def check_key(self, pubkey, bits, fingerprint_md5, fingerprint_sha256, options, comment, **kwargs): # pylint:disable=too-many-arguments """ Checks valid key """ ssh = SSHKey(pubkey, **kwargs) ssh.parse() self.assertEqual(ssh.bits, bits) self.assertEqual(ssh.hash_md5(), fingerprint_md5) self.assertEqual(ssh.options_raw, options) self.assertEqual(ssh.comment, comment) if fingerprint_sha256 is not None: self.assertEqual(ssh.hash_sha256(), fingerprint_sha256)
def key_to_public_key(key): # type: (str) -> PublicKey """Convert the string representation of a public key to a PublicKey transfer object.""" pubkey = SSHKey(key, strict=True) pubkey.parse() return PublicKey( public_key=pubkey.keydata.strip(), fingerprint=pubkey.hash_md5().replace("MD5:", ""), fingerprint_sha256=pubkey.hash_sha256().replace("SHA256:", ""), )
def check_ssh_key(key_name: str) -> bool: client = boto3.client("ec2") response = client.describe_key_pairs(KeyNames=[key_name]) fingerprint = dpath.util.get(response, "KeyPairs/0/KeyFingerprint") path = str(Path.home() / ".ssh" / f"{key_name}.pub") # try: with open(path, "r") as file: ssh = SSHKey(file.read(), strict=True) ssh.parse() assert (ssh.hash_md5() == fingerprint ), f"Local key {ssh.hash_md5()} does not match {fingerprint}" return True
def parse(self): """ Cleans the key from comments and options and pulates the MD5, SHA256 and SHA512 sums. """ ssh_key = SSHKey(self.public_key, parse_options=False, strict_mode=True) ssh_key.parse() # Tiny hack, to get the clean key self.public_key = ' '.join(ssh_key._split_key(ssh_key.keydata)) self.md5 = ssh_key.hash_md5() self.sha256 = ssh_key.hash_sha256() self.sha512 = ssh_key.hash_sha512()
def add_key(): user = login_user payload = request.get_json() if not payload: return jsonify({ 'message': 'illegal params', 'code': 104000, }), 400 public_key = payload.get('public_key') name = payload.get('name') if not public_key: return jsonify({'message': 'invalid public key', 'code': 104000}), 400 ssh = SSHKey(public_key) try: ssh.parse() except Exception as err: return jsonify({ 'message': 'invalid ssh key: {}'.format(str(err)), 'code': 104001, }), 400 fingerprint = ssh.hash_md5() existed = db.collection('public_keys').find_one( {'fingerprint': fingerprint}) if existed: return jsonify({ 'message': 'ssh public key existed', 'code': 104003 }), 400 options = {'vault_pass': config.vault.get('secret')} encode = Vault(options).encrypt_string(public_key) data = { 'fingerprint': fingerprint, 'user_id': user.get('user_id'), 'content': encode, 'name': name, 'created_at': time.time() } result = db.collection('public_keys').insert_one(data) data['_id'] = result.inserted_id logger.info('add public_keys', extra={'record': data}) return jsonify({ 'message': 'ok', 'code': 0, })
def add_public_key_to_user(self, key, user): # type: (str, str) -> None sql_user = User.get(self.session, name=user) assert sql_user public_key = SSHKey(key, strict=True) public_key.parse() sql_public_key = PublicKey( user_id=sql_user.id, public_key=public_key.keydata.strip(), fingerprint=public_key.hash_md5().replace("MD5:", ""), fingerprint_sha256=public_key.hash_sha256().replace("SHA256:", ""), key_size=public_key.bits, key_type=public_key.key_type, comment=public_key.comment, ) sql_public_key.add(self.session)
def ssh(): if request.method == 'POST': ssh_key_request = request.get_json(force=True)['ssh_key'] SSHKey(ssh_key_request).parse() with open(os.path.expanduser("~/.ssh/authorized_keys"), "a") as f: f.write(ssh_key_request.strip() + "\n") ssh_keys = [] with open(os.path.expanduser("~/.ssh/authorized_keys")) as f: for line in f.readlines(): pub_key = SSHKey(line) pub_key.parse() ssh_keys.append({ 'bits': pub_key.bits, 'md5': pub_key.hash_md5(), 'comment': pub_key.comment }) return jsonify(ssh_keys)
def save(self, *args, **kwargs): # Set fingerprint ssh = SSHKey(self.public_key) ssh.parse() self.fingerprint = ssh.hash_md5()[4:] super().save(*args, **kwargs)
from sshpubkeys import SSHKey pub_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDS4ZCRAuR7Gr0SS2B3XR3IYLcwrCVTSu9nzEDIBHxkVYM+zwO4SBXxECJaOZMI14hgYGa1KMGMqoVAtd72Te+Uwmu4iwGNWW5mheAGUMsYJHhUzTpKxcHqhmXCJI9ngbrPO6KoBVSmYQ1QkYBMI/E8jYBPIy8cfMJIeX7/TL8irTrfA3RS04l84ngSCOFipLLsBq4fbDVc6qbMF6Y4hGcknpOY5PbqX/nG2PdNJ68acT9K1IwqXmi9ZukX1yvpH4a1J4EkwbMyrvrV+3f5RYyHOJr+HL9PhDUWu04zxg2RYl75mbLFOA+kZ92YxF8DRMh6k37GD+VvA56Q+33owZl1" ssh = SSHKey(pub_key) ssh.parse() print(ssh.hash_md5()) # MD5:c9:91:4f:48:43:2f:83:66:cc:22:d3:57:b2:69:40:7a
def get_sshkey_fingerprint(key): keyfp = SSHKey(key) fingerstr = "({})-{} ({})".format( keyfp.comment, keyfp.hash_md5(), keyfp.key_type.decode('utf-8').split('-')[0].upper()) return fingerstr.encode("utf-8")
def get_ssh_key_hash(self, key): ssh = SSHKey(key) ssh.parse() return ssh.hash_md5().split('MD5:').pop()