def key(self): """ :return: a subclass of PKey of the appropriate key type :rtype: PKey :raises ValidationError: """ # Check if the key pair exists: at least a public or private part of # the key is required, as well as the key type. if not self.key_type: return None if not self.public_key and not self.private_key: return None public_key = None private_key = None if self.public_key: public_key = base64.b64decode(self.public_key) if self.private_key: private_key = StringIO(self.private_key) if self.key_type == 'ssh-dss': pkey = DSSKey(data=public_key, file_obj=private_key) elif self.key_type == 'ssh-rsa': pkey = RSAKey(data=public_key, file_obj=private_key) elif self.key_type.startswith('ecdsa'): pkey = ECDSAKey(data=public_key, file_obj=private_key) elif self.key_type == '*****@*****.**': pkey = RSAKey(data=public_key, file_obj=private_key) pkey.load_certificate(Message(public_key)) else: raise ValidationError('Unsupported key type: ' + self.key_type) return pkey
def test_7_compare_dss(self): # verify that the private & public keys compare equal key = DSSKey.from_private_key_file(_support("test_dss.key")) self.assertEqual(key, key) pub = DSSKey(data=key.asbytes()) self.assertTrue(key.can_sign()) self.assertTrue(not pub.can_sign()) self.assertEqual(key, pub)
def compute_fingerprint(self): data = base64.b64decode(self.key) if self.key_type == "ssh-rsa": pkey = RSAKey(data=data) elif self.key_type == "ssh-dss": pkey = DSSKey(data=data) return ":".join(re.findall(r"..", hexlify(pkey.get_fingerprint())))
def test_7_compare_dss(self): # verify that the private & public keys compare equal key = DSSKey.from_private_key_file('tests/test_dss.key') self.assertEquals(key, key) pub = DSSKey(data=str(key)) self.assert_(key.can_sign()) self.assert_(not pub.can_sign()) self.assertEquals(key, pub)
def dehydrate(self, bundle): if bundle.obj.key_type == "ssh-rsa": key = RSAKey(data=base64.b64decode(bundle.obj.public_key)) elif bundle.obj.key_type == "ssh-dss": key = DSSKey(data=base64.b64decode(bundle.obj.public_key)) elif bundle.obj.key_type.startswith("ecdsa"): key = ECDSAKey(data=base64.b64decode(bundle.obj.public_key)) else: raise HydrationError("Unknown key type: %s" % bundle.object.key_type) bundle.data['fingerprint'] = u(hexlify(key.get_fingerprint())) return bundle
def test_9_sign_dss(self): # verify that the dss private key can sign and verify key = DSSKey.from_private_key_file(_support("test_dss.key")) msg = key.sign_ssh_data(b"ice weasels") self.assertTrue(type(msg) is Message) msg.rewind() self.assertEqual("ssh-dss", msg.get_text()) # can't do the same test as we do for RSA, because DSS signatures # are usually different each time. but we can test verification # anyway so it's ok. self.assertEqual(40, len(msg.get_binary())) msg.rewind() pub = DSSKey(data=key.asbytes()) self.assertTrue(pub.verify_ssh_sig(b"ice weasels", msg))
def test_9_sign_dss(self): # verify that the dss private key can sign and verify key = DSSKey.from_private_key_file('tests/test_dss.key') msg = key.sign_ssh_data(randpool, 'ice weasels') self.assert_(type(msg) is Message) msg.rewind() self.assertEquals('ssh-dss', msg.get_string()) # can't do the same test as we do for RSA, because DSS signatures # are usually different each time. but we can test verification # anyway so it's ok. self.assertEquals(40, len(msg.get_string())) msg.rewind() pub = DSSKey(data=str(key)) self.assert_(pub.verify_ssh_sig('ice weasels', msg))
def clean_ssh_pubkey(self): keydata = self.cleaned_data["ssh_pubkey"].strip() keys = keydata.splitlines() if not keys: return keys pubkeys = [] for pubkey in keys: if not pubkey: continue fields = pubkey.split(None, 2) if len(fields) < 2: raise forms.ValidationError( _("Malformed SSH key, must be in" " OpenSSH format, RSA or DSA")) key_type = fields[0].strip().lower() key = fields[1].strip() try: comment = fields[2].strip() except IndexError: comment = None try: data = base64.b64decode(key) except TypeError: raise forms.ValidationError(_("Malformed SSH key")) if key_type == "ssh-rsa": try: pkey = RSAKey(data=data) except SSHException: raise forms.ValidationError(_("Invalid RSA SSH key")) elif key_type == "ssh-dss": try: pkey = DSSKey(data=data) except SSHException: raise forms.ValidationError(_("Invalid DSS SSH key")) else: raise forms.ValidationError( _("Unknown key type '%s'") % fields[0]) pubkeys.append((key_type, key, comment)) return pubkeys
def connect(self): try: # Build a public key object from the server (agent) key file if self.publicKeyType == 'rsa': agent_public_key = RSAKey( data=base64.decodestring(self.publicKey)) elif self.publicKeyType == 'dss': agent_public_key = DSSKey( data=base64.decodestring(self.publicKey)) # Build a private key object from the manager key file, and connect to the agent: if self.privateKeyFile != None: # Using client (manager) private key to authenticate if self.privateKeyType == "rsa": user_private_key = RSAKey.from_private_key_file( self.privateKeyFile) elif self.privateKeyType == "dss": user_private_key = DSSKey.from_private_key_file( self.privateKeyFile) self.ssh.connect(hostkey=agent_public_key, username=self.username, pkey=user_private_key) else: # Using client (manager) password to authenticate self.ssh.connect(hostkey=agent_public_key, username=self.username, password=self.password) # Request a new channel to the server, of type "session". self.chan = self.ssh.open_session() # Request a "netconf" subsystem on the server: self.chan.invoke_subsystem(C.NETCONF_SSH_SUBSYSTEM) except Exception, exp: syslog.openlog("YencaP Manager") syslog.syslog(syslog.LOG_ERR, str(exp)) syslog.closelog() return C.FAILED
def generate_fingerprint(key): fingerprint = None _type, _key, _name = split_ssh_key(key) try: if _type == 'ssh-rsa': _key = RSAKey(data=decodestring(_key)) elif _type == 'ssh-dss': _key = DSSKey(data=decodestring(_key)) else: return fingerprint hash = hexlify(_key.get_fingerprint()) fingerprint = ":".join([hash[i:2 + i] for i in range(0, len(hash), 2)]) except SSHException as e: # Invalid key # raise ValueError(str(e)) return None except Error: # Incorrect padding # report "Invalid key" error to user # raise ValueError("Invalid key") return None return fingerprint
def __init__(self, url, **kw): if self.netloc.find('@') != -1: user, self.netloc = self.netloc.split('@') else: user = None self.config = SSHHostConfig(self.netloc, user) host_keys = paramiko.util.load_host_keys( os.path.expanduser('~/.ssh/known_hosts')) try: self.hostkey = list( host_keys[self.config['hostkeyalias']].values())[0] except: print(str(self.config)) raise if ('identityfile' in self.config): key_file = os.path.expanduser(self.config['identityfile']) #not really nice but i don't see a cleaner way atm... try: self.auth_key = RSAKey(key_file) except SSHException as e: if e.message == 'Unable to parse file': self.auth_key = DSAKey(key_file) else: raise else: filename = os.path.expanduser('~/.ssh/id_rsa') if os.path.exists(filename): self.auth_key = RSAKey(filename) else: filename = os.path.expanduser('~/.ssh/id_dsa') if (os.path.exists(filename)): self.auth_key = DSSKey(filename) self.__connect()
def clean(self): data = super().clean() key_type = data.get('key_type') public_key = data.get('public_key') try: if key_type == "ssh-rsa": k = RSAKey(data=base64.b64decode(public_key)) elif key_type == "ssh-dss": k = DSSKey(data=base64.b64decode(public_key)) elif key_type.startswith('ecdsa'): k = ECDSAKey(data=base64.b64decode(public_key)) else: raise forms.ValidationError( _("Unsupport key type: %(keytype)s"), code='invalid keytype', params={'key_type': key_type} ) data['key_type'] = k.get_name() data['public_key'] = k.get_base64() except (TypeError, SSHException, UnicodeDecodeError) as err: if len(public_key) > 30: body = public_key[0:30] else: body = public_key raise forms.ValidationError( _("Body of SSH public key is invalid:\n%(body)s\n" "Error: %(err)s"), code='invalid key body', params={'body': body + "...", 'err': err} ) return data