def login(self, ip, user, passwd, port=22, key=None, key_pass=None): 'login to ssh server' self.set_missing_host_key_policy(AutoAddPolicy()) if key: try: key_file = RSAKey.from_private_key_file(key) except PasswordRequiredException: key_file = RSAKey.from_private_key_file(key, key_pass) else: key_file = None try: self.connect(ip, port, user, passwd, pkey=key_file) self.login_status = True except AuthenticationException: print "Error: user or password error, info: ", \ "ip:", ip, self.error_get()[1] self.login_status = False except socket.error: print "Error: do't connect to host: %s, info: %s " % \ (ip, str(self.error_get()[1])) self.login_status = False except Exception: self.login_status = False print "Error: host: %s unknow errow, info: %s" % ( ip, str(self.error_get()[1]))
def _ssh_connect(self, key_file: Path): print(f"Connecting to {self.user}@{self.server}:{self.port} ...") self.ssh = SSHClient() self.ssh.load_host_keys( os.path.expanduser(os.path.join('~', '.ssh', 'known_hosts'))) self.ssh.set_missing_host_key_policy(AutoAddPolicy()) try: key = RSAKey.from_private_key_file(key_file.as_posix()) except PasswordRequiredException: ssh_pass = getpass.getpass(f"Password for {key_file.as_posix()}: ") key = RSAKey.from_private_key_file(key_file.as_posix(), ssh_pass) self.ssh.connect(self.server, self.port, self.user, pkey=key)
def test_bad_hostkey(self): badkey = RSAKey.from_private_key_file(_support('test_rsa.key')) public_badkey = RSAKey(data=badkey.asbytes()) host_key = RSAKey.from_private_key_file(_support('test_rsa_2k_o.key'), password='******') self.ts.add_server_key(host_key) event = threading.Event() server = NullServer() self.ts.start_server(event, server) self.assertRaises( BadHostKeyException, self.tc.connect, hostkey=public_badkey, username='******', password='******' )
def _check_keypair_from_file(self, ref_fingerprint, private_key_path): """Function to check if a certain keypair from a file matches the fingerprint from a reference one :param str ref_fingerprint: fingerprint to be compared :raises: KeypairError: if the keypair is not valid, or if the fingerprint to check and the one computed from the private key is not the same :raises: KeyNotAccessible: if the private key is password protected and the password provided is not correct """ pkey=None # This block avoid repetition of checks after it is done for the first instance if self._SSH_KEY_CHECKED==True: if self._SSH_KEY_ACCESS_ERROR==True: # This avoid user entering the code right the second time raise KeyNotAccessible#("Unable to access key file `"+private_key_path+": Invalid password") else: return try: pkey=DSSKey.from_private_key_file(private_key_path) except PasswordRequiredException: try: asked_password = getpass.getpass('Enter passphrase for '+private_key_path+ ':') pkey=DSSKey.from_private_key_file(private_key_path,asked_password) except SSHException: self._SSH_KEY_CHECKED=True self._SSH_KEY_ACCESS_ERROR=True # This avoid user entering the code right the second time raise KeyNotAccessible#("Unable to access key file `"+private_key_path+": Invalid password") except SSHException: try: pkey=RSAKey.from_private_key_file(private_key_path) except PasswordRequiredException: try: asked_password = getpass.getpass('Enter passphrase for '+private_key_path+ ':') pkey=RSAKey.from_private_key_file(private_key_path,asked_password) except SSHException: self._SSH_KEY_CHECKED=True self._SSH_KEY_ACCESS_ERROR=True # This avoid user entering the code right the second time raise KeyNotAccessible#("Unable to access key file `"+private_key_path+": Invalid password") except SSHException: raise KeypairError('File `%s` is neither a valid DSA key ' 'or RSA key' % private_key_path) fingerprint = str.join( ':', (i.encode('hex') for i in pkey.get_fingerprint())) if ref_fingerprint!=fingerprint: raise KeypairError( "Keypair from "+private_key_path+" is present but has " "different fingerprint. Aborting!") self._SSH_KEY_CHECKED=True return
def check_ssh(ip, port, user, private_key): try: cli = client.SSHClient() cli.load_host_keys("/dev/null") cli.set_missing_host_key_policy(client.AutoAddPolicy()) if private_key and user: print("[DEBUG-SSH] Trying pubkey auth for", ip) k = RSAKey.from_private_key_file(path + "checkfiles/" + private_key) cli.connect(ip, port, user, banner_timeout=20, timeout=20, auth_timeout=20, pkey=k) else: cli.connect(ip, port, "root", "Password3#", banner_timeout=20, timeout=20, auth_timeout=20) cli.close() return 1, None except Exception as e: if str(e) == "Authentication failed." and not private_key: return 1, None return 0, str(e)
def push_war(war_location, target_address, purpose_directory, user='******', key_location='/root/.ssh/id_rsa'): """ this is a function of translation .war file through scp and paramiko. """ private_key = RSAKey.from_private_key_file(key_location) if not war_location[-4:] == '.war': return None ssh = SSHClient() ssh.load_system_host_keys() ssh.set_missing_host_key_policy(AutoAddPolicy()) try: ssh.connect(hostname=target_address, username=user, pkey=private_key) # scp use the ssh session scp = SCPClient(ssh.get_transport()) except Exception as e: ssh.close() raise e else: scp.put(war_location, purpose_directory) scp.close() ssh.close() return True
def test_certificates(self): # NOTE: we also test 'live' use of cert auth for all key types in # test_client.py; this and nearby cert tests are more about the gritty # details. # PKey.load_certificate key_path = _support(os.path.join('cert_support', 'test_rsa.key')) key = RSAKey.from_private_key_file(key_path) self.assertTrue(key.public_blob is None) cert_path = _support( os.path.join('cert_support', 'test_rsa.key-cert.pub') ) key.load_certificate(cert_path) self.assertTrue(key.public_blob is not None) self.assertEqual(key.public_blob.key_type, '*****@*****.**') self.assertEqual(key.public_blob.comment, 'test_rsa.key.pub') # Delve into blob contents, for test purposes msg = Message(key.public_blob.key_blob) self.assertEqual(msg.get_text(), '*****@*****.**') nonce = msg.get_string() e = msg.get_mpint() n = msg.get_mpint() self.assertEqual(e, key.public_numbers.e) self.assertEqual(n, key.public_numbers.n) # Serial number self.assertEqual(msg.get_int64(), 1234) # Prevented from loading certificate that doesn't match key_path = _support(os.path.join('cert_support', 'test_ed25519.key')) key1 = Ed25519Key.from_private_key_file(key_path) self.assertRaises( ValueError, key1.load_certificate, _support('test_rsa.key-cert.pub'), )
def get(nodes_file, request): """Return the logs""" args = dict(request.args.items()) try: container = args.pop('container') except KeyError: raise errors.BadRequest('No container on URL arguments') results = dict() with open(nodes_file) as f: nodes = yaml.load(f) try: rsa_key_file = nodes.pop('rsa_key') pkey = RSAKey.from_private_key_file(rsa_key_file) except Exception as e: print('Failed to read RSA Key, {} {}'.format(type(e), e)) raise ssh = SSHClient() ssh.set_missing_host_key_policy(AutoAddPolicy) cmd = 'docker logs {container} {args}'.format( container=container, args=' '.join(['--{}={}'.format(a, args[a]) for a in args])) for _, ips in nodes.items(): for ip in ips: ssh.connect(hostname=ip, username='******', pkey=pkey) print('ssh root@{ip} {cmd}'.format(ip=ip, cmd=cmd)) _in, _out, _err = ssh.exec_command(cmd) status = _out.channel.recv_exit_status() results[ip] = dict(status=status, stdout=_out.read(), stderr=_err.read()) ssh.close() return results
def test_H_compression(self): """ verify that zlib compression is basically working. """ host_key = RSAKey.from_private_key_file('tests/test_rsa.key') public_host_key = RSAKey(data=str(host_key)) self.ts.add_server_key(host_key) self.ts.get_security_options().compression = ('zlib',) self.tc.get_security_options().compression = ('zlib',) event = threading.Event() server = NullServer() self.ts.start_server(event, server) self.tc.connect(hostkey=public_host_key, username='******', password='******') event.wait(1.0) self.assert_(event.isSet()) self.assert_(self.ts.is_active()) chan = self.tc.open_session() chan.exec_command('yes') schan = self.ts.accept(1.0) bytes = self.tc.packetizer._Packetizer__sent_bytes chan.send('x' * 1024) bytes2 = self.tc.packetizer._Packetizer__sent_bytes # tests show this is actually compressed to *52 bytes*! including packet overhead! nice!! :) self.assert_(bytes2 - bytes < 1024) self.assertEquals(52, bytes2 - bytes) chan.close() schan.close()
def test_9_interactive_auth(self): """ verify keyboard-interactive auth works. """ host_key = RSAKey.from_private_key_file('tests/test_rsa.key') public_host_key = RSAKey(data=str(host_key)) self.ts.add_server_key(host_key) event = threading.Event() server = NullServer() self.assert_(not event.isSet()) self.ts.start_server(event, server) self.tc.ultra_debug = True self.tc.connect(hostkey=public_host_key) def handler(title, instructions, prompts): self.got_title = title self.got_instructions = instructions self.got_prompts = prompts return ['cat'] remain = self.tc.auth_interactive('commie', handler) self.assertEquals(self.got_title, 'password') self.assertEquals(self.got_prompts, [('Password', False)]) self.assertEquals([], remain) event.wait(1.0) self.assert_(event.isSet()) self.assert_(self.ts.is_active())
def test_4_special(self): """ verify that the client can demand odd handshake settings, and can renegotiate keys in mid-stream. """ host_key = RSAKey.from_private_key_file('tests/test_rsa.key') public_host_key = RSAKey(data=str(host_key)) self.ts.add_server_key(host_key) event = threading.Event() server = NullServer() self.assert_(not event.isSet()) self.ts.start_server(event, server) options = self.tc.get_security_options() options.ciphers = ('aes256-cbc',) options.digests = ('hmac-md5-96',) self.tc.connect(hostkey=public_host_key, username='******', password='******') event.wait(1.0) self.assert_(event.isSet()) self.assert_(self.ts.is_active()) self.assertEquals('aes256-cbc', self.tc.local_cipher) self.assertEquals('aes256-cbc', self.tc.remote_cipher) self.assertEquals(12, self.tc.packetizer.get_mac_size_out()) self.assertEquals(12, self.tc.packetizer.get_mac_size_in()) self.tc.send_ignore(1024) self.tc.renegotiate_keys() self.ts.send_ignore(1024)
def create_library(): pkey_filename = '/Users/cole/.ssh/million-song-dataset.pem' pkey_password = keyring.get_password('SSH', pkey_filename) pkey = RSAKey.from_private_key_file(pkey_filename, password=pkey_password) ssh = SSHClient() ssh.set_missing_host_key_policy(AutoAddPolicy()) ssh.connect('52.91.85.148', username='******', pkey=pkey) letters = ['A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z'] letters2 = ['A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z'] letters3 = ['A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z'] dr = DataReader() dr.reset_lib() import shutil for letter in letters: for letter2 in letters2: for letter3 in letters3: with SCPClient(ssh.get_transport()) as scp: print letter + letter2 + letter3 scp.get('/mnt/snap/data/' + letter + '/' + letter2 + '/' + letter3, '/Users/cole/eclipse-workspace/EC2 File Transfer/Data/', 1) dr.append_files(letter3); shutil.rmtree('/Users/cole/eclipse-workspace/EC2 File Transfer/Data/' + letter3); scp.close() ssh.close()
def __init__(self, host, port, tun_host, tun_port, tun_user, tun_password, pkey_path, pkey_password): self.host = host self.port = int(port) self.tun_host = tun_host self.tun_port = int(tun_port) self.tun_user = tun_user self.tun_password = tun_password if pkey_path: self.private_key = RSAKey.from_private_key_file( pkey_path, password=pkey_password) self.server = SSHTunnelForwarder( ssh_address_or_host=(self.tun_host, self.tun_port), ssh_username=self.tun_user, ssh_pkey=self.private_key, remote_bind_address=(self.host, self.port), ) else: self.server = SSHTunnelForwarder( ssh_address_or_host=(self.tun_host, self.tun_port), ssh_username=self.tun_user, ssh_password=self.tun_password, remote_bind_address=(self.host, self.port), ) self.server.start()
def test_H_compression(self): """ verify that zlib compression is basically working. """ host_key = RSAKey.from_private_key_file('tests/test_rsa.key') public_host_key = RSAKey(data=str(host_key)) self.ts.add_server_key(host_key) self.ts.get_security_options().compression = ('zlib', ) self.tc.get_security_options().compression = ('zlib', ) event = threading.Event() server = NullServer() self.ts.start_server(event, server) self.tc.connect(hostkey=public_host_key, username='******', password='******') event.wait(1.0) self.assert_(event.isSet()) self.assert_(self.ts.is_active()) chan = self.tc.open_session() chan.exec_command('yes') schan = self.ts.accept(1.0) bytes = self.tc.packetizer._Packetizer__sent_bytes chan.send('x' * 1024) bytes2 = self.tc.packetizer._Packetizer__sent_bytes # tests show this is actually compressed to *52 bytes*! including packet overhead! nice!! :) self.assert_(bytes2 - bytes < 1024) self.assertEquals(52, bytes2 - bytes) chan.close() schan.close()
def test_4_special(self): """ verify that the client can demand odd handshake settings, and can renegotiate keys in mid-stream. """ host_key = RSAKey.from_private_key_file('tests/test_rsa.key') public_host_key = RSAKey(data=str(host_key)) self.ts.add_server_key(host_key) event = threading.Event() server = NullServer() self.assert_(not event.isSet()) self.ts.start_server(event, server) options = self.tc.get_security_options() options.ciphers = ('aes256-cbc', ) options.digests = ('hmac-md5-96', ) self.tc.connect(hostkey=public_host_key, username='******', password='******') event.wait(1.0) self.assert_(event.isSet()) self.assert_(self.ts.is_active()) self.assertEquals('aes256-cbc', self.tc.local_cipher) self.assertEquals('aes256-cbc', self.tc.remote_cipher) self.assertEquals(12, self.tc.packetizer.get_mac_size_out()) self.assertEquals(12, self.tc.packetizer.get_mac_size_in()) self.tc.send_ignore(1024) self.tc.renegotiate_keys() self.ts.send_ignore(1024)
def connectRemoteAddress(self,remote_user,remote_address,key_file): ssh=SSHClient() ssh.load_system_host_keys() private_key=path.expanduser("~/.ssh/id_rsa") key=RSAKey.from_private_key_file(private_key) ssh.connect(username=remote_user,hostname=remote_address,pkey=key) return ssh
def test_3_simple(self): """ verify that we can establish an ssh link with ourselves across the loopback sockets. this is hardly "simple" but it's simpler than the later tests. :) """ host_key = RSAKey.from_private_key_file('tests/test_rsa.key') public_host_key = RSAKey(data=bytes(host_key)) self.ts.add_server_key(host_key) event = threading.Event() server = NullServer() self.assert_(not event.isSet()) self.assertEquals(None, self.tc.get_username()) self.assertEquals(None, self.ts.get_username()) self.assertEquals(False, self.tc.is_authenticated()) self.assertEquals(False, self.ts.is_authenticated()) self.ts.start_server(event, server) self.tc.connect(hostkey=public_host_key, username='******', password='******') event.wait(1.0) self.assert_(event.isSet()) self.assert_(self.ts.is_active()) self.assertEquals('slowdive', self.tc.get_username()) self.assertEquals('slowdive', self.ts.get_username()) self.assertEquals(True, self.tc.is_authenticated()) self.assertEquals(True, self.ts.is_authenticated())
def _push_smtppasswd_file(self): logger.info('Pushing smtppasswd file for %s', self) # do this early in order not to fail while connected contents = self.get_smtppasswd_file_contents() pkey = RSAKey.from_private_key_file( settings.KOMPASSI_SSH_PRIVATE_KEY_FILE) with SSHClient() as client: client.load_host_keys(settings.KOMPASSI_SSH_KNOWN_HOSTS_FILE) client.connect( hostname=self.ssh_server, port=self.ssh_port, username=self.ssh_username, pkey=pkey, ) with client.open_sftp() as sftp_client: with sftp_client.file(self.password_file_path_on_server, 'w') as output_file: output_file.write(contents.encode('UTF-8')) with sftp_client.file(self.trigger_file_path_on_server, 'w') as trigger_file: pass logger.info('Successfully pushed smtppasswd file for %s', self)
def fileChooser(returnv=False): """Need both the chooser list with values showing all files selected to start with something like [ {'label': 'New York City', 'value': 'NYC'}, {'label': 'Montreal', 'value': 'MTL'}, {'label': 'San Francisco', 'value': 'SF'} ] """ upload_remote_path = BaseConfig.REMOTEDATAPATH sftpkey = RSAKey.from_private_key_file(BaseConfig.SFTPKEYFILENAME) sftp = SftpClient(BaseConfig.REMOTEDATAHOST, BaseConfig.SFTPPORT, BaseConfig.SFTPLOGINUSER, BaseConfig.SFTPPASSWORD, sftpkey) sftp.dirch(upload_remote_path) fl = sftp.dirlist(upload_remote_path) fl.sort() fl = [x for x in fl if (x.split('.')[-1] == 'xls')] ddl = [] vals = [] for fn in fl: ddl.append({'label': os.path.split(fn)[-1], 'value': fn}) vals.append(fn) if returnv: return vals else: return ddl
def establish_connection(self): config.logging_result.append_text( self._self, "Establishing ssh connection with {0}".format(self.srv_addr)) config.ssh_array[self.srv_addr] = SSHClient() config.ssh_array[self.srv_addr].set_missing_host_key_policy( AutoAddPolicy()) # TODO Handle with ssh auth exceptions # Key auth type if self.config[self.srv_addr].getboolean("auth_type_key"): key = RSAKey.from_private_key_file( self.config[self.srv_addr]["key_path"]) config.ssh_array[self.srv_addr].connect( self.srv_addr, port=self.config[self.srv_addr]["auth_ssh_port"], username=self.config[self.srv_addr]["auth_username"], pkey=key) # Password auth type elif self.config[self.srv_addr].getboolean("auth_type_password"): config.ssh_array[self.srv_addr].connect( self.srv_addr, port=self.config[self.srv_addr]["auth_ssh_port"], username=self.config[self.srv_addr]["auth_username"], password=self.config[self.srv_addr]["auth_password"]) config.logging_result.append_text( self._self, "Connection with {0} established".format(self.srv_addr), success=True) # Setting connection completion flag self.ready.set()
def ssh_wrapper(cmd, host=None): debug("ssh_wrapper(%s)" % cmd) if not host: host = current_app.config["SSH_SERVER"] login = current_app.config["SSH_USERNAME"] key_file = current_app.config["SSH_KEY"] key = RSAKey.from_private_key_file(key_file) timeout = current_app.config.get("SSH_TIMEOUT", 60) debug("Connecting to %s with login %s and key %s" % (host, login, key_file)) client = SSHClient() client.set_missing_host_key_policy(AutoAddPolicy()) try: client.connect(host, username=login, pkey=key, timeout=timeout) except AuthenticationException: error("Failed to connect to %s under using %s with key '%s'" % (host, login, key_file)) client.close() return [], [] except Exception as e: error( "Failed to establish a connection to %s due following error: %s" % (host, e)) client.close() return [], [] stdin, stdout, stderr = client.exec_command(cmd) output = stdout.readlines() errors = stderr.readlines() client.close() debug("Out: %s" % output) debug("Err: %s" % errors) return output, errors
def trans(): """ Create `LoopSocket`-based server/client `Transport`s, yielding the latter. Uses `NullServer` under the hood. """ # NOTE: based on the setup/teardown/start_server/verify_finished methods # found in ye olde test_auth.py # "Network" setup socks = LoopSocket() sockc = LoopSocket() sockc.link(socks) tc = Transport(sockc) ts = Transport(socks) # Start up the in-memory server host_key = RSAKey.from_private_key_file(_support('test_rsa.key')) ts.add_server_key(host_key) event = threading.Event() server = NullServer() ts.start_server(event, server) # Tests frequently need to call Transport.connect on the client side, etc yield tc # Close things down tc.close() ts.close() socks.close() sockc.close()
def create_ssh_rsa_key_pair(passphrase, bits=2048): random_generator = Random.new().read keypair = RSA.generate(bits, random_generator) # extract keys privkey = keypair.exportKey('PEM', passphrase, pkcs=1) pubkey = '%s %s %s' % (keypair.publickey().exportKey("OpenSSH"), config.SSH_PRIV_KEY, str(datetime.now())) # writing keys to files priv_key_file = config.get_priv_ssh_key() pub_key_file = '%s.pub' % priv_key_file with open("%s" % priv_key_file, 'w', stat.S_IWUSR | stat.S_IRUSR) as f: f.write("%s" % privkey) f.close() os.chmod(priv_key_file, stat.S_IWUSR | stat.S_IRUSR) with open("%s" % pub_key_file, 'w') as f: f.write("%s" % pubkey) f.close() # Get fingerprint and encode it in format aa:bb:cc:dd:... fingerprint = RSAKey.from_private_key_file(priv_key_file, password=passphrase).get_fingerprint().encode('hex') fingerprint = ':'.join(fingerprint[i:i + 2] for i in xrange(0, len(fingerprint), 2)) # If running under Windows, convert OpenSSH private key to PuTTY private key, # because pageant cannot load OpenSSH keys. if util.platform_is_windows(): priv_key_file_putty = '%s.ppk' % priv_key_file cmd = '"%s" "%s" -e -o "%s"' % (util.get_path_to_exe('puttygencmd.exe'), priv_key_file, priv_key_file_putty) util.run(cmd) os.remove(priv_key_file) os.rename(priv_key_file_putty, priv_key_file) return fingerprint
def from_file(filename, password = '', keytype = None): """ Returns a new PrivateKey instance with the given attributes. If keytype is None, we attempt to automatically detect the type. @type filename: string @param filename: The key file name. @type password: string @param password: The key password. @type keytype: string @param keytype: The key type. @rtype: PrivateKey @return: The new key. """ if keytype is None: try: key = RSAKey.from_private_key_file(filename) keytype = 'rsa' except SSHException, e: try: key = DSSKey.from_private_key_file(filename) keytype = 'dss' except SSHException, e: msg = 'not a recognized private key: ' + repr(filename) raise ValueError(msg)
def sftp_server(): """ Set up an in-memory SFTP server thread. Yields the client Transport/socket. The resulting client Transport (along with all the server components) will be the same object throughout the test session; the `sftp` fixture then creates new higher level client objects wrapped around the client Transport, as necessary. """ # Sockets & transports socks = LoopSocket() sockc = LoopSocket() sockc.link(socks) tc = Transport(sockc) ts = Transport(socks) # Auth host_key = RSAKey.from_private_key_file(_support("test_rsa.key")) ts.add_server_key(host_key) # Server setup event = threading.Event() server = StubServer() ts.set_subsystem_handler("sftp", SFTPServer, StubSFTPServer) ts.start_server(event, server) # Wait (so client has time to connect? Not sure. Old.) event.wait(1.0) # Make & yield connection. tc.connect(username="******", password="******") yield tc
def test_certificates(self): # PKey.load_certificate key = RSAKey.from_private_key_file(test_path('test_rsa.key')) self.assertTrue(key.public_blob is None) key.load_certificate(test_path('test_rsa.key-cert.pub')) self.assertTrue(key.public_blob is not None) self.assertEqual(key.public_blob.key_type, '*****@*****.**') self.assertEqual(key.public_blob.comment, 'test_rsa.key.pub') # Delve into blob contents, for test purposes msg = Message(key.public_blob.key_blob) self.assertEqual(msg.get_text(), '*****@*****.**') nonce = msg.get_string() e = msg.get_mpint() n = msg.get_mpint() self.assertEqual(e, key.public_numbers.e) self.assertEqual(n, key.public_numbers.n) # Serial number self.assertEqual(msg.get_int64(), 1234) # Prevented from loading certificate that doesn't match key1 = Ed25519Key.from_private_key_file(test_path('test_ed25519.key')) self.assertRaises( ValueError, key1.load_certificate, test_path('test_rsa.key-cert.pub'), )
def from_file(filename, password='', keytype=None): """ Returns a new PrivateKey instance with the given attributes. If keytype is None, we attempt to automatically detect the type. :type filename: string :param filename: The key file name. :type password: string :param password: The key password. :type keytype: string :param keytype: The key type. :rtype: PrivateKey :return: The new key. """ if keytype is None: try: key = RSAKey.from_private_key_file(filename) keytype = 'rsa' except SSHException as e: try: key = DSSKey.from_private_key_file(filename) keytype = 'dss' except SSHException as e: msg = 'not a recognized private key: ' + repr(filename) raise ValueError(msg) key = PrivateKey(keytype) key.filename = filename key.password = password return key
def _set_authentication(self, password, private_key, private_key_pass): '''Authenticate the transport. prefer password if given''' if password is None: # Use Private Key. if not private_key: # Try to use default key. if os.path.exists(os.path.expanduser('~/.ssh/id_rsa')): private_key = '~/.ssh/id_rsa' elif os.path.exists(os.path.expanduser('~/.ssh/id_dsa')): private_key = '~/.ssh/id_dsa' else: raise CredentialException("No password or key specified.") if isinstance(private_key, (AgentKey, RSAKey)): # use the paramiko agent or rsa key self._tconnect['pkey'] = private_key else: # isn't a paramiko AgentKey or RSAKey, try to build a # key from what we assume is a path to a key private_key_file = os.path.expanduser(private_key) try: # try rsa self._tconnect['pkey'] = RSAKey.from_private_key_file( private_key_file, private_key_pass) except paramiko.SSHException: # if it fails, try dss # pylint:disable=r0204 self._tconnect['pkey'] = DSSKey.from_private_key_file( private_key_file, private_key_pass)
def test_L_handshake_timeout(self): """ verify that we can get a hanshake timeout. """ # Tweak client Transport instance's Packetizer instance so # its read_message() sleeps a bit. This helps prevent race conditions # where the client Transport's timeout timer thread doesn't even have # time to get scheduled before the main client thread finishes # handshaking with the server. # (Doing this on the server's transport *sounds* more 'correct' but # actually doesn't work nearly as well for whatever reason.) class SlowPacketizer(Packetizer): def read_message(self): time.sleep(1) return super(SlowPacketizer, self).read_message() # NOTE: prettttty sure since the replaced .packetizer Packetizer is now # no longer doing anything with its copy of the socket...everything'll # be fine. Even tho it's a bit squicky. self.tc.packetizer = SlowPacketizer(self.tc.sock) # Continue with regular test red tape. host_key = RSAKey.from_private_key_file(test_path('test_rsa.key')) public_host_key = RSAKey(data=host_key.asbytes()) self.ts.add_server_key(host_key) event = threading.Event() server = NullServer() self.assertTrue(not event.is_set()) self.tc.handshake_timeout = 0.000000000001 self.ts.start_server(event, server) self.assertRaises(EOFError, self.tc.connect, hostkey=public_host_key, username='******', password='******')
def runSeg(): evnts = getWCronlog(BaseConfig.CRONLOG) # print(evnts) upload_remote_path = BaseConfig.REMOTEDATAPATH sftpkey = RSAKey.from_private_key_file(BaseConfig.SFTPKEYFILENAME) sftp = SftpClient(BaseConfig.REMOTEDATAHOST,BaseConfig.SFTPPORT,BaseConfig.SFTPLOGINUSER,BaseConfig.SFTPPASSWORD,sftpkey) sftp.dirch(BaseConfig.REMOTEDATAPATH) fl = sftp.dirlist(upload_remote_path) fl.sort() fl = [x for x in fl if (len(x.split('.')) > 1 and x.split('.')[1]=='xls')] if fl != None: lcd = loadCellDataMulti(BaseConfig.NSD,fl) datal = [] for i, df in enumerate(lcd.dfs): nr = df.shape[0] print('###i=',i) if nr > 0: #segmints,segtab = segMentsLog(df,evnts) segmints,segtab = segMents(df,i) segments = ['\t'.join(x) for x in segmints] print(lcd.names[i],'segments=\n','\n'.join(segments)) segtabs = ['\t'.join(x) for x in segtab] if i == 0: f = open(SEGTABFNAME,'w') else: f = open(SEGTABFNAME,'a') f.write(''.join(segtabs)) f.close()
def setup_test_server( self, client_options=None, server_options=None, connect_kwargs=None, ): host_key = RSAKey.from_private_key_file(_support('test_rsa.key')) public_host_key = RSAKey(data=host_key.asbytes()) self.ts.add_server_key(host_key) if client_options is not None: client_options(self.tc.get_security_options()) if server_options is not None: server_options(self.ts.get_security_options()) event = threading.Event() self.server = NullServer() self.assertTrue(not event.is_set()) self.ts.start_server(event, self.server) if connect_kwargs is None: connect_kwargs = dict( hostkey=public_host_key, username='******', password='******', ) self.tc.connect(**connect_kwargs) event.wait(1.0) self.assertTrue(event.is_set()) self.assertTrue(self.ts.is_active())
def test_L_handshake_timeout(self): """ verify that we can get a hanshake timeout. """ # Tweak client Transport instance's Packetizer instance so # its read_message() sleeps a bit. This helps prevent race conditions # where the client Transport's timeout timer thread doesn't even have # time to get scheduled before the main client thread finishes # handshaking with the server. # (Doing this on the server's transport *sounds* more 'correct' but # actually doesn't work nearly as well for whatever reason.) class SlowPacketizer(Packetizer): def read_message(self): time.sleep(1) return super(SlowPacketizer, self).read_message() # NOTE: prettttty sure since the replaced .packetizer Packetizer is now # no longer doing anything with its copy of the socket...everything'll # be fine. Even tho it's a bit squicky. self.tc.packetizer = SlowPacketizer(self.tc.sock) # Continue with regular test red tape. host_key = RSAKey.from_private_key_file(_support('test_rsa.key')) public_host_key = RSAKey(data=host_key.asbytes()) self.ts.add_server_key(host_key) event = threading.Event() server = NullServer() self.assertTrue(not event.is_set()) self.tc.handshake_timeout = 0.000000000001 self.ts.start_server(event, server) self.assertRaises(EOFError, self.tc.connect, hostkey=public_host_key, username='******', password='******')
def cmd(self, command="ls"): with open(self.access_keys_csv) as f: csv = f.readlines() conn = connect_to_region("eu-west-2", aws_access_key_id=csv[0].split('=')[1], aws_secret_access_key=csv[1].split('=')[1]) def stringit(arr): arr2 = [] for i in arr: i = i.decode("utf-8") arr2.append(i) return arr2 ssh = SSHClient() ssh.set_missing_host_key_policy(AutoAddPolicy()) privkey = RSAKey.from_private_key_file('scrapit.pem') ssh.connect(self.dns_name, username='******', pkey=privkey) stdin, stdout, stderr = ssh.exec_command(command) stdin.flush() data = stdout.read().splitlines() data = stringit(data) for line in data: print(line) ssh.close() return data
def get(nodes_file, request): """Return the logs""" args = dict(request.args.items()) try: container = args.pop('container') except KeyError: raise errors.BadRequest('No container on URL arguments') results = dict() with open(nodes_file) as f: nodes = yaml.load(f) try: rsa_key_file = nodes.pop('rsa_key') pkey = RSAKey.from_private_key_file(rsa_key_file) except Exception as e: print('Failed to read RSA Key, {} {}'.format(type(e), e)) raise ssh = SSHClient() ssh.set_missing_host_key_policy(AutoAddPolicy) cmd = 'docker logs {container} {args}'.format( container=container, args=' '.join(['--{}={}'.format(a, args[a]) for a in args])) for _, ips in nodes.items(): for ip in ips: ssh.connect(hostname=ip, username='******', pkey=pkey) print('ssh root@{ip} {cmd}'.format(ip=ip, cmd=cmd)) _in, _out, _err = ssh.exec_command(cmd) status = _out.channel.recv_exit_status() results[ip] = dict( status=status, stdout=_out.read(), stderr=_err.read()) ssh.close() return results
def sftp_server(): """ Set up an in-memory SFTP server thread. Yields the client Transport/socket. The resulting client Transport (along with all the server components) will be the same object throughout the test session; the `sftp` fixture then creates new higher level client objects wrapped around the client Transport, as necessary. """ # Sockets & transports socks = LoopSocket() sockc = LoopSocket() sockc.link(socks) tc = Transport(sockc) ts = Transport(socks) # Auth host_key = RSAKey.from_private_key_file(_support('test_rsa.key')) ts.add_server_key(host_key) # Server setup event = threading.Event() server = StubServer() ts.set_subsystem_handler('sftp', SFTPServer, StubSFTPServer) ts.start_server(event, server) # Wait (so client has time to connect? Not sure. Old.) event.wait(1.0) # Make & yield connection. tc.connect(username='******', password='******') yield tc
def test_certificates(self): # NOTE: we also test 'live' use of cert auth for all key types in # test_client.py; this and nearby cert tests are more about the gritty # details. # PKey.load_certificate key_path = _support(os.path.join("cert_support", "test_rsa.key")) key = RSAKey.from_private_key_file(key_path) self.assertTrue(key.public_blob is None) cert_path = _support( os.path.join("cert_support", "test_rsa.key-cert.pub")) key.load_certificate(cert_path) self.assertTrue(key.public_blob is not None) self.assertEqual(key.public_blob.key_type, "*****@*****.**") self.assertEqual(key.public_blob.comment, "test_rsa.key.pub") # Delve into blob contents, for test purposes msg = Message(key.public_blob.key_blob) self.assertEqual(msg.get_text(), "*****@*****.**") msg.get_string() e = msg.get_mpint() n = msg.get_mpint() self.assertEqual(e, key.public_numbers.e) self.assertEqual(n, key.public_numbers.n) # Serial number self.assertEqual(msg.get_int64(), 1234) # Prevented from loading certificate that doesn't match key_path = _support(os.path.join("cert_support", "test_ed25519.key")) key1 = Ed25519Key.from_private_key_file(key_path) self.assertRaises( ValueError, key1.load_certificate, _support("test_rsa.key-cert.pub"), )
def __init__(self, serverdns, username=None, pw=None, keyfile=None, keyfile_pw=None, logfile=None): self.serverdns = serverdns self.cname = self.serverdns.split('.')[0] if not logfile: logname = time.strftime("%d%b%Y") self.logfile = open( os.path.join('./logs', '%s-%s.log' % (self.cname, logname)), 'a') else: self.logfile = logfile self.ssh = SSHClient() self.ssh.load_system_host_keys() self.username = username self.pw = pw self.pkey_filename = keyfile self.pkey_pw = keyfile_pw self.pkey = None if self.pkey_filename: self.pkey = RSAKey.from_private_key_file(self.pkey_filename, password=self.pkey_pw) self.chan = None
def test_simple(self): """ verify that we can establish an ssh link with ourselves across the loopback sockets. this is hardly "simple" but it's simpler than the later tests. :) """ host_key = RSAKey.from_private_key_file(_support("test_rsa.key")) public_host_key = RSAKey(data=host_key.asbytes()) self.ts.add_server_key(host_key) event = threading.Event() server = NullServer() self.assertTrue(not event.is_set()) self.assertEqual(None, self.tc.get_username()) self.assertEqual(None, self.ts.get_username()) self.assertEqual(False, self.tc.is_authenticated()) self.assertEqual(False, self.ts.is_authenticated()) self.ts.start_server(event, server) self.tc.connect( hostkey=public_host_key, username="******", password="******" ) event.wait(1.0) self.assertTrue(event.is_set()) self.assertTrue(self.ts.is_active()) self.assertEqual("slowdive", self.tc.get_username()) self.assertEqual("slowdive", self.ts.get_username()) self.assertEqual(True, self.tc.is_authenticated()) self.assertEqual(True, self.ts.is_authenticated())
def test_3_simple(self): """ verify that we can establish an ssh link with ourselves across the loopback sockets. this is hardly "simple" but it's simpler than the later tests. :) """ host_key = RSAKey.from_private_key_file('tests/test_rsa.key') public_host_key = RSAKey(data=str(host_key)) self.ts.add_server_key(host_key) event = threading.Event() server = NullServer() self.assert_(not event.isSet()) self.assertEquals(None, self.tc.get_username()) self.assertEquals(None, self.ts.get_username()) self.assertEquals(False, self.tc.is_authenticated()) self.assertEquals(False, self.ts.is_authenticated()) self.ts.start_server(event, server) self.tc.connect(hostkey=public_host_key, username='******', password='******') event.wait(1.0) self.assert_(event.isSet()) self.assert_(self.ts.is_active()) self.assertEquals('slowdive', self.tc.get_username()) self.assertEquals('slowdive', self.ts.get_username()) self.assertEquals(True, self.tc.is_authenticated()) self.assertEquals(True, self.ts.is_authenticated())
def test_load_rsa_password(self): key = RSAKey.from_private_key_file(_support("test_rsa_password.key"), "television") self.assertEqual("ssh-rsa", key.get_name()) self.assert_key_fingerprints(key, FINGER_RSA) self.assertEqual(PUB_RSA.split()[1], key.get_base64()) self.assertEqual(1024, key.get_bits())
def exc_command(hostname, port, command_line): """ Depends on the 'paramiko' module :param hostname:Type str The unique id for host. It can be the hostname if the /etc/hosts was configured.Or use the ip address of host. :param port:Type int SSH port number. :param command_line:Type str The command you want to execute. :return:Type str The output info or err info after the command has been executed. """ private_key = RSAKey.from_private_key_file('/home/iptatest/.ssh/id_rsa') client = SSHClient() client.set_missing_host_key_policy(AutoAddPolicy()) try: client.connect(hostname, port, username='******', pkey=private_key, timeout=5) stdin, stdout, stderr = client.exec_command(command_line) message = str(stderr.read(), encoding='utf-8') if not message: result = str(stdout.read(), encoding='utf-8') return result.strip('\n') else: return message.strip('\n') except socket.error: return "Socket error." except ssh_exception.SSHException: return "SSH authenticated failed.Please check the private_key." finally: client.close()
def ensure_ssh_key(name=None, base_name=__name__, verify_pem_file=True): from paramiko import RSAKey if name is None: from getpass import getuser from socket import gethostname name = base_name + "." + getuser() + "." + gethostname().split(".")[0] try: ec2_key_pairs = list(resources.ec2.key_pairs.filter(KeyNames=[name])) if verify_pem_file and not os.path.exists(get_ssh_key_path(name)): msg = "Key {} found in EC2, but not in ~/.ssh." msg += " Delete the key in EC2, copy it to {}, or specify another key." raise KeyError(msg.format(name, get_ssh_key_path(name))) except ClientError as e: expect_error_codes(e, "InvalidKeyPair.NotFound") ec2_key_pairs = None if not ec2_key_pairs: if os.path.exists(get_ssh_key_path(name)): ssh_key = RSAKey.from_private_key_file(get_ssh_key_path(name)) else: logger.info("Creating key pair %s", name) ssh_key = new_ssh_key() makedirs(os.path.dirname(get_ssh_key_path(name)), exist_ok=True) ssh_key.write_private_key_file(get_ssh_key_path(name)) resources.ec2.import_key_pair( KeyName=name, PublicKeyMaterial=get_public_key_from_pair(ssh_key)) logger.info("Imported SSH key %s", get_ssh_key_path(name)) try: subprocess.check_call(["ssh-add", get_ssh_key_path(name)], timeout=5) except Exception as e: logger.warn( "Failed to add %s to SSH keychain: %s. Connections may fail", get_ssh_key_path(name), e) return name
def setup_test_server( self, client_options=None, server_options=None, connect_kwargs=None ): host_key = RSAKey.from_private_key_file(_support("test_rsa.key")) public_host_key = RSAKey(data=host_key.asbytes()) self.ts.add_server_key(host_key) if client_options is not None: client_options(self.tc.get_security_options()) if server_options is not None: server_options(self.ts.get_security_options()) event = threading.Event() self.server = NullServer() self.assertTrue(not event.is_set()) self.ts.start_server(event, self.server) if connect_kwargs is None: connect_kwargs = dict( hostkey=public_host_key, username="******", password="******", ) self.tc.connect(**connect_kwargs) event.wait(1.0) self.assertTrue(event.is_set()) self.assertTrue(self.ts.is_active())
def test_3_load_rsa_password(self): key = RSAKey.from_private_key_file(test_path("test_rsa_password.key"), "television") self.assertEqual("ssh-rsa", key.get_name()) exp_rsa = b(FINGER_RSA.split()[1].replace(":", "")) my_rsa = hexlify(key.get_fingerprint()) self.assertEqual(exp_rsa, my_rsa) self.assertEqual(PUB_RSA.split()[1], key.get_base64()) self.assertEqual(1024, key.get_bits())
def test_6_compare_rsa(self): # verify that the private & public keys compare equal key = RSAKey.from_private_key_file('tests/test_rsa.key') self.assertEquals(key, key) pub = RSAKey(data=str(key)) self.assert_(key.can_sign()) self.assert_(not pub.can_sign()) self.assertEquals(key, pub)
def test_6_compare_rsa(self): # verify that the private & public keys compare equal key = RSAKey.from_private_key_file(test_path('test_rsa.key')) self.assertEqual(key, key) pub = RSAKey(data=key.asbytes()) self.assertTrue(key.can_sign()) self.assertTrue(not pub.can_sign()) self.assertEqual(key, pub)
def start_server(self): host_key = RSAKey.from_private_key_file(test_path('test_rsa.key')) self.public_host_key = RSAKey(data=host_key.asbytes()) self.ts.add_server_key(host_key) self.event = threading.Event() self.server = NullServer() self.assertTrue(not self.event.is_set()) self.ts.start_server(self.event, self.server)
def start_server(self): host_key = RSAKey.from_private_key_file('tests/test_rsa.key') self.public_host_key = RSAKey(data=str(host_key)) self.ts.add_server_key(host_key) self.event = threading.Event() self.server = NullServer() self.assert_(not self.event.isSet()) self.ts.start_server(self.event, self.server)
def get_public_rsa_fingerprint(pubkey_location): try: k = RSAKey.from_private_key_file(pubkey_location) except paramiko.SSHException: raise exception.SSHError("Invalid RSA private key file: %s" % pubkey_location) md5digest = hashlib.md5(str(k)).hexdigest() return insert_char_every_n_chars(md5digest, ':', 2)
def test_3_load_rsa_password(self): key = RSAKey.from_private_key_file('tests/test_rsa_password.key', 'television') self.assertEquals('ssh-rsa', key.get_name()) exp_rsa = FINGER_RSA.split()[1].replace(':', '') my_rsa = hexlify(key.get_fingerprint()) self.assertEquals(exp_rsa, my_rsa) self.assertEquals(PUB_RSA.split()[1], key.get_base64()) self.assertEquals(1024, key.get_bits())
def getIdentityKey(self): keyfile = os.path.abspath(os.path.join(self.getLocalBuildoutPath(),'hostout_rsa')) keyfile = self.options.get('identity-file', keyfile) if not os.path.exists(keyfile): key = RSAKey.generate(1024) key.write_private_key_file(keyfile) else: key = RSAKey.from_private_key_file(keyfile) return keyfile, "ssh-rsa %s hostout@hostout" % key.get_base64()
def connect_ssh(self, ip, key_name): # TODO: set a more reasonable connection timeout time key = RSAKey.from_private_key_file("/tmp/%s.pem" % key_name) client = SSHClient() client.load_system_host_keys() client.set_missing_host_key_policy(WarningPolicy()) client.connect(ip, username="******", pkey=key) stdin, stdout, stderr = client.exec_command("uptime") print "uptime: ", stdout.read() return client
def _connect(self): self._conn = Transport((self._host, self._port)) self._conn.window_size = pow(2, 27) self._conn.packetizer.REKEY_BYTES = pow(2, 32) self._conn.packetizer.REKEY_PACKETS = pow(2, 32) if self._auth == 'key': pkey = RSAKey.from_private_key_file(self._key_path) self._conn.connect(username=self._user, pkey=pkey) else: self._conn.connect(username=self._user, password=self._passwd) self._client = SFTPClient.from_transport(self._conn)
def main (*margs): parser = argparse.ArgumentParser("JDSU-OCM Netconf Server") parser.add_argument("--server-port", type=int, default=830, help="Port for netconf to listen on") parser.add_argument("--server-username", default="admin", help="Netconf user") parser.add_argument("--server-password", default="admin", help="Netconf password") parser.add_argument("--server-host-key", help="Server SSH Host Key") parser.add_argument("--device-host", help="The remote JDSU host to run sercat on otherwise local") parser.add_argument("--device-name", default="/dev/ttyUSB0", help="The serial port device") parser.add_argument("--device-username", help="The username to login with") parser.add_argument("--device-password", help="The password to login with") parser.add_argument("--device-key", help="SSH Private key to use") parser.add_argument("-v", "--verbose", action="store_true", help="Verbose logging") parser.add_argument("-d", "--debug", action="store_true", help="Enable debug logging") args = parser.parse_args(*margs) if args.debug: logging.basicConfig(level=logging.DEBUG) elif args.verbose: logging.basicConfig(level=logging.INFO) else: logging.basicConfig(level=logging.WARNING) logger = logging.getLogger(__name__) # Mutually exclusive if args.device_password and args.device_key: logger.critical("Can't specify both --device-key and --device-password") sys.exit(1) if not args.server_host_key or not os.path.exists(os.path.expanduser(args.server_host_key)): logger.critical("Server host ssh key required.") sys.exit(1) if not args.device_host: jdsu = device.LocalOCM(args.device_name, debug=args.debug) else: if args.device_key: password = RSAKey.from_private_key_file(args.device_key) else: password = args.device_password jdsu = device.RemoteOCM(args.device_host, args.device_name, username=args.device_username, password=password, debug=args.debug) ncserver = server.NetconfServer(jdsu, args.server_host_key, ssh_port=args.server_port, username=args.server_username, password=args.server_password, debug=args.debug) ncserver.join()
def test_8_sign_rsa(self): # verify that the rsa private key can sign and verify key = RSAKey.from_private_key_file(test_path('test_rsa.key')) msg = key.sign_ssh_data(b'ice weasels') self.assertTrue(type(msg) is Message) msg.rewind() self.assertEqual('ssh-rsa', msg.get_text()) sig = bytes().join([byte_chr(int(x, 16)) for x in SIGNED_RSA.split(':')]) self.assertEqual(sig, msg.get_binary()) msg.rewind() pub = RSAKey(data=key.asbytes()) self.assertTrue(pub.verify_ssh_sig(b'ice weasels', msg))
def test_8_sign_rsa(self): # verify that the rsa private key can sign and verify key = RSAKey.from_private_key_file('tests/test_rsa.key') msg = key.sign_ssh_data(rng, 'ice weasels') self.assert_(type(msg) is Message) msg.rewind() self.assertEquals('ssh-rsa', msg.get_string()) sig = ''.join([chr(int(x, 16)) for x in SIGNED_RSA.split(':')]) self.assertEquals(sig, msg.get_string()) msg.rewind() pub = RSAKey(data=str(key)) self.assert_(pub.verify_ssh_sig('ice weasels', msg))
def _check_keypair(self, name, public_key_path, private_key_path): connection = self._connect() keypairs = connection.get_all_key_pairs() keypairs = dict((k.name, k) for k in keypairs) # decide if dsa or rsa key is provided pkey = None is_dsa_key = False try: pkey = DSSKey.from_private_key_file(private_key_path) is_dsa_key = True except PasswordRequiredException: raise KeypairError( "Key `%s` is encrypted with a password. Please, use" "an unencrypted key or use ssh-agent" % private_key_path) except SSHException: try: pkey = RSAKey.from_private_key_file(private_key_path) except PasswordRequiredException: raise KeypairError( "Key `%s` is encrypted with a password. Please, use" "an unencrypted key or use ssh-agent" % private_key_path) except SSHException: raise KeypairError('File `%s` is neither a valid DSA key ' 'or RSA key.' % private_key_path) # create keys that don't exist yet if name not in keypairs: log.warning( "Keypair `%s` not found on resource `%s`, Creating a new one", name, self._url) with open(os.path.expanduser(public_key_path)) as f: key_material = f.read() try: # check for DSA on amazon if "amazon" in self._ec2host and is_dsa_key: log.error( "Apparently, amazon does not support DSA keys. " "Please specify a valid RSA key.") raise KeypairError( "Apparently, amazon does not support DSA keys." "Please specify a valid RSA key.") connection.import_key_pair(name, key_material) except Exception, ex: log.error( "Could not import key `%s` with name `%s` to `%s`", name, public_key_path, self._url) raise KeypairError( "could not create keypair `%s`: %s" % (name, ex))