def __init__(self, base_path):
"""
:param FilePath base_path: The path beneath which all of the temporary
SSH server-related files will be created. An ``ssh`` directory
will be created as a child of this directory to hold the key pair
that is generated. An ``sshd`` directory will also be created here
to hold the generated host key. A ``home`` directory is also
created here and used as the home directory for shell logins to the
server.
"""
self.home = base_path.child(b"home")
self.home.makedirs()
ssh_path = base_path.child(b"ssh")
ssh_path.makedirs()
self.key_path = ssh_path.child(b"key")
key = generate_ssh_key(self.key_path)
sshd_path = base_path.child(b"sshd")
sshd_path.makedirs()
self.host_key_path = sshd_path.child(b"ssh_host_key")
generate_ssh_key(self.host_key_path)
factory = OpenSSHFactory()
realm = _UnixSSHRealm(self.home)
checker = _InMemoryPublicKeyChecker(public_key=key.public())
factory.portal = Portal(realm, [checker])
factory.dataRoot = sshd_path.path
factory.moduliRoot = b"/etc/ssh"
self._port = reactor.listenTCP(0, factory, interface=b"127.0.0.1")
self.ip = IPAddress(self._port.getHost().host)
self.port = self._port.getHost().port
def createManholeListener():
sshRealm = TerminalRealm()
sshRealm.chainedProtocolFactory.protocolFactory = lambda _: Manhole(
namespace)
if settings.MANHOLE_PUBLIC_KEY == 'None':
credChecker = checkers.InMemoryUsernamePasswordDatabaseDontUse()
credChecker.addUser(settings.MANHOLE_USER.encode('utf-8'),
''.encode('utf-8'))
else:
userKeys = {
settings.MANHOLE_USER.encode('utf-8'):
settings.MANHOLE_PUBLIC_KEY.encode('utf-8'),
}
credChecker = PublicKeyChecker(userKeys)
sshPortal = portal.Portal(sshRealm)
sshPortal.registerChecker(credChecker)
sessionFactory = ConchFactory(sshPortal)
# set ssh host keys
if settings.MANHOLE_HOST_KEY_DIR == "":
raise CarbonConfigException("MANHOLE_HOST_KEY_DIR not defined")
openSSHFactory = OpenSSHFactory()
openSSHFactory.dataRoot = settings.MANHOLE_HOST_KEY_DIR
sessionFactory.publicKeys = openSSHFactory.getPublicKeys()
sessionFactory.privateKeys = openSSHFactory.getPrivateKeys()
return sessionFactory
def __init__(self, base_path):
"""
:param FilePath base_path: The path beneath which all of the temporary
SSH server-related files will be created. An ``ssh`` directory
will be created as a child of this directory to hold the key pair
that is generated. An ``sshd`` directory will also be created here
to hold the generated host key. A ``home`` directory is also
created here and used as the home directory for shell logins to the
server.
"""
self.home = base_path.child(b"home")
self.home.makedirs()
ssh_path = base_path.child(b"ssh")
ssh_path.makedirs()
self.key_path = ssh_path.child(b"key")
check_call(
[
b"ssh-keygen",
# Specify the path where the generated key is written.
b"-f",
self.key_path.path,
# Specify an empty passphrase.
b"-N",
b"",
# Generate as little output as possible.
b"-q",
]
)
key = Key.fromFile(self.key_path.path)
sshd_path = base_path.child(b"sshd")
sshd_path.makedirs()
self.host_key_path = sshd_path.child(b"ssh_host_key")
check_call(
[
b"ssh-keygen",
# See above for option explanations.
b"-f",
self.host_key_path.path,
b"-N",
b"",
b"-q",
]
)
factory = OpenSSHFactory()
realm = _UnixSSHRealm(self.home)
checker = _InMemoryPublicKeyChecker(public_key=key.public())
factory.portal = Portal(realm, [checker])
factory.dataRoot = sshd_path.path
factory.moduliRoot = b"/etc/ssh"
self._port = reactor.listenTCP(0, factory, interface=b"127.0.0.1")
self.ip = IPAddress(self._port.getHost().host)
self.port = self._port.getHost().port
def __init__(self, base_path):
"""
:param FilePath base_path: The path beneath which all of the temporary
SSH server-related files will be created. An ``ssh`` directory
will be created as a child of this directory to hold the key pair
that is generated. An ``sshd`` directory will also be created here
to hold the generated host key. A ``home`` directory is also
created here and used as the home directory for shell logins to the
server.
"""
self.home = base_path.child(b"home")
self.home.makedirs()
ssh_path = base_path.child(b"ssh")
ssh_path.makedirs()
self.key_path = ssh_path.child(b"key")
check_call([
b"ssh-keygen",
# Specify the path where the generated key is written.
b"-f",
self.key_path.path,
# Specify an empty passphrase.
b"-N",
b"",
# Generate as little output as possible.
b"-q"
])
key = Key.fromFile(self.key_path.path)
sshd_path = base_path.child(b"sshd")
sshd_path.makedirs()
self.host_key_path = sshd_path.child(b"ssh_host_key")
check_call([
b"ssh-keygen",
# See above for option explanations.
b"-f",
self.host_key_path.path,
b"-N",
b"",
b"-q"
])
factory = OpenSSHFactory()
realm = UnixSSHRealm(self.home)
checker = _InMemoryPublicKeyChecker(public_key=key.public())
factory.portal = Portal(realm, [checker])
factory.dataRoot = sshd_path.path
factory.moduliRoot = b"/etc/ssh"
self._port = reactor.listenTCP(0, factory, interface=b"127.0.0.1")
self.ip = IPAddress(self._port.getHost().host)
self.port = self._port.getHost().port
def makeService(self, options):
"""
Construct a TCPServer from a factory defined in myproject.
"""
_portal = portal.Portal(
essftp.EssFTPRealm(essftp.FilePath(options['root']).path),
options.get('credCheckers',
[SSHPublicKeyChecker(UNIXAuthorizedKeysFiles())]))
if options['keyDirectory']:
factory = OpenSSHFactory()
factory.portal = _portal
factory.dataRoot = options['keyDirectory']
factory.moduliRoot = options['moduli']
else:
factory = ConchFactory(_portal)
return internet.TCPServer(int(options["port"]), factory)
def makeService(self, options):
"""
Construct a TCPServer from a factory defined in myproject.
"""
_portal = portal.Portal(
essftp.EssFTPRealm(essftp.FilePath(options['root']).path),
options.get('credCheckers',
[SSHPublicKeyChecker(UNIXAuthorizedKeysFiles())]))
if options['keyDirectory']:
factory = OpenSSHFactory()
factory.portal = _portal
factory.dataRoot = options['keyDirectory']
factory.moduliRoot = options['moduli']
else:
factory = ConchFactory(_portal)
return internet.TCPServer(int(options["port"]), factory)
def __init__(self, port, checker, ssh_hostkey_dir=None):
"""
@type port: string or int
@param port: what port should the Manhole listen on? This is a
strports specification string, like 'tcp:12345' or
'tcp:12345:interface=127.0.0.1'. Bare integers are treated as a
simple tcp port.
@type checker: an object providing the
L{twisted.cred.checkers.ICredentialsChecker} interface
@param checker: if provided, this checker is used to authenticate the
client instead of using the username/password scheme. You must either
provide a username/password or a Checker. Some useful values are::
import twisted.cred.checkers as credc
import twisted.conch.checkers as conchc
c = credc.AllowAnonymousAccess # completely open
c = credc.FilePasswordDB(passwd_filename) # file of name:passwd
c = conchc.UNIXPasswordDatabase # getpwnam() (probably /etc/passwd)
@type ssh_hostkey_dir: str
@param ssh_hostkey_dir: directory which contains ssh host keys for
this server
"""
# unfortunately, these don't work unless we're running as root
# c = credc.PluggableAuthenticationModulesChecker: PAM
# c = conchc.SSHPublicKeyDatabase() # ~/.ssh/authorized_keys
# and I can't get UNIXPasswordDatabase to work
service.AsyncMultiService.__init__(self)
if isinstance(port, int):
port = "tcp:%d" % port
self.port = port # for comparison later
self.checker = checker # to maybe compare later
def makeNamespace():
master = self.master
namespace = {
'master': master,
'status': master.getStatus(),
'show': show,
}
return namespace
def makeProtocol():
namespace = makeNamespace()
p = insults.ServerProtocol(manhole.ColoredManhole, namespace)
return p
self.ssh_hostkey_dir = ssh_hostkey_dir
if self.ssh_hostkey_dir:
self.using_ssh = True
if not self.ssh_hostkey_dir:
raise ValueError("Most specify a value for ssh_hostkey_dir")
r = manhole_ssh.TerminalRealm()
r.chainedProtocolFactory = makeProtocol
p = portal.Portal(r, [self.checker])
f = manhole_ssh.ConchFactory(p)
openSSHFactory = OpenSSHFactory()
openSSHFactory.dataRoot = self.ssh_hostkey_dir
openSSHFactory.dataModuliRoot = self.ssh_hostkey_dir
f.publicKeys = openSSHFactory.getPublicKeys()
f.privateKeys = openSSHFactory.getPrivateKeys()
else:
self.using_ssh = False
r = _TelnetRealm(makeNamespace)
p = portal.Portal(r, [self.checker])
f = protocol.ServerFactory()
f.protocol = makeTelnetProtocol(p)
s = strports.service(self.port, f)
s.setServiceParent(self)
def __init__(self, port, checker, ssh_hostkey_dir=None):
"""
@type port: string or int
@param port: what port should the Manhole listen on? This is a
strports specification string, like 'tcp:12345' or
'tcp:12345:interface=127.0.0.1'. Bare integers are treated as a
simple tcp port.
@type checker: an object providing the
L{twisted.cred.checkers.ICredentialsChecker} interface
@param checker: if provided, this checker is used to authenticate the
client instead of using the username/password scheme. You must either
provide a username/password or a Checker. Some useful values are::
import twisted.cred.checkers as credc
import twisted.conch.checkers as conchc
c = credc.AllowAnonymousAccess # completely open
c = credc.FilePasswordDB(passwd_filename) # file of name:passwd
c = conchc.UNIXPasswordDatabase # getpwnam() (probably /etc/passwd)
@type ssh_hostkey_dir: str
@param ssh_hostkey_dir: directory which contains ssh host keys for
this server
"""
# unfortunately, these don't work unless we're running as root
# c = credc.PluggableAuthenticationModulesChecker: PAM
# c = conchc.SSHPublicKeyDatabase() # ~/.ssh/authorized_keys
# and I can't get UNIXPasswordDatabase to work
super().__init__()
if isinstance(port, int):
port = "tcp:%d" % port
self.port = port # for comparison later
self.checker = checker # to maybe compare later
def makeNamespace():
master = self.master
namespace = {
'master': master,
'status': master.getStatus(),
'show': show,
}
return namespace
def makeProtocol():
namespace = makeNamespace()
p = insults.ServerProtocol(manhole.ColoredManhole, namespace)
return p
self.ssh_hostkey_dir = ssh_hostkey_dir
if self.ssh_hostkey_dir:
self.using_ssh = True
if not self.ssh_hostkey_dir:
raise ValueError("Most specify a value for ssh_hostkey_dir")
r = manhole_ssh.TerminalRealm()
r.chainedProtocolFactory = makeProtocol
p = portal.Portal(r, [self.checker])
f = manhole_ssh.ConchFactory(p)
openSSHFactory = OpenSSHFactory()
openSSHFactory.dataRoot = self.ssh_hostkey_dir
openSSHFactory.dataModuliRoot = self.ssh_hostkey_dir
f.publicKeys = openSSHFactory.getPublicKeys()
f.privateKeys = openSSHFactory.getPrivateKeys()
else:
self.using_ssh = False
r = _TelnetRealm(makeNamespace)
p = portal.Portal(r, [self.checker])
f = protocol.ServerFactory()
f.protocol = makeTelnetProtocol(p)
s = strports.service(self.port, f)
s.setServiceParent(self)