(self): data = base64.b64decode(self.key) if self.key_type == "ssh-rsa": pkey = RSAKey(data=data) elif self.key_type == "ssh-dss": pkey = DSSKey(data=data) return ":".join(re.findall(r"..", hexlify(pkey.get_fingerprint())))
def test_6_compare_rsa(self): # verify that the private & public keys compare equal key = RSAKey.from_private_key_file(test_path('test_rsa.key')) self.assertEqual(key, key) pub = RSAKey(data=key.asbytes()) self.assertTrue(key.can_sign()) self.assertTrue(not pub.can_sign()) self.assertEqual(key, pub)
def test_6_compare_rsa(self): # verify that the private & public keys compare equal key = RSAKey.from_private_key_file('tests/test_rsa.key') self.assertEquals(key, key) pub = RSAKey(data=str(key)) self.assert_(key.can_sign()) self.assert_(not pub.can_sign()) self.assertEquals(key, pub)
def get_rsa_key_file(filename, password=None): try: key = RSAKey(filename=filename, password=password) except IOError: logger.info('RSA Key file not found, generating a new one: {}'.format(filename)) key = RSAKey.generate(1024) key.write_private_key_file(filename, password=password) return key
def getIdentityKey(self): keyfile = os.path.abspath(os.path.join(self.getLocalBuildoutPath(),'hostout_rsa')) keyfile = self.options.get('identity-file', keyfile) if not os.path.exists(keyfile): key = RSAKey.generate(1024) key.write_private_key_file(keyfile) else: key = RSAKey.from_private_key_file(keyfile) return keyfile, "ssh-rsa %s hostout@hostout" % key.get_base64()
def test_8_sign_rsa(self): # verify that the rsa private key can sign and verify key = RSAKey.from_private_key_file(test_path('test_rsa.key')) msg = key.sign_ssh_data(b'ice weasels') self.assertTrue(type(msg) is Message) msg.rewind() self.assertEqual('ssh-rsa', msg.get_text()) sig = bytes().join([byte_chr(int(x, 16)) for x in SIGNED_RSA.split(':')]) self.assertEqual(sig, msg.get_binary()) msg.rewind() pub = RSAKey(data=key.asbytes()) self.assertTrue(pub.verify_ssh_sig(b'ice weasels', msg))
def test_8_sign_rsa(self): # verify that the rsa private key can sign and verify key = RSAKey.from_private_key_file('tests/test_rsa.key') msg = key.sign_ssh_data(rng, 'ice weasels') self.assert_(type(msg) is Message) msg.rewind() self.assertEquals('ssh-rsa', msg.get_string()) sig = ''.join([chr(int(x, 16)) for x in SIGNED_RSA.split(':')]) self.assertEquals(sig, msg.get_string()) msg.rewind() pub = RSAKey(data=str(key)) self.assert_(pub.verify_ssh_sig('ice weasels', msg))
def load_ssh_key(self, length=2048): cluster_name = self.get_active_cluster() cluster_folder = os.path.join(self.config_folder, cluster_name) filename = cluster_name + "_rsa" filepath = os.path.join(cluster_folder, filename) if os.path.exists(filepath): self.log.debug("loading private key: %s", filepath) k = RSAKey(filename=filepath) else: self.log.debug("generating new private key: %s", filepath) k = RSAKey.generate(length) k.write_private_key_file(filepath) return filepath, k
def test_keyfile_is_actually_encrypted(self): # Read an existing encrypted private key file_ = test_path('test_rsa_password.key') password = '******' newfile = file_ + '.new' newpassword = '******' key = RSAKey(filename=file_, password=password) # Write out a newly re-encrypted copy with a new password. # When the bug under test exists, this will ValueError. try: key.write_private_key_file(newfile, password=newpassword) self.assert_keyfile_is_encrypted(newfile) finally: os.remove(newfile)
def _check_keypair_from_file(self, ref_fingerprint, private_key_path): """Function to check if a certain keypair from a file matches the fingerprint from a reference one :param str ref_fingerprint: fingerprint to be compared :raises: KeypairError: if the keypair is not valid, or if the fingerprint to check and the one computed from the private key is not the same :raises: KeyNotAccessible: if the private key is password protected and the password provided is not correct """ pkey=None # This block avoid repetition of checks after it is done for the first instance if self._SSH_KEY_CHECKED==True: if self._SSH_KEY_ACCESS_ERROR==True: # This avoid user entering the code right the second time raise KeyNotAccessible#("Unable to access key file `"+private_key_path+": Invalid password") else: return try: pkey=DSSKey.from_private_key_file(private_key_path) except PasswordRequiredException: try: asked_password = getpass.getpass('Enter passphrase for '+private_key_path+ ':') pkey=DSSKey.from_private_key_file(private_key_path,asked_password) except SSHException: self._SSH_KEY_CHECKED=True self._SSH_KEY_ACCESS_ERROR=True # This avoid user entering the code right the second time raise KeyNotAccessible#("Unable to access key file `"+private_key_path+": Invalid password") except SSHException: try: pkey=RSAKey.from_private_key_file(private_key_path) except PasswordRequiredException: try: asked_password = getpass.getpass('Enter passphrase for '+private_key_path+ ':') pkey=RSAKey.from_private_key_file(private_key_path,asked_password) except SSHException: self._SSH_KEY_CHECKED=True self._SSH_KEY_ACCESS_ERROR=True # This avoid user entering the code right the second time raise KeyNotAccessible#("Unable to access key file `"+private_key_path+": Invalid password") except SSHException: raise KeypairError('File `%s` is neither a valid DSA key ' 'or RSA key' % private_key_path) fingerprint = str.join( ':', (i.encode('hex') for i in pkey.get_fingerprint())) if ref_fingerprint!=fingerprint: raise KeypairError( "Keypair from "+private_key_path+" is present but has " "different fingerprint. Aborting!") self._SSH_KEY_CHECKED=True return
def dehydrate(self, bundle): if bundle.obj.key_type == "ssh-rsa": key = RSAKey(data=base64.b64decode(bundle.obj.public_key)) elif bundle.obj.key_type == "ssh-rsa": key = DSSKey(data=base64.b64decode(bundle.obj.public_key)) elif bundle.obj.key_type.startswith("ecdsa"): key = ECDSAKey(data=base64.b64decode(bundle.obj.public_key)) else: raise HydrationError( "Unknown key type: %s" % bundle.object.key_type ) bundle.data['fingerprint'] = u(hexlify(key.get_fingerprint())) return bundle
def test_2_load_rsa(self): key = RSAKey.from_private_key_file('tests/test_rsa.key') self.assertEquals('ssh-rsa', key.get_name()) exp_rsa = FINGER_RSA.split()[1].replace(':', '') my_rsa = hexlify(key.get_fingerprint()) self.assertEquals(exp_rsa, my_rsa) self.assertEquals(PUB_RSA.split()[1], key.get_base64()) self.assertEquals(1024, key.get_bits()) s = StringIO() key.write_private_key(s) self.assertEquals(RSA_PRIVATE_OUT, s.getvalue()) s.seek(0) key2 = RSAKey.from_private_key(s) self.assertEquals(key, key2)
def test_2_load_rsa(self): key = RSAKey.from_private_key_file(_support("test_rsa.key")) self.assertEqual("ssh-rsa", key.get_name()) exp_rsa = b(FINGER_RSA.split()[1].replace(":", "")) my_rsa = hexlify(key.get_fingerprint()) self.assertEqual(exp_rsa, my_rsa) self.assertEqual(PUB_RSA.split()[1], key.get_base64()) self.assertEqual(1024, key.get_bits()) s = StringIO() key.write_private_key(s) self.assertEqual(RSA_PRIVATE_OUT, s.getvalue()) s.seek(0) key2 = RSAKey.from_private_key(s) self.assertEqual(key, key2)
def test_3_simple(self): """ verify that we can establish an ssh link with ourselves across the loopback sockets. this is hardly "simple" but it's simpler than the later tests. :) """ host_key = RSAKey.from_private_key_file('tests/test_rsa.key') public_host_key = RSAKey(data=bytes(host_key)) self.ts.add_server_key(host_key) event = threading.Event() server = NullServer() self.assert_(not event.isSet()) self.assertEquals(None, self.tc.get_username()) self.assertEquals(None, self.ts.get_username()) self.assertEquals(False, self.tc.is_authenticated()) self.assertEquals(False, self.ts.is_authenticated()) self.ts.start_server(event, server) self.tc.connect(hostkey=public_host_key, username='******', password='******') event.wait(1.0) self.assert_(event.isSet()) self.assert_(self.ts.is_active()) self.assertEquals('slowdive', self.tc.get_username()) self.assertEquals('slowdive', self.ts.get_username()) self.assertEquals(True, self.tc.is_authenticated()) self.assertEquals(True, self.ts.is_authenticated())
def _connect( self, hostname=None, port=None, username=None, password=None, accept_missing_host_key=None, timeout=None, compress=None, pkey=None, look_for_keys=None, allow_agent=None, key_filename=None, proxy_type=None, proxy_ip=None, proxy_port=None, sock=None): connect_kwargs = dict(self.connect_kwargs) connect_kwargs.update({ k: locals().get(k) for k in self.connect_kwargs if locals().get(k) is not None}) connect_kwargs["port"] = int(connect_kwargs.get("port")) ssh = ExtendedParamikoSSHClient() if bool(self.accept_missing_host_key or accept_missing_host_key): ssh.set_missing_host_key_policy(AutoAddPolicy()) if connect_kwargs.get("pkey") is not None: connect_kwargs["pkey"] = RSAKey.from_private_key( io.StringIO(unicode(connect_kwargs["pkey"]))) proxy_type = proxy_type or self.proxy_type proxy_ip = proxy_ip or self.proxy_ip proxy_port = proxy_port or self.proxy_port if connect_kwargs.get("sock") is not None: pass elif all([proxy_type, proxy_ip, proxy_port]): connect_kwargs["sock"] = create_connection( (connect_kwargs.get("hostname"), connect_kwargs.get("port")), proxy_type, proxy_ip, int(proxy_port)) ssh.connect(**connect_kwargs) return ssh
def _get_keys(self): keys = [] admin_remote = self._get_remote(self.admin_ip) key_string = '/root/.ssh/id_rsa' with admin_remote.open(key_string) as f: keys.append(RSAKey.from_private_key(f)) return keys
def connect(self, instance, ssh_user, ssh_ports, cmd, ssh_key_name): """ execute a command on instance with ssh and return if cmd param is not None connect to ssh if cmd is None :param instance: :param ssh_user: :param ssh_ports: :param ssh_key_name: :param cmd: execute this command if not None :return: """ # get instance public ip ssh_ip = instance.ip # we need to find the ssh key try: key_file = open(os.path.join(os.path.expanduser(self._key_path), ssh_key_name), 'r') except FileNotFoundError: try: key_file = open(os.path.join(os.path.expanduser(self._key_path), ssh_key_name + '.pem'), 'r') except FileNotFoundError: raise CourirSshException('private key %(key_name)s nor %(key_name)s.pem not found' % { 'key_name': ssh_key_name }) client = SSHClient() client.set_missing_host_key_policy(AutoAddPolicy()) logger.debug('connecting to %s with port %s and user %s', ssh_ip, ssh_ports[0], ssh_user) mykey = RSAKey.from_private_key(key_file) # we try with each ssh_port we have for count, ssh_port in enumerate(ssh_ports): try: logger.debug(ssh_ip) logger.debug(ssh_port) client.connect(hostname=ssh_ip, port=int(ssh_port), username=ssh_user, pkey=mykey, timeout=4) if cmd is None: with NamedTemporaryFile(mode='w+') as tmp_key_file: mykey.write_private_key(tmp_key_file, password=None) tmp_key_file.flush() cmd = 'ssh -i %s %s@%s -p %s' % (tmp_key_file.name, ssh_user, ssh_ip, ssh_port) logger.debug(cmd) os.system(cmd) else: stdin, stdout, stderr = client.exec_command(command=cmd) out_str = stdout.read() out_err = stderr.read().strip(' \t\n\r') print(out_str) if out_err != '': print(out_err) sys.exit(1) except (ConnectionRefusedError, socket.timeout): # we will try another tcp port if count < len(ssh_ports): continue else: raise CourirSshException('connection error')
def _get_keys(self): keys = [] admin_remote = self._get_remote(self.admin_ip) for key_string in ['/root/.ssh/id_rsa', '/root/.ssh/bootstrap.rsa']: with admin_remote.open(key_string) as f: keys.append(RSAKey.from_private_key(f)) return keys
def create_ssh_rsa_key_pair(passphrase, bits=2048): random_generator = Random.new().read keypair = RSA.generate(bits, random_generator) # extract keys privkey = keypair.exportKey('PEM', passphrase, pkcs=1) pubkey = '%s %s %s' % (keypair.publickey().exportKey("OpenSSH"), config.SSH_PRIV_KEY, str(datetime.now())) # writing keys to files priv_key_file = config.get_priv_ssh_key() pub_key_file = '%s.pub' % priv_key_file with open("%s" % priv_key_file, 'w', stat.S_IWUSR | stat.S_IRUSR) as f: f.write("%s" % privkey) f.close() os.chmod(priv_key_file, stat.S_IWUSR | stat.S_IRUSR) with open("%s" % pub_key_file, 'w') as f: f.write("%s" % pubkey) f.close() # Get fingerprint and encode it in format aa:bb:cc:dd:... fingerprint = RSAKey.from_private_key_file(priv_key_file, password=passphrase).get_fingerprint().encode('hex') fingerprint = ':'.join(fingerprint[i:i + 2] for i in xrange(0, len(fingerprint), 2)) # If running under Windows, convert OpenSSH private key to PuTTY private key, # because pageant cannot load OpenSSH keys. if util.platform_is_windows(): priv_key_file_putty = '%s.ppk' % priv_key_file cmd = '"%s" "%s" -e -o "%s"' % (util.get_path_to_exe('puttygencmd.exe'), priv_key_file, priv_key_file_putty) util.run(cmd) os.remove(priv_key_file) os.rename(priv_key_file_putty, priv_key_file) return fingerprint
def _set_authentication(self, password, private_key, private_key_pass): '''Authenticate the transport. prefer password if given''' if password is None: # Use Private Key. if not private_key: # Try to use default key. if os.path.exists(os.path.expanduser('~/.ssh/id_rsa')): private_key = '~/.ssh/id_rsa' elif os.path.exists(os.path.expanduser('~/.ssh/id_dsa')): private_key = '~/.ssh/id_dsa' else: raise CredentialException("No password or key specified.") if isinstance(private_key, (AgentKey, RSAKey)): # use the paramiko agent or rsa key self._tconnect['pkey'] = private_key else: # isn't a paramiko AgentKey or RSAKey, try to build a # key from what we assume is a path to a key private_key_file = os.path.expanduser(private_key) try: # try rsa self._tconnect['pkey'] = RSAKey.from_private_key_file( private_key_file, private_key_pass) except paramiko.SSHException: # if it fails, try dss # pylint:disable=r0204 self._tconnect['pkey'] = DSSKey.from_private_key_file( private_key_file, private_key_pass)
def test_certificates(self): # PKey.load_certificate key = RSAKey.from_private_key_file(test_path('test_rsa.key')) self.assertTrue(key.public_blob is None) key.load_certificate(test_path('test_rsa.key-cert.pub')) self.assertTrue(key.public_blob is not None) self.assertEqual(key.public_blob.key_type, '*****@*****.**') self.assertEqual(key.public_blob.comment, 'test_rsa.key.pub') # Delve into blob contents, for test purposes msg = Message(key.public_blob.key_blob) self.assertEqual(msg.get_text(), '*****@*****.**') nonce = msg.get_string() e = msg.get_mpint() n = msg.get_mpint() self.assertEqual(e, key.public_numbers.e) self.assertEqual(n, key.public_numbers.n) # Serial number self.assertEqual(msg.get_int64(), 1234) # Prevented from loading certificate that doesn't match key1 = Ed25519Key.from_private_key_file(test_path('test_ed25519.key')) self.assertRaises( ValueError, key1.load_certificate, test_path('test_rsa.key-cert.pub'), )
def test_salt_size(self): # Read an existing encrypted private key file_ = test_path('test_rsa_password.key') password = '******' newfile = file_ + '.new' newpassword = '******' key = RSAKey(filename=file_, password=password) # Write out a newly re-encrypted copy with a new password. # When the bug under test exists, this will ValueError. try: key.write_private_key_file(newfile, password=newpassword) # Verify the inner key data still matches (when no ValueError) key2 = RSAKey(filename=newfile, password=newpassword) self.assertEqual(key, key2) finally: os.remove(newfile)
def sftp_server(): """ Set up an in-memory SFTP server thread. Yields the client Transport/socket. The resulting client Transport (along with all the server components) will be the same object throughout the test session; the `sftp` fixture then creates new higher level client objects wrapped around the client Transport, as necessary. """ # Sockets & transports socks = LoopSocket() sockc = LoopSocket() sockc.link(socks) tc = Transport(sockc) ts = Transport(socks) # Auth host_key = RSAKey.from_private_key_file(_support("test_rsa.key")) ts.add_server_key(host_key) # Server setup event = threading.Event() server = StubServer() ts.set_subsystem_handler("sftp", SFTPServer, StubSFTPServer) ts.start_server(event, server) # Wait (so client has time to connect? Not sure. Old.) event.wait(1.0) # Make & yield connection. tc.connect(username="******", password="******") yield tc
def setup_test_server( self, client_options=None, server_options=None, connect_kwargs=None, ): host_key = RSAKey.from_private_key_file(_support('test_rsa.key')) public_host_key = RSAKey(data=host_key.asbytes()) self.ts.add_server_key(host_key) if client_options is not None: client_options(self.tc.get_security_options()) if server_options is not None: server_options(self.ts.get_security_options()) event = threading.Event() self.server = NullServer() self.assertTrue(not event.is_set()) self.ts.start_server(event, self.server) if connect_kwargs is None: connect_kwargs = dict( hostkey=public_host_key, username='******', password='******', ) self.tc.connect(**connect_kwargs) event.wait(1.0) self.assertTrue(event.is_set()) self.assertTrue(self.ts.is_active())
def test_L_handshake_timeout(self): """ verify that we can get a hanshake timeout. """ # Tweak client Transport instance's Packetizer instance so # its read_message() sleeps a bit. This helps prevent race conditions # where the client Transport's timeout timer thread doesn't even have # time to get scheduled before the main client thread finishes # handshaking with the server. # (Doing this on the server's transport *sounds* more 'correct' but # actually doesn't work nearly as well for whatever reason.) class SlowPacketizer(Packetizer): def read_message(self): time.sleep(1) return super(SlowPacketizer, self).read_message() # NOTE: prettttty sure since the replaced .packetizer Packetizer is now # no longer doing anything with its copy of the socket...everything'll # be fine. Even tho it's a bit squicky. self.tc.packetizer = SlowPacketizer(self.tc.sock) # Continue with regular test red tape. host_key = RSAKey.from_private_key_file(_support('test_rsa.key')) public_host_key = RSAKey(data=host_key.asbytes()) self.ts.add_server_key(host_key) event = threading.Event() server = NullServer() self.assertTrue(not event.is_set()) self.tc.handshake_timeout = 0.000000000001 self.ts.start_server(event, server) self.assertRaises(EOFError, self.tc.connect, hostkey=public_host_key, username='******', password='******')
def test_ssh_exception(self): """Test that we get ssh exception in output with correct arguments""" self.server.kill() host = '127.0.0.10' _socket = make_socket(host) port = _socket.getsockname()[1] server = start_server(_socket, ssh_exception=True) hosts = [host] client = ParallelSSHClient(hosts, port=port, user='******', password='******', pkey=RSAKey.generate(1024)) output = client.run_command(self.fake_cmd, stop_on_errors=False) gevent.sleep(1) client.pool.join() self.assertTrue('exception' in output[host], msg="Got no exception for host %s - expected connection error" % ( host,)) try: raise output[host]['exception'] except SSHException, ex: self.assertEqual(ex.args[1], host, msg="Exception host argument is %s, should be %s" % ( ex.args[1], host,)) self.assertEqual(ex.args[2], port, msg="Exception port argument is %s, should be %s" % ( ex.args[2], port,))
def get(nodes_file, request): """Return the logs""" args = dict(request.args.items()) try: container = args.pop('container') except KeyError: raise errors.BadRequest('No container on URL arguments') results = dict() with open(nodes_file) as f: nodes = yaml.load(f) try: rsa_key_file = nodes.pop('rsa_key') pkey = RSAKey.from_private_key_file(rsa_key_file) except Exception as e: print('Failed to read RSA Key, {} {}'.format(type(e), e)) raise ssh = SSHClient() ssh.set_missing_host_key_policy(AutoAddPolicy) cmd = 'docker logs {container} {args}'.format( container=container, args=' '.join(['--{}={}'.format(a, args[a]) for a in args])) for _, ips in nodes.items(): for ip in ips: ssh.connect(hostname=ip, username='******', pkey=pkey) print('ssh root@{ip} {cmd}'.format(ip=ip, cmd=cmd)) _in, _out, _err = ssh.exec_command(cmd) status = _out.channel.recv_exit_status() results[ip] = dict( status=status, stdout=_out.read(), stderr=_err.read()) ssh.close() return results
def test_3a_long_banner(self): """ verify that a long banner doesn't mess up the handshake. """ host_key = RSAKey.from_private_key_file(test_path('test_rsa.key')) public_host_key = RSAKey(data=host_key.asbytes()) self.ts.add_server_key(host_key) event = threading.Event() server = NullServer() self.assertTrue(not event.is_set()) self.socks.send(LONG_BANNER) self.ts.start_server(event, server) self.tc.connect(hostkey=public_host_key, username='******', password='******') event.wait(1.0) self.assertTrue(event.is_set()) self.assertTrue(self.ts.is_active())
def __init__(self, ctx): self.manager = InstanceManager.make() self.settings = self.manager.settings try: ctx.connect_kwargs.pkey = RSAKey.from_private_key_file( self.manager.settings.key_path) self.connect = ctx.connect_kwargs except (IOError, PasswordRequiredException, SSHException) as e: raise BenchError('Failed to load SSH key', e)
def pKeyConnect(self, ssh_config): try: pKey = RSAKey.from_private_key_file(filename=ssh_config.ssh_key) except PasswordRequiredException: if ssh_config.ssh_key_pass: pKey = RSAKey.from_private_key_file( filename=ssh_config.ssh_key, password=ssh_config.ssh_key_pass) else: err_msg = 'Fail to Load RSAKey({}), make sure password for key is correct.' \ .format(ssh_config.ssh_key) logging.warning(err_msg) raise ImportRSAkeyFaild(err_msg) else: self.client.connect(hostname=ssh_config.remote_host, port=ssh_config.remote_port, username=ssh_config.remote_user, pkey=pKey)
def test_pkey_to_credential(self): key = RSAKey.generate(bits=2048) credential = Credential.objects.create(user=self.user1, remote_user='******') credential.key = key credential.save() credential_copy = Credential.objects.get(pk=credential.pk) self.assertEqual(key.get_fingerprint(), credential_copy.key.get_fingerprint())
def test_load_rsa_password(self): key = RSAKey.from_private_key_file(_support('test_rsa_password.key'), 'television') self.assertEqual('ssh-rsa', key.get_name()) exp_rsa = b(FINGER_RSA.split()[1].replace(':', '')) my_rsa = hexlify(key.get_fingerprint()) self.assertEqual(exp_rsa, my_rsa) self.assertEqual(PUB_RSA.split()[1], key.get_base64()) self.assertEqual(1024, key.get_bits())
def test_load_RSA_key_new_format(self): key = RSAKey.from_private_key_file(_support('test_rsa_2k_o.key'), b'television') self.assertEqual('ssh-rsa', key.get_name()) self.assertEqual(PUB_RSA_2K_OPENSSH.split()[1], key.get_base64()) self.assertEqual(2048, key.get_bits()) exp_rsa = b(FINGER_RSA_2K_OPENSSH.split()[1].replace(':', '')) my_rsa = hexlify(key.get_fingerprint()) self.assertEqual(exp_rsa, my_rsa)
def prepare_ssh_command(config_name, server, hostname, client_id, tool, param, username='******', timeout=30, **kwargs): """ :param config_name: :param server: :param hostname: :param client_id: :param tool: :param param: :param username: :param timeout: :return: """ global management_result current_path = os.path.dirname(os.path.abspath(__file__)) key_path = os.path.join(current_path, '../ssh/key') try: key = RSAKey.from_private_key_file(key_path) except SSHException: g.user.logger.error( 'Exception trying to connect to server: SSH key must be in PEM format : ssh-keygen -m PEM' ) g.user.logger.error(traceback.format_exc()) raise Exception('Failed to connect to server!') ssh = SSHClient() ssh.set_missing_host_key_policy(AutoAddPolicy()) is_connected = ssh_open_connection(ssh, hostname, username, key, timeout, **kwargs) if not is_connected: raise Exception('Failed to connect to server!') tool_cmd = { "ping": "ping -c 10 {}", "dig": "dig {}", "traceroute": "traceroute {}" } if ":" in param: tool_cmd = { "ping": "ping6 -c 10 {}", "dig": "dig {}", "traceroute": "traceroute6 {}" } cmd = tool_cmd.get(tool).format(param) update_result_global_stream_result(config_name, server, client_id, tool, stream_result, "False") t = Thread(target=exec_command, args=(ssh, cmd, config_name, server, client_id, tool)) t.start() management_result[config_name][server][client_id]['ssh'] = ssh management_result[config_name][server][client_id]['thread'] = t
def generate_pub_pri_keys(self): try: key = RSAKey.generate(2048) string_io = StringIO() key.write_private_key(string_io) return key.get_base64(), string_io.getvalue() except BaseException: pass return None, None
def get_ssh_to_remote_by_key(self, ip, keyfile): try: with open(keyfile) as f: keys = [RSAKey.from_private_key(f)] except IOError: logger.warning('Loading of SSH key from file failed. Trying to use' ' SSH agent ...') keys = Agent().get_keys() return SSHClient(ip, private_keys=keys)
def get_private_keys(self, force=False): if force or self._keys is None: self._keys = [] for key_string in [ '/root/.ssh/id_rsa', '/root/.ssh/bootstrap.rsa' ]: with self.get_admin_remote().open(key_string) as f: self._keys.append(RSAKey.from_private_key(f)) return self._keys
def match_fingerprint(self, pvt_file, pw, fingerprint): try: sshKey = RSAKey.from_private_key_file(pvt_file, pw) keybytes = md5(sshKey.asbytes()).hexdigest() printableFingerprint = ':'.join( a + b for a, b in zip(keybytes[::2], keybytes[1::2])) return printableFingerprint == fingerprint.__str__() except PasswordRequiredException: return False
def test_A_interactive_auth_fallback(self): """ verify that a password auth attempt will fallback to "interactive" if password auth isn't supported but interactive is. """ host_key = RSAKey.from_private_key_file('tests/test_rsa.key') public_host_key = RSAKey(data=str(host_key)) self.ts.add_server_key(host_key) event = threading.Event() server = NullServer() self.assert_(not event.isSet()) self.ts.start_server(event, server) self.tc.ultra_debug = True self.tc.connect(hostkey=public_host_key) remain = self.tc.auth_password('commie', 'cat') self.assertEquals([], remain) event.wait(1.0) self.assert_(event.isSet()) self.assert_(self.ts.is_active())
def ensure_local_ssh_key(name): from paramiko import RSAKey if os.path.exists(get_ssh_key_path(name)): ssh_key = RSAKey.from_private_key_file(get_ssh_key_path(name)) else: logger.info("Creating key pair %s", name) ssh_key = new_ssh_key() makedirs(os.path.dirname(get_ssh_key_path(name)), exist_ok=True) ssh_key.write_private_key_file(get_ssh_key_path(name)) return ssh_key
def generate_ssh_key_pairs(filename, phrase): """ SSH key pairs generator for remote docker host provider Args: filename (str):The filename path where ssh keys will be saved. phrase (str):The password phrase. Returns: """ # generating private key prv = RSAKey.generate(bits=2048, progress_func=None) prv.write_private_key_file(filename, password=phrase) # generating public key pub = RSAKey(filename=filename, password=phrase) with open("%s.pub" % filename, "w") as f: f.write("%s %s" % (pub.get_name(), pub.get_base64())) f.write(" %s" % "moitoi_docker_hive_key")
def sftp_authentication(self): try: transport = Transport((ip_server, 222)) privatekeyfile = os.path.expanduser('./priv_key') mykey = RSAKey.from_private_key_file(privatekeyfile) transport.connect(username='******', pkey=mykey) sftp_client = SFTPClient.from_transport(transport) return sftp_client, transport except Exception, e: print "SFTP Authentication Fail:" + str(e)
def _get_ssh_key(self): """ Fetch locally stored SSH key. """ try: self.ssh_key = RSAKey.from_private_key_file(self.ssh_key_filepath) logger.info(f'Found SSH key at self {self.ssh_key_filepath}') except SSHException as error: logger.error(error) return self.ssh_key
def get_ssh_to_remote(self, ip): keys = [] for key_string in ['/root/.ssh/id_rsa', '/root/.ssh/bootstrap.rsa']: with self.get_admin_remote().open(key_string) as f: keys.append(RSAKey.from_private_key(f)) return SSHClient(ip, username=settings.SSH_CREDENTIALS['login'], password=settings.SSH_CREDENTIALS['password'], private_keys=keys)
def setup_test_server(self, client_options=None, server_options=None): host_key = RSAKey.from_private_key_file('tests/test_rsa.key') public_host_key = RSAKey(data=str(host_key)) self.ts.add_server_key(host_key) if client_options is not None: client_options(self.tc.get_security_options()) if server_options is not None: server_options(self.ts.get_security_options()) event = threading.Event() self.server = NullServer() self.assert_(not event.isSet()) self.ts.start_server(event, self.server) self.tc.connect(hostkey=public_host_key, username='******', password='******') event.wait(1.0) self.assert_(event.isSet()) self.assert_(self.ts.is_active())
def __get_ssh_key(self): """ Fetch local ssh key """ try: self.ssh_key = RSAKey.from_private_key_file( self.ssh_key_filepath, self.password) logger.info(f'Found SSH key at {self.ssh_key_filepath}') except SSHException as error: logger.error(error) return self.ssh_key
def create_keypair(private_key_path: str) -> str: """ Create the key-pair using the supplied filename :param private_key_path: full path to the key pair to generate :return: string contents of the public key """ private_key = RSAKey.generate(bits=2048) private_key.write_private_key_file(private_key_path, password=None) pub = RSAKey(filename=private_key_path, password=None) public_key_contents = f'{pub.get_name()} {pub.get_base64()} panhandler' with open("%s.pub" % private_key_path, "w") as f: f.write(public_key_contents) return public_key_contents
def _create_connection(self) -> Connection: return Connection( host=self.hostname, user=self.user, port=self.port, config=self.ssh_config, connect_timeout=self.connect_timeout, connect_kwargs={ 'pkey': RSAKey(filename=os.path.expanduser(self.key_file)) } if self.key_file else None)
def test_3_load_rsa_password(self): key = RSAKey.from_private_key_file( _support("test_rsa_password.key"), "television" ) self.assertEqual("ssh-rsa", key.get_name()) exp_rsa = b(FINGER_RSA.split()[1].replace(":", "")) my_rsa = hexlify(key.get_fingerprint()) self.assertEqual(exp_rsa, my_rsa) self.assertEqual(PUB_RSA.split()[1], key.get_base64()) self.assertEqual(1024, key.get_bits())
def run_ssh_cmd_single(vm, cmd, _async=False, needs_pty=False): ''' sometime /etc/sudoers is configured to require a tty to execute a command with sudo. In this case, set needs_pty to True. But if needs_pty is True, you cannot run a command asyncrounously (check if this is really true) Defaults !requiretty If aysnc is true, return code is 0 and stdout and stderr are both empty strings. That's because the function returns before they are available :param vm: :param cmd: :param needs_pty: :return: ''' try: ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) if vm.priv_key: pkey = RSAKey.from_private_key(StringIO( vm.priv_key)) # assuming it is an RSAKey ssh.connect(hostname=vm.ip, port=22, username=vm.username, pkey=pkey) else: ssh.connect(hostname=vm.ip, port=22, username=vm.username, password=vm.password) logger.debug('Executing command on the remote host {0}: {1}'.format( vm.benchsuite_name, cmd)) stdin, stdout, stderr = ssh.exec_command(cmd, get_pty=needs_pty) if _async: return (0, '', '') out = sanitize_output(stdout.read().decode("utf-8")) err = sanitize_output(stderr.read().decode("utf-8")) exit_status = stdout.channel.recv_exit_status() return (exit_status, out, err) # chan = ssh.get_transport().open_session() # chan.get_pty() # chan.exec_command(cmd) # print(chan.recv(1024)) finally: ssh.close()
def __get_ssh_key(self): """Fetch locally stored SSH key.""" try: query_cmd = """SELECT * FROM keys WHERE host='""" + self.host + """'""" self.cur.execute(query_cmd) key_string = self.cur.fetchone()[1] self.key_file_obj = StringIO(key_string) self.ssh_key = RSAKey.from_private_key(self.key_file_obj) except SSHException as error: logger.error(error) return self.ssh_key
def create_client(self): private = RSAKey(filename=self.get_private_key_file()) client = SSHClient() client.set_missing_host_key_policy(AutoAddPolicy()) client.load_host_keys(self.get_host_keys_file()) client.connect(self.server.host, pkey=private, look_for_keys=False, port=self.server.port, username=self.server.user) return client
def __init__(self, kwargs): self.key = RSAKey.from_private_key( io.StringIO(kwargs['asymKeys']['private'])) self.ip_address = kwargs['ip_address'] self.username = kwargs['username'] self.sshclient = SSHClient() self.sshclient.set_missing_host_key_policy(AutoAddPolicy()) return super().__init__()
def generate_host_key(self, filename): from paramiko import RSAKey bits = 4096 if self.config.has_option('ssh', 'HostKeyBits'): bits = self.config.getint('ssh', 'HostKeyBits') # generate private key and save, self.log.info('Generating {bits}-bit RSA public/private keypair.' .format(bits=bits)) priv_key = RSAKey.generate(bits=bits) priv_key.write_private_key_file(filename, password=None) self.log.debug('{filename} saved.'.format(filename=filename)) # save public key, pub = RSAKey(filename=filename, password=None) with open('{0}.pub'.format(filename,), 'w') as fp: fp.write("{0} {1}".format(pub.get_name(), pub.get_base64())) self.log.debug('{filename}.pub saved.'.format(filename=filename)) return priv_key
def _get_ssh_key(self): """Fetch locally stored SSH key.""" try: self.ssh_key = RSAKey.from_private_key_file(self.ssh_key_filepath) LOGGER.info(f"Found SSH key at self {self.ssh_key_filepath}") return self.ssh_key except SSHException as e: LOGGER.error(e) except Exception as e: LOGGER.error(f"Unexpected error occurred: {e}") raise e
def connect(self): try: # Build a public key object from the server (agent) key file if self.publicKeyType == 'rsa': agent_public_key = RSAKey( data=base64.decodestring(self.publicKey)) elif self.publicKeyType == 'dss': agent_public_key = DSSKey( data=base64.decodestring(self.publicKey)) # Build a private key object from the manager key file, and connect to the agent: if self.privateKeyFile != None: # Using client (manager) private key to authenticate if self.privateKeyType == "rsa": user_private_key = RSAKey.from_private_key_file( self.privateKeyFile) elif self.privateKeyType == "dss": user_private_key = DSSKey.from_private_key_file( self.privateKeyFile) self.ssh.connect(hostkey=agent_public_key, username=self.username, pkey=user_private_key) else: # Using client (manager) password to authenticate self.ssh.connect(hostkey=agent_public_key, username=self.username, password=self.password) # Request a new channel to the server, of type "session". self.chan = self.ssh.open_session() # Request a "netconf" subsystem on the server: self.chan.invoke_subsystem(C.NETCONF_SSH_SUBSYSTEM) except Exception, exp: syslog.openlog("YencaP Manager") syslog.syslog(syslog.LOG_ERR, str(exp)) syslog.closelog() return C.FAILED
def ConnectionHandle(client, priv): try: t = Transport(client) ip, port = client.getpeername() t.local_version = 'SSH-2.0-' + choice(self.random_servers) t.add_server_key(RSAKey(file_obj=StringIO(priv))) t.start_server(server=SSHHandle(ip, port)) chan = t.accept(1) if not chan is None: chan.close() except: pass