def displayPublicKey(options):
if not options['filename']:
filename = os.path.expanduser('~/.ssh/id_rsa')
options['filename'] = raw_input('Enter file in which the key is (%s): ' % filename)
try:
key = keys.getPrivateKeyObject(options['filename'])
except keys.BadKeyError, e:
if e.args[0] != 'encrypted key with no passphrase':
raise
else:
if not options['pass']:
options['pass'] = getpass.getpass('Enter passphrase: ')
key = keys.getPrivateKeyObject(options['filename'], passphrase = options['pass'])
class ConchFactory(factory.SSHFactory):
publicKey = 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAGEArzJx8OYOnJmzf4tfBEvLi8DVPrJ3/c9k2I/Az64fxjHf9imyRJbixtQhlH9lfNjUIx+4LmrJH5QNRsFporcHDKOTwTTYLh5KmRpslkYHRivcJSkbh/C+BR3utDS555mV'
publicKeys = {'ssh-rsa': keys.getPublicKeyString(data=publicKey)}
del publicKey
privateKey = """-----BEGIN RSA PRIVATE KEY-----
MIIByAIBAAJhAK8ycfDmDpyZs3+LXwRLy4vA1T6yd/3PZNiPwM+uH8Yx3/YpskSW
4sbUIZR/ZXzY1CMfuC5qyR+UDUbBaaK3Bwyjk8E02C4eSpkabJZGB0Yr3CUpG4fw
vgUd7rQ0ueeZlQIBIwJgbh+1VZfr7WftK5lu7MHtqE1S1vPWZQYE3+VUn8yJADyb
Z4fsZaCrzW9lkIqXkE3GIY+ojdhZhkO1gbG0118sIgphwSWKRxK0mvh6ERxKqIt1
xJEJO74EykXZV4oNJ8sjAjEA3J9r2ZghVhGN6V8DnQrTk24Td0E8hU8AcP0FVP+8
PQm/g/aXf2QQkQT+omdHVEJrAjEAy0pL0EBH6EVS98evDCBtQw22OZT52qXlAwZ2
gyTriKFVoqjeEjt3SZKKqXHSApP/AjBLpF99zcJJZRq2abgYlf9lv1chkrWqDHUu
DZttmYJeEfiFBBavVYIF1dOlZT0G8jMCMBc7sOSZodFnAiryP+Qg9otSBjJ3bQML
pSTqy7c3a2AScC/YyOwkDaICHnnD3XyjMwIxALRzl0tQEKMXs6hH8ToUdlLROCrP
EhQ0wahUTCk1gKA4uPD6TMTChavbh4K63OvbKg==
-----END RSA PRIVATE KEY-----"""
privateKeys = {'ssh-rsa': keys.getPrivateKeyObject(data=privateKey)}
del privateKey
def __init__(self, portal):
self.portal = portal
def buildProtocol(self, addr):
if addr.host not in self.allowedIP:
raise "Unauthorized"
return factory.SSHFactory.buildProtocol(self, addr)
def getPrivateKey(self):
try:
# For use with recent versions of Conch
return defer.succeed(self.__getKey().keyObject)
except AttributeError:
# For old versions
return defer.succeed(keys.getPrivateKeyObject(data=self.auth_data.private_key))
def _testKey(self, pubData, privData, keyType):
privKey = keys.getPrivateKeyObject(data=privData)
pubStr = keys.getPublicKeyString(data=pubData)
pubKey = keys.getPublicKeyObject(pubStr)
self._testKeySignVerify(privKey, pubKey)
self._testKeyFromString(privKey, pubKey, privData, pubData)
self._testGenerateKey(privKey, pubKey, privData, pubData, keyType)
def _testKey(self, pubData, privData, keyType):
privKey = keys.getPrivateKeyObject(data = privData)
pubStr = keys.getPublicKeyString(data = pubData)
pubKey = keys.getPublicKeyObject(pubStr)
self._testKeySignVerify(privKey, pubKey)
self._testKeyFromString(privKey, pubKey, privData, pubData)
self._testGenerateKey(privKey, pubKey, privData, pubData, keyType)
def getPrivateKey(self):
try:
# For use with recent versions of Conch
return defer.succeed(self.__getKey().keyObject)
except AttributeError:
# For old versions
return defer.succeed(
keys.getPrivateKeyObject(data=self.auth_data.private_key))
def _testGenerateKey(self, privKey, pubKey, privData, pubData, keyType):
self.assertEquals(keys.makePublicKeyString(pubKey, 'comment', keyType), pubData)
self.assertEquals(keys.makePublicKeyString(privKey, 'comment', keyType), pubData)
self.assertEquals(keys.makePrivateKeyString(privKey, kind=keyType), privData)
encData = keys.makePrivateKeyString(privKey, passphrase='test', kind=keyType)
self.assertEquals(
keys.getPrivateKeyObject(data = encData,
passphrase = 'test').__getstate__(),
privKey.__getstate__())
def getPrivateKey(self):
file = os.path.expanduser(self.usedFiles[-1])
if not os.path.exists(file):
return None
try:
return defer.succeed(keys.getPrivateKeyObject(file))
except keys.BadKeyError, e:
if e.args[0] == 'encrypted key with no passphrase':
for i in range(3):
prompt = "Enter passphrase for key '%s': " % \
self.usedFiles[-1]
try:
p = self._getPassword(prompt)
return defer.succeed(keys.getPrivateKeyObject(file, passphrase = p))
except (keys.BadKeyError, ConchError):
pass
return defer.fail(ConchError('bad password'))
raise
def _cbGetPrivateKey(self, ans, count):
file = os.path.expanduser(self.usedFiles[-1])
try:
return keys.getPrivateKeyObject(file, password = ans)
except keys.BadKeyError:
if count == 2:
raise
prompt = "Enter passphrase for key '%s': " % \
self.usedFiles[-1]
return deferredAskFrame(prompt, 0).addCallback(self._cbGetPrivateKey, count+1)
def getPrivateKey(self):
file = os.path.expanduser(self.usedFiles[-1])
if not os.path.exists(file):
return None
try:
return defer.succeed(keys.getPrivateKeyObject(file))
except keys.BadKeyError, e:
if e.args[0] == 'encrypted key with no passphrase':
for i in range(3):
prompt = "Enter passphrase for key '%s': " % \
self.usedFiles[-1]
try:
p = self._getPassword(prompt)
return defer.succeed(
keys.getPrivateKeyObject(file, passphrase=p))
except (keys.BadKeyError, ConchError):
pass
return defer.fail(ConchError('bad password'))
raise
def getPrivateKey(self):
file = os.path.expanduser(self.usedFiles[-1])
if not os.path.exists(file):
return None
try:
return defer.succeed(keys.getPrivateKeyObject(file))
except keys.BadKeyError, e:
if e.args[0] == 'encrypted key with no password':
prompt = "Enter passphrase for key '%s': " % \
self.usedFiles[-1]
return deferredAskFrame(prompt, 0).addCallback(self._cbGetPrivateKey, 0)
def _testKeyFromString(self, privKey, pubKey, privData, pubData):
keyType = keys.objectType(privKey)
privFS = keys.getPrivateKeyObject(data = privData)
pubFS = keys.getPublicKeyObject(keys.getPublicKeyString(data=pubData))
for k in privFS.keydata:
if getattr(privFS, k) != getattr(privKey, k):
self.fail('getting %s private key from string failed' % keyType)
for k in pubFS.keydata:
if hasattr(pubFS, k):
if getattr(pubFS, k) != getattr(pubKey, k):
self.fail('getting %s public key from string failed' % keyType)
def _cbGetPrivateKey(self, ans, count):
file = os.path.expanduser(self.usedFiles[-1])
try:
return keys.getPrivateKeyObject(file, password=ans)
except keys.BadKeyError:
if count == 2:
raise
prompt = "Enter passphrase for key '%s': " % \
self.usedFiles[-1]
return deferredAskFrame(prompt,
0).addCallback(self._cbGetPrivateKey,
count + 1)
def getPrivateKey(self):
file = os.path.expanduser(self.usedFiles[-1])
if not os.path.exists(file):
return None
try:
return defer.succeed(keys.getPrivateKeyObject(file))
except keys.BadKeyError, e:
if e.args[0] == 'encrypted key with no password':
for i in range(3):
prompt = "Enter passphrase for key '%s': " % \
self.usedFiles[-1]
oldout, oldin = sys.stdout, sys.stdin
sys.stdin = sys.stdout = open('/dev/tty','r+')
p=getpass.getpass(prompt)
sys.stdout,sys.stdin=oldout,oldin
try:
return defer.succeed(keys.getPrivateKeyObject(file, password = p))
except keys.BadKeyError:
pass
return defer.fail(ConchError('bad password'))
raise
def _testKeyFromString(self, privKey, pubKey, privData, pubData):
keyType = keys.objectType(privKey)
privFS = keys.getPrivateKeyObject(data=privData)
pubFS = keys.getPublicKeyObject(keys.getPublicKeyString(data=pubData))
for k in privFS.keydata:
if getattr(privFS, k) != getattr(privKey, k):
self.fail('getting %s private key from string failed' %
keyType)
for k in pubFS.keydata:
if hasattr(pubFS, k):
if getattr(pubFS, k) != getattr(pubKey, k):
self.fail('getting %s public key from string failed' %
keyType)
def getPrivateKeys(self):
ks = {}
euid, egid = os.geteuid(), os.getegid()
os.setegid(0) # gain priviledges
os.seteuid(0)
for file in os.listdir(self.dataRoot):
if file[:9] == 'ssh_host_' and file[-4:] == '_key':
try:
k = keys.getPrivateKeyObject(self.dataRoot + '/' + file)
t = keys.objectType(k)
ks[t] = k
except Exception, e:
log.msg('bad private key file %s: %s' % (file, e))
def getPrivateKeys(self):
ks = {}
euid,egid = os.geteuid(), os.getegid()
os.setegid(0) # gain priviledges
os.seteuid(0)
for file in os.listdir(self.dataRoot):
if file[:9] == 'ssh_host_' and file[-4:]=='_key':
try:
k = keys.getPrivateKeyObject(self.dataRoot+'/'+file)
t = keys.objectType(k)
ks[t] = k
except Exception, e:
log.msg('bad private key file %s: %s' % (file, e))
def getPrivateKey(self):
file = os.path.expanduser(self.usedFiles[-1])
if not os.path.exists(file):
return None
try:
return defer.succeed(keys.getPrivateKeyObject(file))
except keys.BadKeyError, e:
if e.args[0] == 'encrypted key with no password':
prompt = "Enter passphrase for key '%s': " % \
self.usedFiles[-1]
return deferredAskFrame(prompt,
0).addCallback(self._cbGetPrivateKey,
0)
def factoryPreinit(self):
BasePlugin.factoryPreinit(self)
sshdir = self.cb.datapaths['keys.ssh']
keypath = '%s%s%s' % (sshdir, os.sep,
self.mainRegistryValue('keys.rsaKeyFile'))
if not os.path.exists(keypath):
raise Exception, 'The SSH private key is missing'
pubpath = '%s.pub' % keypath
if not os.path.exists(pubpath):
raise Exception, 'The SSH public key is missing'
self.FactoryClass.publicKeys = {'ssh-rsa':keys.getPublicKeyString(filename=pubpath)}
self.FactoryClass.privateKeys = {'ssh-rsa':keys.getPrivateKeyObject(filename=keypath)}
def _testGenerateKey(self, privKey, pubKey, privData, pubData, keyType):
self.assertEquals(keys.makePublicKeyString(pubKey, 'comment', keyType),
pubData)
self.assertEquals(
keys.makePublicKeyString(privKey, 'comment', keyType), pubData)
self.assertEquals(keys.makePrivateKeyString(privKey, kind=keyType),
privData)
if keyType != 'lsh':
encData = keys.makePrivateKeyString(privKey,
passphrase='test',
kind=keyType)
self.assertEquals(
keys.getPrivateKeyObject(data=encData,
passphrase='test').__getstate__(),
privKey.__getstate__())
class ExampleFactory(factory.SSHFactory):
publicKeys = {'ssh-rsa': keys.getPublicKeyString(data=publicKey)}
privateKeys = {'ssh-rsa': keys.getPrivateKeyObject(data=privateKey)}
services = {
'ssh-userauth': userauth.SSHUserAuthServer,
'ssh-connection': connection.SSHConnection
}
def buildProtocol(self, addr):
t = mySSHServerTransport()
t.supportedPublicKeys = self.privateKeys.keys()
if not self.primes:
ske = t.supportedKeyExchanges[:]
ske.remove('diffie-hellman-group-exchange-sha1')
t.supportedKeyExchanges = ske
t.factory = self
return t
def factoryPreinit(self):
BasePlugin.factoryPreinit(self)
sshdir = self.cb.datapaths['keys.ssh']
keypath = '%s%s%s' % (sshdir, os.sep,
self.mainRegistryValue('keys.rsaKeyFile'))
if not os.path.exists(keypath):
raise Exception, 'The SSH private key is missing'
pubpath = '%s.pub' % keypath
if not os.path.exists(pubpath):
raise Exception, 'The SSH public key is missing'
self.FactoryClass.publicKeys = {
'ssh-rsa': keys.getPublicKeyString(filename=pubpath)
}
self.FactoryClass.privateKeys = {
'ssh-rsa': keys.getPrivateKeyObject(filename=keypath)
}
class CoretFactory(factory.SSHFactory):
publicKeys = {'ssh-rsa': keys.getPublicKeyString(data=publicKey)}
privateKeys = {'ssh-rsa': keys.getPrivateKeyObject(data=privateKey)}
services = {'ssh-userauth': userauth.SSHUserAuthServer, 'ssh-connection': connection.SSHConnection}
def buildProtocol(self, addr):
t = transport.SSHServerTransport()
#
# Fix for BUG 1463701 "NMap recognizes Kojoney as a Honeypot"
#
t.ourVersionString = FAKE_SSH_SERVER_VERSION
t.supportedPublicKeys = self.privateKeys.keys()
if not self.primes:
ske = t.supportedKeyExchanges[:]
ske.remove('diffie-hellman-group-exchange-sha1')
t.supportedKeyExchanges = ske
t.factory = self
return t
def createVFSApplication(vfsRoot):
application = service.Application('FAKESFTP')
p = portal.Portal(Realm(vfsRoot))
p.registerChecker(
checkers.InMemoryUsernamePasswordDatabaseDontUse(admin='admin'))
p.registerChecker(checkers.AllowAnonymousAccess(), credentials.IAnonymous)
# sftp
# http://igloo.its.unimelb.edu.au/Webmail/tips/msg00495.html
# ssh-keygen -q -b 1024 -t dsa -f ssh_host_dsa_key
pubkey = keys.getPublicKeyString(
'../sshkeys/ssh_host_dsa_key.pub')
privkey = keys.getPrivateKeyObject(
'../sshkeys/ssh_host_dsa_key')
class SSHFactory(factory.SSHFactory):
publicKeys = {common.getNS(pubkey)[0]: pubkey}
privateKeys = {keys.objectType(privkey): privkey}
sftpf = SSHFactory()
sftpf.portal = p
internet.TCPServer(
int( 2222 ), sftpf,
).setServiceParent(application)
# ftp
f = twisted.protocols.ftp.FTPFactory()
f.portal = p
f.protocol = twisted.protocols.ftp.FTP
internet.TCPServer(
2221, f
).setServiceParent(application)
return application
def getPrivateKey(self):
path = os.path.expanduser('~/.ssh/id_dsa')
return defer.succeed(keys.getPrivateKeyObject(path))
def getPrivateKey(self):
return defer.succeed(keys.getPrivateKeyObject(self.id_file))
def getPrivateKey(self):
return defer.succeed(keys.getPrivateKeyObject(self.id_file))
KEY_LENGTH = 1024
rsaKey = RSA.generate(KEY_LENGTH, common.entropy.get_bytes)
print rsaKey
publicKeyString = keys.makePublicKeyString(rsaKey)
privateKeyString = keys.makePrivateKeyString(rsaKey)
# save keys for next time
file('public.key', 'w+b').write(publicKeyString)
file('private.key', 'w+b').write(privateKeyString)
print "done."
else:
publicKeyString = file('public.key').read()
privateKeyString = file('private.key').read()
return publicKeyString, privateKeyString
if __name__ == "__main__":
sshFactory = factory.SSHFactory()
sshFactory.portal = portal.Portal(SSHDemoRealm())
users = {'admin': 'aaa', 'guest': 'bbb'}
sshFactory.portal.registerChecker(
checkers.InMemoryUsernamePasswordDatabaseDontUse(**users))
pubKeyString, privKeyString = getRSAKeys()
sshFactory.publicKeys = {
'ssh-rsa': keys.getPublicKeyString(data=pubKeyString)}
sshFactory.privateKeys = {
'ssh-rsa': keys.getPrivateKeyObject(data=privKeyString)}
from twisted.internet import reactor
reactor.listenTCP(2222, sshFactory)
reactor.run()
rsaKey = RSA.generate(KEY_LENGTH, common.entropy.get_bytes)
publicKeyString = keys.makePublicKeyString(rsaKey)
privateKeyString = keys.makePrivateKeyString(rsaKey)
# save keys for next time
file(‘public.key’, ‘w+b’).write(publicKeyString)
file(‘private.key’, ‘w+b’).write(privateKeyString)
print "done."
else:
publicKeyString = file(‘public.key’).read()
privateKeyString = file(‘private.key’).read()
return publicKeyString, privateKeyString
if __name__ == "__main__":
sshFactory = factory.SSHFactory()
sshFactory.portal = portal.Portal(SSHDemoRealm())
users = {‘admin’: ‘aaa’, ‘guest’: ‘bbb’}
sshFactory.portal.registerChecker(
checkers.InMemoryUsernamePasswordDatabaseDontUse(**users))
pubKeyString, privKeyString =
getRSAKeys()
sshFactory.publicKeys = {
‘ssh-rsa’: keys.getPublicKeyString(data=pubKeyString)}
sshFactory.privateKeys = {
‘ssh-rsa’: keys.getPrivateKeyObject(data=privKeyString)}
from twisted.internet import reactor
reactor.listenTCP(2222, sshFactory)
reactor.run()
{mospagebreak title=Setting Up a Custom SSH Server continued}
def getPrivateKey(self):
path = os.path.expanduser('~/.ssh/id_dsa')
return defer.succeed(keys.getPrivateKeyObject(path))
def getPrivateKey(self):
self.canSucceedPublicKey = 1
return defer.succeed(keys.getPrivateKeyObject(data=privateDSA_openssh))
def getPrivateKeys(self):
return {
'ssh-rsa':keys.getPrivateKeyObject(data=privateRSA_openssh),
'ssh-dss':keys.getPrivateKeyObject(data=privateDSA_openssh)
}
def getPrivateKey(self):
self.canSucceedPublicKey = 1
return defer.succeed(
keys.getPrivateKeyObject(data=privateDSA_openssh))
def getPrivateKeys(self):
return {
'ssh-rsa': keys.getPrivateKeyObject(data=privateRSA_openssh),
'ssh-dss': keys.getPrivateKeyObject(data=privateDSA_openssh)
}
def getPrivateKeys(self):
return {
"ssh-rsa": keys.getPrivateKeyObject(data=privateRSA_openssh),
"ssh-dss": keys.getPrivateKeyObject(data=privateDSA_openssh),
}
def getPrivateKey(self):
if debug:
print "At getPrivateKey"
path = os.path.expanduser("~/.ssh/id_dsa")
return defer.succeed(keys.getPrivateKeyObject(path))
def getPrivateKey(self):
self.canSucceedPublicKey = 1
return defer.succeed(keys.getPrivateKeyObject('dsa_test'))
