def key(self):
"""
:return: a subclass of PKey of the appropriate key type
:rtype: PKey
:raises ValidationError:
"""
# Check if the key pair exists: at least a public or private part of
# the key is required, as well as the key type.
if not self.key_type:
return None
if not self.public_key and not self.private_key:
return None
public_key = None
private_key = None
if self.public_key:
public_key = base64.b64decode(self.public_key)
if self.private_key:
private_key = StringIO(self.private_key)
if self.key_type == 'ssh-dss':
pkey = DSSKey(data=public_key, file_obj=private_key)
elif self.key_type == 'ssh-rsa':
pkey = RSAKey(data=public_key, file_obj=private_key)
elif self.key_type.startswith('ecdsa'):
pkey = ECDSAKey(data=public_key, file_obj=private_key)
elif self.key_type == '*****@*****.**':
pkey = RSAKey(data=public_key, file_obj=private_key)
pkey.load_certificate(Message(public_key))
else:
raise ValidationError('Unsupported key type: ' + self.key_type)
return pkey
def test_7_compare_dss(self):
# verify that the private & public keys compare equal
key = DSSKey.from_private_key_file(_support("test_dss.key"))
self.assertEqual(key, key)
pub = DSSKey(data=key.asbytes())
self.assertTrue(key.can_sign())
self.assertTrue(not pub.can_sign())
self.assertEqual(key, pub)
def compute_fingerprint(self):
data = base64.b64decode(self.key)
if self.key_type == "ssh-rsa":
pkey = RSAKey(data=data)
elif self.key_type == "ssh-dss":
pkey = DSSKey(data=data)
return ":".join(re.findall(r"..", hexlify(pkey.get_fingerprint())))
def test_7_compare_dss(self):
# verify that the private & public keys compare equal
key = DSSKey.from_private_key_file('tests/test_dss.key')
self.assertEquals(key, key)
pub = DSSKey(data=str(key))
self.assert_(key.can_sign())
self.assert_(not pub.can_sign())
self.assertEquals(key, pub)
def dehydrate(self, bundle):
if bundle.obj.key_type == "ssh-rsa":
key = RSAKey(data=base64.b64decode(bundle.obj.public_key))
elif bundle.obj.key_type == "ssh-dss":
key = DSSKey(data=base64.b64decode(bundle.obj.public_key))
elif bundle.obj.key_type.startswith("ecdsa"):
key = ECDSAKey(data=base64.b64decode(bundle.obj.public_key))
else:
raise HydrationError("Unknown key type: %s" %
bundle.object.key_type)
bundle.data['fingerprint'] = u(hexlify(key.get_fingerprint()))
return bundle
def test_9_sign_dss(self):
# verify that the dss private key can sign and verify
key = DSSKey.from_private_key_file(_support("test_dss.key"))
msg = key.sign_ssh_data(b"ice weasels")
self.assertTrue(type(msg) is Message)
msg.rewind()
self.assertEqual("ssh-dss", msg.get_text())
# can't do the same test as we do for RSA, because DSS signatures
# are usually different each time. but we can test verification
# anyway so it's ok.
self.assertEqual(40, len(msg.get_binary()))
msg.rewind()
pub = DSSKey(data=key.asbytes())
self.assertTrue(pub.verify_ssh_sig(b"ice weasels", msg))
def test_9_sign_dss(self):
# verify that the dss private key can sign and verify
key = DSSKey.from_private_key_file('tests/test_dss.key')
msg = key.sign_ssh_data(randpool, 'ice weasels')
self.assert_(type(msg) is Message)
msg.rewind()
self.assertEquals('ssh-dss', msg.get_string())
# can't do the same test as we do for RSA, because DSS signatures
# are usually different each time. but we can test verification
# anyway so it's ok.
self.assertEquals(40, len(msg.get_string()))
msg.rewind()
pub = DSSKey(data=str(key))
self.assert_(pub.verify_ssh_sig('ice weasels', msg))
def clean_ssh_pubkey(self):
keydata = self.cleaned_data["ssh_pubkey"].strip()
keys = keydata.splitlines()
if not keys:
return keys
pubkeys = []
for pubkey in keys:
if not pubkey:
continue
fields = pubkey.split(None, 2)
if len(fields) < 2:
raise forms.ValidationError(
_("Malformed SSH key, must be in"
" OpenSSH format, RSA or DSA"))
key_type = fields[0].strip().lower()
key = fields[1].strip()
try:
comment = fields[2].strip()
except IndexError:
comment = None
try:
data = base64.b64decode(key)
except TypeError:
raise forms.ValidationError(_("Malformed SSH key"))
if key_type == "ssh-rsa":
try:
pkey = RSAKey(data=data)
except SSHException:
raise forms.ValidationError(_("Invalid RSA SSH key"))
elif key_type == "ssh-dss":
try:
pkey = DSSKey(data=data)
except SSHException:
raise forms.ValidationError(_("Invalid DSS SSH key"))
else:
raise forms.ValidationError(
_("Unknown key type '%s'") % fields[0])
pubkeys.append((key_type, key, comment))
return pubkeys
def connect(self):
try:
# Build a public key object from the server (agent) key file
if self.publicKeyType == 'rsa':
agent_public_key = RSAKey(
data=base64.decodestring(self.publicKey))
elif self.publicKeyType == 'dss':
agent_public_key = DSSKey(
data=base64.decodestring(self.publicKey))
# Build a private key object from the manager key file, and connect to the agent:
if self.privateKeyFile != None:
# Using client (manager) private key to authenticate
if self.privateKeyType == "rsa":
user_private_key = RSAKey.from_private_key_file(
self.privateKeyFile)
elif self.privateKeyType == "dss":
user_private_key = DSSKey.from_private_key_file(
self.privateKeyFile)
self.ssh.connect(hostkey=agent_public_key,
username=self.username,
pkey=user_private_key)
else:
# Using client (manager) password to authenticate
self.ssh.connect(hostkey=agent_public_key,
username=self.username,
password=self.password)
# Request a new channel to the server, of type "session".
self.chan = self.ssh.open_session()
# Request a "netconf" subsystem on the server:
self.chan.invoke_subsystem(C.NETCONF_SSH_SUBSYSTEM)
except Exception, exp:
syslog.openlog("YencaP Manager")
syslog.syslog(syslog.LOG_ERR, str(exp))
syslog.closelog()
return C.FAILED
def generate_fingerprint(key):
fingerprint = None
_type, _key, _name = split_ssh_key(key)
try:
if _type == 'ssh-rsa':
_key = RSAKey(data=decodestring(_key))
elif _type == 'ssh-dss':
_key = DSSKey(data=decodestring(_key))
else:
return fingerprint
hash = hexlify(_key.get_fingerprint())
fingerprint = ":".join([hash[i:2 + i] for i in range(0, len(hash), 2)])
except SSHException as e:
# Invalid key
# raise ValueError(str(e))
return None
except Error:
# Incorrect padding
# report "Invalid key" error to user
# raise ValueError("Invalid key")
return None
return fingerprint
def __init__(self, url, **kw):
if self.netloc.find('@') != -1:
user, self.netloc = self.netloc.split('@')
else:
user = None
self.config = SSHHostConfig(self.netloc, user)
host_keys = paramiko.util.load_host_keys(
os.path.expanduser('~/.ssh/known_hosts'))
try:
self.hostkey = list(
host_keys[self.config['hostkeyalias']].values())[0]
except:
print(str(self.config))
raise
if ('identityfile' in self.config):
key_file = os.path.expanduser(self.config['identityfile'])
#not really nice but i don't see a cleaner way atm...
try:
self.auth_key = RSAKey(key_file)
except SSHException as e:
if e.message == 'Unable to parse file':
self.auth_key = DSAKey(key_file)
else:
raise
else:
filename = os.path.expanduser('~/.ssh/id_rsa')
if os.path.exists(filename):
self.auth_key = RSAKey(filename)
else:
filename = os.path.expanduser('~/.ssh/id_dsa')
if (os.path.exists(filename)):
self.auth_key = DSSKey(filename)
self.__connect()
def clean(self):
data = super().clean()
key_type = data.get('key_type')
public_key = data.get('public_key')
try:
if key_type == "ssh-rsa":
k = RSAKey(data=base64.b64decode(public_key))
elif key_type == "ssh-dss":
k = DSSKey(data=base64.b64decode(public_key))
elif key_type.startswith('ecdsa'):
k = ECDSAKey(data=base64.b64decode(public_key))
else:
raise forms.ValidationError(
_("Unsupport key type: %(keytype)s"),
code='invalid keytype',
params={'key_type': key_type}
)
data['key_type'] = k.get_name()
data['public_key'] = k.get_base64()
except (TypeError, SSHException, UnicodeDecodeError) as err:
if len(public_key) > 30:
body = public_key[0:30]
else:
body = public_key
raise forms.ValidationError(
_("Body of SSH public key is invalid:\n%(body)s\n"
"Error: %(err)s"),
code='invalid key body',
params={'body': body + "...", 'err': err}
)
return data
