def buildProtocol(self, addr):
"""
Create an instance of the server side of the SSH protocol.
@type addr: L{twisted.internet.interfaces.IAddress} provider
@param addr: The address at which the server will listen.
@rtype: L{cowrie.ssh.transport.HoneyPotSSHTransport}
@return: The built transport.
"""
_modulis = '/etc/ssh/moduli', '/private/etc/moduli'
t = transport.HoneyPotSSHTransport()
try:
t.ourVersionString = self.cfg.get('ssh', 'version').encode('ascii')
except:
t.ourVersionString = b"SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2"
t.supportedPublicKeys = list(self.privateKeys.keys())
for _moduli in _modulis:
try:
self.primes = primes.parseModuliFile(_moduli)
break
except IOError as err:
pass
if not self.primes:
ske = t.supportedKeyExchanges[:]
if b'diffie-hellman-group-exchange-sha1' in ske:
ske.remove(b'diffie-hellman-group-exchange-sha1')
log.msg("No moduli, no diffie-hellman-group-exchange-sha1")
if b'diffie-hellman-group-exchange-sha256' in ske:
ske.remove(b'diffie-hellman-group-exchange-sha256')
log.msg("No moduli, no diffie-hellman-group-exchange-sha256")
t.supportedKeyExchanges = ske
# Reorder supported ciphers to resemble current openssh more
t.supportedCiphers = [
b'aes128-ctr', b'aes192-ctr', b'aes256-ctr', b'aes128-cbc',
b'3des-cbc', b'blowfish-cbc', b'cast128-cbc', b'aes192-cbc',
b'aes256-cbc'
]
t.supportedPublicKeys = [b'ssh-rsa', b'ssh-dss']
t.supportedMACs = [b'hmac-md5', b'hmac-sha1']
t.supportedCompressions = [b'*****@*****.**', b'zlib', b'none']
t.factory = self
return t
def buildProtocol(self, addr):
"""
Create an instance of the server side of the SSH protocol.
@type addr: L{twisted.internet.interfaces.IAddress} provider
@param addr: The address at which the server will listen.
@rtype: L{cowrie.ssh.transport.HoneyPotSSHTransport}
@return: The built transport.
"""
t = transport.HoneyPotSSHTransport()
t.ourVersionString = self.ourVersionString
t.supportedPublicKeys = list(self.privateKeys.keys())
if not self.primes:
ske = t.supportedKeyExchanges[:]
if b'diffie-hellman-group-exchange-sha1' in ske:
ske.remove(b'diffie-hellman-group-exchange-sha1')
log.msg("No moduli, no diffie-hellman-group-exchange-sha1")
if b'diffie-hellman-group-exchange-sha256' in ske:
ske.remove(b'diffie-hellman-group-exchange-sha256')
log.msg("No moduli, no diffie-hellman-group-exchange-sha256")
t.supportedKeyExchanges = ske
# Reorder supported ciphers to resemble current openssh more
t.supportedCiphers = [
b'aes128-ctr',
b'aes192-ctr',
b'aes256-ctr',
b'aes128-cbc',
b'3des-cbc',
b'blowfish-cbc',
b'cast128-cbc',
b'aes192-cbc',
b'aes256-cbc'
]
t.supportedPublicKeys = [b'ssh-rsa', b'ssh-dss']
t.supportedMACs = [b'hmac-md5', b'hmac-sha1']
t.supportedCompressions = [b'*****@*****.**', b'zlib', b'none']
t.factory = self
return t
def buildProtocol(self, addr):
"""
Create an instance of the server side of the SSH protocol.
@type addr: L{twisted.internet.interfaces.IAddress} provider
@param addr: The address at which the server will listen.
@rtype: L{cowrie.ssh.transport.HoneyPotSSHTransport}
@return: The built transport.
"""
t: transport.SSHServerTransport
if self.backend == "proxy":
t = proxyTransport.FrontendSSHTransport()
else:
t = shellTransport.HoneyPotSSHTransport()
t.ourVersionString = self.ourVersionString
t.supportedPublicKeys = list(self.privateKeys.keys())
if not self.primes:
ske = t.supportedKeyExchanges[:]
if b"diffie-hellman-group-exchange-sha1" in ske:
ske.remove(b"diffie-hellman-group-exchange-sha1")
log.msg("No moduli, no diffie-hellman-group-exchange-sha1")
if b"diffie-hellman-group-exchange-sha256" in ske:
ske.remove(b"diffie-hellman-group-exchange-sha256")
log.msg("No moduli, no diffie-hellman-group-exchange-sha256")
t.supportedKeyExchanges = ske
try:
t.supportedCiphers = [
i.encode("utf-8")
for i in CowrieConfig.get("ssh", "ciphers").split(",")
]
except NoOptionError:
# Reorder supported ciphers to resemble current openssh more
t.supportedCiphers = [
b"aes128-ctr",
b"aes192-ctr",
b"aes256-ctr",
b"aes256-cbc",
b"aes192-cbc",
b"aes128-cbc",
b"3des-cbc",
b"blowfish-cbc",
b"cast128-cbc",
]
try:
t.supportedMACs = [
i.encode("utf-8")
for i in CowrieConfig.get("ssh", "macs").split(",")
]
except NoOptionError:
# SHA1 and MD5 are considered insecure now. Use better algos
# like SHA-256 and SHA-384
t.supportedMACs = [
b"hmac-sha2-512",
b"hmac-sha2-384",
b"hmac-sha2-256",
b"hmac-sha1",
b"hmac-md5",
]
try:
t.supportedCompressions = [
i.encode("utf-8")
for i in CowrieConfig.get("ssh", "compression").split(",")
]
except NoOptionError:
t.supportedCompressions = [b"*****@*****.**", b"zlib", b"none"]
t.factory = self
return t
def buildProtocol(self, addr):
"""
Create an instance of the server side of the SSH protocol.
@type addr: L{twisted.internet.interfaces.IAddress} provider
@param addr: The address at which the server will listen.
@rtype: L{cowrie.ssh.transport.HoneyPotSSHTransport}
@return: The built transport.
"""
if CowrieConfig().get('honeypot', 'backend',
fallback='shell') == 'proxy':
t = proxyTransport.FrontendSSHTransport()
else:
t = shellTransport.HoneyPotSSHTransport()
t.ourVersionString = self.ourVersionString
t.supportedPublicKeys = list(self.privateKeys.keys())
if not self.primes:
ske = t.supportedKeyExchanges[:]
if b'diffie-hellman-group-exchange-sha1' in ske:
ske.remove(b'diffie-hellman-group-exchange-sha1')
log.msg("No moduli, no diffie-hellman-group-exchange-sha1")
if b'diffie-hellman-group-exchange-sha256' in ske:
ske.remove(b'diffie-hellman-group-exchange-sha256')
log.msg("No moduli, no diffie-hellman-group-exchange-sha256")
t.supportedKeyExchanges = ske
try:
t.supportedCiphers = [
i.encode('utf-8')
for i in CowrieConfig().get('ssh', 'ciphers').split(',')
]
except NoOptionError:
# Reorder supported ciphers to resemble current openssh more
t.supportedCiphers = [
b'aes128-ctr',
b'aes192-ctr',
b'aes256-ctr',
b'aes256-cbc',
b'aes192-cbc',
b'aes128-cbc',
b'3des-cbc',
b'blowfish-cbc',
b'cast128-cbc',
]
try:
t.supportedMACs = [
i.encode('utf-8')
for i in CowrieConfig().get('ssh', 'macs').split(',')
]
except NoOptionError:
# SHA1 and MD5 are considered insecure now. Use better algos
# like SHA-256 and SHA-384
t.supportedMACs = [
b'hmac-sha2-512', b'hmac-sha2-384', b'hmac-sha2-256',
b'hmac-sha1', b'hmac-md5'
]
try:
t.supportedCompressions = [
i.encode('utf-8')
for i in CowrieConfig().get('ssh', 'compression').split(',')
]
except NoOptionError:
t.supportedCompressions = [b'*****@*****.**', b'zlib', b'none']
# TODO: Newer versions of SSH will use ECDSA keys too as mentioned
# at https://tools.ietf.org/html/draft-miller-ssh-agent-02#section-4.2.2
#
# Twisted only supports below two keys
t.supportedPublicKeys = [b'ssh-rsa', b'ssh-dss']
t.factory = self
return t
