def makeSSHFactory(self, primes=None):
sshFactory = factory.SSHFactory()
gpk = lambda: {'ssh-rsa': keys.Key(None)}
sshFactory.getPrimes = lambda: primes
sshFactory.getPublicKeys = sshFactory.getPrivateKeys = gpk
sshFactory.startFactory()
return sshFactory
def testMultipleFactories(self):
f1 = factory.SSHFactory()
f2 = factory.SSHFactory()
gpk = lambda: {'ssh-rsa': keys.Key(None)}
f1.getPrimes = lambda: None
f2.getPrimes = lambda: {1: (2, 3)}
f1.getPublicKeys = f2.getPublicKeys = gpk
f1.getPrivateKeys = f2.getPrivateKeys = gpk
f1.startFactory()
f2.startFactory()
p1 = f1.buildProtocol(None)
p2 = f2.buildProtocol(None)
self.failIf(
'diffie-hellman-group-exchange-sha1' in p1.supportedKeyExchanges,
p1.supportedKeyExchanges)
self.failUnless(
'diffie-hellman-group-exchange-sha1' in p2.supportedKeyExchanges,
p2.supportedKeyExchanges)
def makeSSHFactory(self, primes=None):
sshFactory = factory.SSHFactory()
sshFactory.getPrimes = lambda: primes
sshFactory.getPublicKeys = lambda: {
b"ssh-rsa": keys.Key.fromString(publicRSA_openssh)
}
sshFactory.getPrivateKeys = lambda: {
b"ssh-rsa": keys.Key.fromString(privateRSA_openssh)
}
sshFactory.startFactory()
return sshFactory
def __init__(self):
super(SSHService, self).__init__()
self._name = Config.ssh.name
self._port = Config.ssh.port
p = Portal(SSHRealm())
p.registerChecker(SSHService.honeytokendb)
self._fService = factory.SSHFactory()
self._fService.services[b'ssh-userauth'] = groveUserAuth
self._limiter = Limiter(self._fService, Config.ssh.name,
Config.ssh.connections_per_host)
self._fService.portal = p
# self.protocol = SSHProtocol
# self._fService.protocol = self.protocol
home = expanduser('~')
# XXX: These paths should be configurable
privateKeyPath = home + '/.ssh/id_honeygrove'
publicKeyPath = home + '/.ssh/id_honeygrove.pub'
# Generate RSA keys if they don't exist
if not (exists(privateKeyPath) and exists(publicKeyPath)):
key = keys.rsa.generate_private_key(public_exponent=65537,
key_size=4096,
backend=default_backend())
private_key = key.private_bytes(
serialization.Encoding.PEM,
serialization.PrivateFormat.TraditionalOpenSSL,
serialization.NoEncryption())
public_key = key.public_key().public_bytes(
serialization.Encoding.OpenSSH,
serialization.PublicFormat.OpenSSH)
# make .ssh directory, if it doesn't exist
os.makedirs(dirname(publicKeyPath), exist_ok=True)
with open(privateKeyPath, 'w') as f:
f.write(private_key.decode())
with open(publicKeyPath, 'w') as f:
f.write(public_key.decode())
self._fService.privateKeys = {
b'ssh-rsa': keys.Key.fromFile(privateKeyPath)
}
self._fService.publicKeys = {
b'ssh-rsa': keys.Key.fromFile(publicKeyPath)
}
def run(host='127.0.0.1', port=2222):
"""
Run a pretend SSH server.
"""
sshFactory = factory.SSHFactory()
sshFactory.portal = portal.Portal(PretendRealm())
sshFactory.portal.registerChecker(RecordPassAllCredentials())
sshFactory.publicKeys = {'ssh-rsa': keys.Key.fromString(data=publicKey)}
sshFactory.privateKeys = {'ssh-rsa': keys.Key.fromString(data=privateKey)}
reactor.listenTCP(port, sshFactory, interface=host)
reactor.run()
def main():
log.startLogging(sys.stdout)
sshFactory = factory.SSHFactory()
sshFactory.portal = portal.Portal(SSHRealm())
sshFactory.portal.registerChecker(
checkers.InMemoryUsernamePasswordDatabaseDontUse(admin='admin')
)
publicKey, privateKey = getRSAKeys()
sshFactory.publicKeys = {'ssh-rsa': publicKey}
sshFactory.privateKeys = {'ssh-rsa': privateKey}
reactor.listenTCP(2222, sshFactory)
reactor.run()
def hook_to_reactor(self, reactor):
ssh_factory = factory.SSHFactory()
ssh_factory.portal = portal.Portal(SSHDemoRealm(self.switch_core))
if not self.users:
self.users = {'root': b'root'}
ssh_factory.portal.registerChecker(
checkers.InMemoryUsernamePasswordDatabaseDontUse(**self.users))
host_public_key, host_private_key = getRSAKeys()
ssh_factory.publicKeys = {
b'ssh-rsa': keys.Key.fromString(data=host_public_key.encode())}
ssh_factory.privateKeys = {
b'ssh-rsa': keys.Key.fromString(data=host_private_key.encode())}
lport = reactor.listenTCP(port=self.port, factory=ssh_factory, interface=self.ip)
logging.info(lport)
logging.info("%s (SSH): Registered on %s tcp/%s" % (self.switch_core.switch_configuration.name, self.ip, self.port))
return lport
def test_buildProtocolSignatureAlgorithms(self):
"""
buildProtocol() sets supportedPublicKeys to the list of supported
signature algorithms.
"""
f = factory.SSHFactory()
f.getPublicKeys = lambda: {
b"ssh-rsa": keys.Key.fromString(publicRSA_openssh),
b"ssh-dss": keys.Key.fromString(publicDSA_openssh),
}
f.getPrivateKeys = lambda: {
b"ssh-rsa": keys.Key.fromString(privateRSA_openssh),
b"ssh-dss": keys.Key.fromString(privateDSA_openssh),
}
f.startFactory()
p = f.buildProtocol(None)
self.assertEqual(
[b"rsa-sha2-512", b"rsa-sha2-256", b"ssh-rsa", b"ssh-dss"],
p.supportedPublicKeys,
)
KEY_LENGTH = 1024
rsaKey = RSA.generate(KEY_LENGTH, common.entropy.get_bytes)
publicKeyString = keys.makePublicKeyString(rsaKey)
privateKeyString = keys.makePrivateKeyString(rsaKey)
# save keys for next time
file('public.key', 'w+b').write(publicKeyString)
file('private.key', 'w+b').write(privateKeyString)
print "done."
else:
publicKeyString = file('public.key').read()
privateKeyString = file('private.key').read()
return publicKeyString, privateKeyString
if __name__ == "__main__":
start_logging()
components.registerAdapter(XsweetSession, SSHAvatar, session.ISession)
sshFactory = factory.SSHFactory()
sshFactory.portal = portal.Portal(SSHRealm())
sshFactory.portal.registerChecker(HoneypotPasswordChecker())
pubKeyString, privKeyString = getRSAKeys()
sshFactory.publicKeys = {
'ssh-rsa': keys.Key.fromString(data=pubKeyString)}
sshFactory.privateKeys = {
'ssh-rsa': keys.Key.fromString(data=privKeyString)}
from twisted.internet import reactor
reactor.listenTCP(2222, sshFactory)
reactor.run()