def _verify_key_value(self) -> None:
"""
Verify target host public key, raise exception if invalid/unknown
Args:
N/A
Returns:
None
Raises:
ScrapliConnectionNotOpened: if session is unopened/None
ScrapliAuthenticationFailed: if host is in known hosts but public key does not match or
cannot glean remote server key from session.
"""
if not self.session:
raise ScrapliConnectionNotOpened
known_hosts = SSHKnownHosts(self.plugin_transport_args.ssh_known_hosts_file)
known_host_public_key = known_hosts.lookup(self._base_transport_args.host)
remote_server_key = self.session.get_server_host_key()
if remote_server_key is None:
raise ScrapliAuthenticationFailed(
f"failed gleaning remote server ssh key for host {self._base_transport_args.host}"
)
remote_public_key = remote_server_key.export_public_key().split()[1].decode()
if known_host_public_key["public_key"] != remote_public_key:
raise ScrapliAuthenticationFailed(
f"{self._base_transport_args.host} in known_hosts but public key does not match!"
)
def _verify_key(self) -> None:
"""
Verify target host public key, raise exception if invalid/unknown
Args:
N/A
Returns:
None
Raises:
ScrapliConnectionNotOpened: if session is unopened/None
ScrapliAuthenticationFailed: if host is not in known hosts
ScrapliAuthenticationFailed: if host is in known hosts but public key does not match
"""
if not self.session:
raise ScrapliConnectionNotOpened
known_hosts = SSHKnownHosts(
self.plugin_transport_args.ssh_known_hosts_file)
known_host_public_key = known_hosts.lookup(
self._base_transport_args.host)
if not known_host_public_key:
raise ScrapliAuthenticationFailed(
f"{self._base_transport_args.host} not in known_hosts!")
remote_server_key = self.session.get_remote_server_key()
remote_public_key = remote_server_key.get_base64()
if known_host_public_key["public_key"] != remote_public_key:
raise ScrapliAuthenticationFailed(
f"{self._base_transport_args.host} in known_hosts but public key does not match!"
)
def _verify_key(self) -> None:
"""
Verify target host public key, raise exception if invalid/unknown
Args:
N/A
Returns:
None
Raises:
ScrapliAuthenticationFailed: if host is not in known hosts
"""
known_hosts = SSHKnownHosts(self.plugin_transport_args.ssh_known_hosts_file)
known_host_public_key = known_hosts.lookup(self._base_transport_args.host)
if not known_host_public_key:
raise ScrapliAuthenticationFailed(
f"{self._base_transport_args.host} not in known_hosts!"
)
def _verify_key(self) -> None:
"""
Verify target host public key, raise exception if invalid/unknown
Args:
N/A
Returns:
None
Raises:
ScrapliConnectionNotOpened: if session is unopened/None
ScrapliAuthenticationFailed: if public key verification fails
"""
if not self.session:
raise ScrapliConnectionNotOpened
known_hosts = SSHKnownHosts(
self.plugin_transport_args.ssh_known_hosts_file)
known_host_public_key = known_hosts.lookup(
self._base_transport_args.host)
if not known_host_public_key:
raise ScrapliAuthenticationFailed(
f"{self._base_transport_args.host} not in known_hosts!")
remote_server_key_info = self.session.hostkey()
encoded_remote_server_key = remote_server_key_info[0]
raw_remote_public_key = base64.encodebytes(encoded_remote_server_key)
remote_public_key = raw_remote_public_key.replace(b"\n", b"").decode()
if known_host_public_key["public_key"] != remote_public_key:
raise ScrapliAuthenticationFailed(
f"{self._base_transport_args.host} in known_hosts but public key does not match!"
)
def test_known_host_lookup_bad_host(real_ssh_known_hosts_file_path):
known_hosts = SSHKnownHosts(real_ssh_known_hosts_file_path)
assert known_hosts.lookup("bad.host") == {}
def test_known_host_lookup_exact_host_hashed(real_ssh_known_hosts_file_path):
known_hosts = SSHKnownHosts(real_ssh_known_hosts_file_path)
# remove the non-hashed known host entry in the loaded dict, leaving only the hashed entry
del known_hosts.hosts["172.18.0.11"]
assert known_hosts.lookup("172.18.0.11") != {}
def test_known_host_lookup_exact_host(real_ssh_known_hosts_file_path):
known_hosts = SSHKnownHosts(real_ssh_known_hosts_file_path)
assert known_hosts.lookup("172.18.0.11") != {}
