def _ssh_authentication_input_loop(self, hostkeys: paramiko.HostKeys,
key: paramiko.PKey) -> None:
# Ask user for permission to continue
# let it look like openssh
sha64_fingerprint = base64.b64encode(
hashlib.sha256(base64.b64decode(
key.get_base64())).digest()).decode("utf-8")[:-1]
key_type = key.get_name().replace("ssh-", "").upper()
print(f"The authenticity of host '{self.hostname}' can't "
"be established.")
print(f"{key_type} key fingerprint is {sha64_fingerprint}.")
print("Are you sure you want to continue connecting (yes/no)? ",
end="")
add = input()
while True:
if add == "yes":
hostkeys.add(self.hostname, key.get_name(), key)
# ask user if the key should be added permanently
print(
f"Do you want to add {self.hostname} "
"to known_hosts (yes/no)? ",
end="",
)
save = input()
while True:
if save == "yes":
try:
hostkeys.save(filename=self.known_hosts_file)
except OSError as e:
raise GvmError(
"Something went wrong with writing "
f"the known_hosts file: {e}") from None
logger.info(
"Warning: Permanently added '%s' (%s) to "
"the list of known hosts.",
self.hostname,
key_type,
)
break
elif save == "no":
logger.info(
"Warning: Host '%s' (%s) not added to "
"the list of known hosts.",
self.hostname,
key_type,
)
break
else:
print("Please type 'yes' or 'no': ", end="")
save = input()
break
elif add == "no":
return sys.exit(
"User denied key. Host key verification failed.")
else:
print("Please type 'yes' or 'no': ", end="")
add = input()
def _validate_key(host: str, server_key: PKey):
known_hosts_file = '~/.ssh/known_hosts'
host_keys = HostKeys()
host_keys.load(os.path.expanduser(known_hosts_file))
known_server_keys = host_keys.get(host)
add_host_key_instructions = 'You can add the host key with `\n' \
f'ssh-keyscan -H {host} >> {known_hosts_file}\n`'
if known_server_keys is None:
raise SSHAuthenticationError(
f'plz host is not known. {add_host_key_instructions}')
known_server_keys = host_keys.get(host)
if known_server_keys.get(server_key.get_name()) is None:
raise SSHAuthenticationError(
f'No key found for host {host} with name '
f'{server_key.get_name()}. {add_host_key_instructions}')
if server_key != known_server_keys.get(server_key.get_name()):
raise SSHAuthenticationError(
f'Bad host key for `{host}`. Fix your `{known_hosts_file}` file')
def auth_publickey(self, username: Text, host: Text, port: int,
key: PKey) -> int:
ssh_pub_key = SSHKey(f"{key.get_name()} {key.get_base64()}")
ssh_pub_key.parse()
if key.can_sign():
logging.debug(
"AuthenticatorPassThrough.auth_publickey: username=%s, key=%s %s %sbits",
username, key.get_name(), ssh_pub_key.hash_sha256(),
ssh_pub_key.bits)
return self.connect(username,
host,
port,
AuthenticationMethod.publickey,
key=key)
# Ein Publickey wird nur direkt von check_auth_publickey
# übergeben. In dem Fall müssen wir den Client authentifizieren,
# damit wir auf den Agent warten können!
publickey = paramiko.pkey.PublicBlob(key.get_name(), key.asbytes())
if probe_host(host, port, username, publickey):
logging.debug(
f"Found valid key for host {host}:{port} username={username}, key={key.get_name()} {ssh_pub_key.hash_sha256()} {ssh_pub_key.bits}bits"
)
return paramiko.common.AUTH_SUCCESSFUL
return paramiko.common.AUTH_FAILED
