def displayPublicKey(options): if not options['filename']: filename = os.path.expanduser('~/.ssh/id_rsa') options['filename'] = raw_input('Enter file in which the key is (%s): ' % filename) try: key = keys.getPrivateKeyObject(options['filename']) except keys.BadKeyError, e: if e.args[0] != 'encrypted key with no passphrase': raise else: if not options['pass']: options['pass'] = getpass.getpass('Enter passphrase: ') key = keys.getPrivateKeyObject(options['filename'], passphrase = options['pass'])
class ConchFactory(factory.SSHFactory): publicKey = 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAGEArzJx8OYOnJmzf4tfBEvLi8DVPrJ3/c9k2I/Az64fxjHf9imyRJbixtQhlH9lfNjUIx+4LmrJH5QNRsFporcHDKOTwTTYLh5KmRpslkYHRivcJSkbh/C+BR3utDS555mV' publicKeys = {'ssh-rsa': keys.getPublicKeyString(data=publicKey)} del publicKey privateKey = """-----BEGIN RSA PRIVATE KEY----- MIIByAIBAAJhAK8ycfDmDpyZs3+LXwRLy4vA1T6yd/3PZNiPwM+uH8Yx3/YpskSW 4sbUIZR/ZXzY1CMfuC5qyR+UDUbBaaK3Bwyjk8E02C4eSpkabJZGB0Yr3CUpG4fw vgUd7rQ0ueeZlQIBIwJgbh+1VZfr7WftK5lu7MHtqE1S1vPWZQYE3+VUn8yJADyb Z4fsZaCrzW9lkIqXkE3GIY+ojdhZhkO1gbG0118sIgphwSWKRxK0mvh6ERxKqIt1 xJEJO74EykXZV4oNJ8sjAjEA3J9r2ZghVhGN6V8DnQrTk24Td0E8hU8AcP0FVP+8 PQm/g/aXf2QQkQT+omdHVEJrAjEAy0pL0EBH6EVS98evDCBtQw22OZT52qXlAwZ2 gyTriKFVoqjeEjt3SZKKqXHSApP/AjBLpF99zcJJZRq2abgYlf9lv1chkrWqDHUu DZttmYJeEfiFBBavVYIF1dOlZT0G8jMCMBc7sOSZodFnAiryP+Qg9otSBjJ3bQML pSTqy7c3a2AScC/YyOwkDaICHnnD3XyjMwIxALRzl0tQEKMXs6hH8ToUdlLROCrP EhQ0wahUTCk1gKA4uPD6TMTChavbh4K63OvbKg== -----END RSA PRIVATE KEY-----""" privateKeys = {'ssh-rsa': keys.getPrivateKeyObject(data=privateKey)} del privateKey def __init__(self, portal): self.portal = portal def buildProtocol(self, addr): if addr.host not in self.allowedIP: raise "Unauthorized" return factory.SSHFactory.buildProtocol(self, addr)
def getPrivateKey(self): try: # For use with recent versions of Conch return defer.succeed(self.__getKey().keyObject) except AttributeError: # For old versions return defer.succeed(keys.getPrivateKeyObject(data=self.auth_data.private_key))
def _testKey(self, pubData, privData, keyType): privKey = keys.getPrivateKeyObject(data=privData) pubStr = keys.getPublicKeyString(data=pubData) pubKey = keys.getPublicKeyObject(pubStr) self._testKeySignVerify(privKey, pubKey) self._testKeyFromString(privKey, pubKey, privData, pubData) self._testGenerateKey(privKey, pubKey, privData, pubData, keyType)
def _testKey(self, pubData, privData, keyType): privKey = keys.getPrivateKeyObject(data = privData) pubStr = keys.getPublicKeyString(data = pubData) pubKey = keys.getPublicKeyObject(pubStr) self._testKeySignVerify(privKey, pubKey) self._testKeyFromString(privKey, pubKey, privData, pubData) self._testGenerateKey(privKey, pubKey, privData, pubData, keyType)
def getPrivateKey(self): try: # For use with recent versions of Conch return defer.succeed(self.__getKey().keyObject) except AttributeError: # For old versions return defer.succeed( keys.getPrivateKeyObject(data=self.auth_data.private_key))
def _testGenerateKey(self, privKey, pubKey, privData, pubData, keyType): self.assertEquals(keys.makePublicKeyString(pubKey, 'comment', keyType), pubData) self.assertEquals(keys.makePublicKeyString(privKey, 'comment', keyType), pubData) self.assertEquals(keys.makePrivateKeyString(privKey, kind=keyType), privData) encData = keys.makePrivateKeyString(privKey, passphrase='test', kind=keyType) self.assertEquals( keys.getPrivateKeyObject(data = encData, passphrase = 'test').__getstate__(), privKey.__getstate__())
def getPrivateKey(self): file = os.path.expanduser(self.usedFiles[-1]) if not os.path.exists(file): return None try: return defer.succeed(keys.getPrivateKeyObject(file)) except keys.BadKeyError, e: if e.args[0] == 'encrypted key with no passphrase': for i in range(3): prompt = "Enter passphrase for key '%s': " % \ self.usedFiles[-1] try: p = self._getPassword(prompt) return defer.succeed(keys.getPrivateKeyObject(file, passphrase = p)) except (keys.BadKeyError, ConchError): pass return defer.fail(ConchError('bad password')) raise
def _cbGetPrivateKey(self, ans, count): file = os.path.expanduser(self.usedFiles[-1]) try: return keys.getPrivateKeyObject(file, password = ans) except keys.BadKeyError: if count == 2: raise prompt = "Enter passphrase for key '%s': " % \ self.usedFiles[-1] return deferredAskFrame(prompt, 0).addCallback(self._cbGetPrivateKey, count+1)
def getPrivateKey(self): file = os.path.expanduser(self.usedFiles[-1]) if not os.path.exists(file): return None try: return defer.succeed(keys.getPrivateKeyObject(file)) except keys.BadKeyError, e: if e.args[0] == 'encrypted key with no passphrase': for i in range(3): prompt = "Enter passphrase for key '%s': " % \ self.usedFiles[-1] try: p = self._getPassword(prompt) return defer.succeed( keys.getPrivateKeyObject(file, passphrase=p)) except (keys.BadKeyError, ConchError): pass return defer.fail(ConchError('bad password')) raise
def getPrivateKey(self): file = os.path.expanduser(self.usedFiles[-1]) if not os.path.exists(file): return None try: return defer.succeed(keys.getPrivateKeyObject(file)) except keys.BadKeyError, e: if e.args[0] == 'encrypted key with no password': prompt = "Enter passphrase for key '%s': " % \ self.usedFiles[-1] return deferredAskFrame(prompt, 0).addCallback(self._cbGetPrivateKey, 0)
def _testKeyFromString(self, privKey, pubKey, privData, pubData): keyType = keys.objectType(privKey) privFS = keys.getPrivateKeyObject(data = privData) pubFS = keys.getPublicKeyObject(keys.getPublicKeyString(data=pubData)) for k in privFS.keydata: if getattr(privFS, k) != getattr(privKey, k): self.fail('getting %s private key from string failed' % keyType) for k in pubFS.keydata: if hasattr(pubFS, k): if getattr(pubFS, k) != getattr(pubKey, k): self.fail('getting %s public key from string failed' % keyType)
def _cbGetPrivateKey(self, ans, count): file = os.path.expanduser(self.usedFiles[-1]) try: return keys.getPrivateKeyObject(file, password=ans) except keys.BadKeyError: if count == 2: raise prompt = "Enter passphrase for key '%s': " % \ self.usedFiles[-1] return deferredAskFrame(prompt, 0).addCallback(self._cbGetPrivateKey, count + 1)
def getPrivateKey(self): file = os.path.expanduser(self.usedFiles[-1]) if not os.path.exists(file): return None try: return defer.succeed(keys.getPrivateKeyObject(file)) except keys.BadKeyError, e: if e.args[0] == 'encrypted key with no password': for i in range(3): prompt = "Enter passphrase for key '%s': " % \ self.usedFiles[-1] oldout, oldin = sys.stdout, sys.stdin sys.stdin = sys.stdout = open('/dev/tty','r+') p=getpass.getpass(prompt) sys.stdout,sys.stdin=oldout,oldin try: return defer.succeed(keys.getPrivateKeyObject(file, password = p)) except keys.BadKeyError: pass return defer.fail(ConchError('bad password')) raise
def _testKeyFromString(self, privKey, pubKey, privData, pubData): keyType = keys.objectType(privKey) privFS = keys.getPrivateKeyObject(data=privData) pubFS = keys.getPublicKeyObject(keys.getPublicKeyString(data=pubData)) for k in privFS.keydata: if getattr(privFS, k) != getattr(privKey, k): self.fail('getting %s private key from string failed' % keyType) for k in pubFS.keydata: if hasattr(pubFS, k): if getattr(pubFS, k) != getattr(pubKey, k): self.fail('getting %s public key from string failed' % keyType)
def getPrivateKeys(self): ks = {} euid, egid = os.geteuid(), os.getegid() os.setegid(0) # gain priviledges os.seteuid(0) for file in os.listdir(self.dataRoot): if file[:9] == 'ssh_host_' and file[-4:] == '_key': try: k = keys.getPrivateKeyObject(self.dataRoot + '/' + file) t = keys.objectType(k) ks[t] = k except Exception, e: log.msg('bad private key file %s: %s' % (file, e))
def getPrivateKeys(self): ks = {} euid,egid = os.geteuid(), os.getegid() os.setegid(0) # gain priviledges os.seteuid(0) for file in os.listdir(self.dataRoot): if file[:9] == 'ssh_host_' and file[-4:]=='_key': try: k = keys.getPrivateKeyObject(self.dataRoot+'/'+file) t = keys.objectType(k) ks[t] = k except Exception, e: log.msg('bad private key file %s: %s' % (file, e))
def getPrivateKey(self): file = os.path.expanduser(self.usedFiles[-1]) if not os.path.exists(file): return None try: return defer.succeed(keys.getPrivateKeyObject(file)) except keys.BadKeyError, e: if e.args[0] == 'encrypted key with no password': prompt = "Enter passphrase for key '%s': " % \ self.usedFiles[-1] return deferredAskFrame(prompt, 0).addCallback(self._cbGetPrivateKey, 0)
def factoryPreinit(self): BasePlugin.factoryPreinit(self) sshdir = self.cb.datapaths['keys.ssh'] keypath = '%s%s%s' % (sshdir, os.sep, self.mainRegistryValue('keys.rsaKeyFile')) if not os.path.exists(keypath): raise Exception, 'The SSH private key is missing' pubpath = '%s.pub' % keypath if not os.path.exists(pubpath): raise Exception, 'The SSH public key is missing' self.FactoryClass.publicKeys = {'ssh-rsa':keys.getPublicKeyString(filename=pubpath)} self.FactoryClass.privateKeys = {'ssh-rsa':keys.getPrivateKeyObject(filename=keypath)}
def _testGenerateKey(self, privKey, pubKey, privData, pubData, keyType): self.assertEquals(keys.makePublicKeyString(pubKey, 'comment', keyType), pubData) self.assertEquals( keys.makePublicKeyString(privKey, 'comment', keyType), pubData) self.assertEquals(keys.makePrivateKeyString(privKey, kind=keyType), privData) if keyType != 'lsh': encData = keys.makePrivateKeyString(privKey, passphrase='test', kind=keyType) self.assertEquals( keys.getPrivateKeyObject(data=encData, passphrase='test').__getstate__(), privKey.__getstate__())
class ExampleFactory(factory.SSHFactory): publicKeys = {'ssh-rsa': keys.getPublicKeyString(data=publicKey)} privateKeys = {'ssh-rsa': keys.getPrivateKeyObject(data=privateKey)} services = { 'ssh-userauth': userauth.SSHUserAuthServer, 'ssh-connection': connection.SSHConnection } def buildProtocol(self, addr): t = mySSHServerTransport() t.supportedPublicKeys = self.privateKeys.keys() if not self.primes: ske = t.supportedKeyExchanges[:] ske.remove('diffie-hellman-group-exchange-sha1') t.supportedKeyExchanges = ske t.factory = self return t
def factoryPreinit(self): BasePlugin.factoryPreinit(self) sshdir = self.cb.datapaths['keys.ssh'] keypath = '%s%s%s' % (sshdir, os.sep, self.mainRegistryValue('keys.rsaKeyFile')) if not os.path.exists(keypath): raise Exception, 'The SSH private key is missing' pubpath = '%s.pub' % keypath if not os.path.exists(pubpath): raise Exception, 'The SSH public key is missing' self.FactoryClass.publicKeys = { 'ssh-rsa': keys.getPublicKeyString(filename=pubpath) } self.FactoryClass.privateKeys = { 'ssh-rsa': keys.getPrivateKeyObject(filename=keypath) }
class CoretFactory(factory.SSHFactory): publicKeys = {'ssh-rsa': keys.getPublicKeyString(data=publicKey)} privateKeys = {'ssh-rsa': keys.getPrivateKeyObject(data=privateKey)} services = {'ssh-userauth': userauth.SSHUserAuthServer, 'ssh-connection': connection.SSHConnection} def buildProtocol(self, addr): t = transport.SSHServerTransport() # # Fix for BUG 1463701 "NMap recognizes Kojoney as a Honeypot" # t.ourVersionString = FAKE_SSH_SERVER_VERSION t.supportedPublicKeys = self.privateKeys.keys() if not self.primes: ske = t.supportedKeyExchanges[:] ske.remove('diffie-hellman-group-exchange-sha1') t.supportedKeyExchanges = ske t.factory = self return t
def createVFSApplication(vfsRoot): application = service.Application('FAKESFTP') p = portal.Portal(Realm(vfsRoot)) p.registerChecker( checkers.InMemoryUsernamePasswordDatabaseDontUse(admin='admin')) p.registerChecker(checkers.AllowAnonymousAccess(), credentials.IAnonymous) # sftp # http://igloo.its.unimelb.edu.au/Webmail/tips/msg00495.html # ssh-keygen -q -b 1024 -t dsa -f ssh_host_dsa_key pubkey = keys.getPublicKeyString( '../sshkeys/ssh_host_dsa_key.pub') privkey = keys.getPrivateKeyObject( '../sshkeys/ssh_host_dsa_key') class SSHFactory(factory.SSHFactory): publicKeys = {common.getNS(pubkey)[0]: pubkey} privateKeys = {keys.objectType(privkey): privkey} sftpf = SSHFactory() sftpf.portal = p internet.TCPServer( int( 2222 ), sftpf, ).setServiceParent(application) # ftp f = twisted.protocols.ftp.FTPFactory() f.portal = p f.protocol = twisted.protocols.ftp.FTP internet.TCPServer( 2221, f ).setServiceParent(application) return application
def getPrivateKey(self): path = os.path.expanduser('~/.ssh/id_dsa') return defer.succeed(keys.getPrivateKeyObject(path))
def getPrivateKey(self): return defer.succeed(keys.getPrivateKeyObject(self.id_file))
def getPrivateKey(self): return defer.succeed(keys.getPrivateKeyObject(self.id_file))
KEY_LENGTH = 1024 rsaKey = RSA.generate(KEY_LENGTH, common.entropy.get_bytes) print rsaKey publicKeyString = keys.makePublicKeyString(rsaKey) privateKeyString = keys.makePrivateKeyString(rsaKey) # save keys for next time file('public.key', 'w+b').write(publicKeyString) file('private.key', 'w+b').write(privateKeyString) print "done." else: publicKeyString = file('public.key').read() privateKeyString = file('private.key').read() return publicKeyString, privateKeyString if __name__ == "__main__": sshFactory = factory.SSHFactory() sshFactory.portal = portal.Portal(SSHDemoRealm()) users = {'admin': 'aaa', 'guest': 'bbb'} sshFactory.portal.registerChecker( checkers.InMemoryUsernamePasswordDatabaseDontUse(**users)) pubKeyString, privKeyString = getRSAKeys() sshFactory.publicKeys = { 'ssh-rsa': keys.getPublicKeyString(data=pubKeyString)} sshFactory.privateKeys = { 'ssh-rsa': keys.getPrivateKeyObject(data=privKeyString)} from twisted.internet import reactor reactor.listenTCP(2222, sshFactory) reactor.run()
rsaKey = RSA.generate(KEY_LENGTH, common.entropy.get_bytes) publicKeyString = keys.makePublicKeyString(rsaKey) privateKeyString = keys.makePrivateKeyString(rsaKey) # save keys for next time file(‘public.key’, ‘w+b’).write(publicKeyString) file(‘private.key’, ‘w+b’).write(privateKeyString) print "done." else: publicKeyString = file(‘public.key’).read() privateKeyString = file(‘private.key’).read() return publicKeyString, privateKeyString if __name__ == "__main__": sshFactory = factory.SSHFactory() sshFactory.portal = portal.Portal(SSHDemoRealm()) users = {‘admin’: ‘aaa’, ‘guest’: ‘bbb’} sshFactory.portal.registerChecker( checkers.InMemoryUsernamePasswordDatabaseDontUse(**users)) pubKeyString, privKeyString = getRSAKeys() sshFactory.publicKeys = { ‘ssh-rsa’: keys.getPublicKeyString(data=pubKeyString)} sshFactory.privateKeys = { ‘ssh-rsa’: keys.getPrivateKeyObject(data=privKeyString)} from twisted.internet import reactor reactor.listenTCP(2222, sshFactory) reactor.run() {mospagebreak title=Setting Up a Custom SSH Server continued}
def getPrivateKey(self): path = os.path.expanduser('~/.ssh/id_dsa') return defer.succeed(keys.getPrivateKeyObject(path))
def getPrivateKey(self): self.canSucceedPublicKey = 1 return defer.succeed(keys.getPrivateKeyObject(data=privateDSA_openssh))
def getPrivateKeys(self): return { 'ssh-rsa':keys.getPrivateKeyObject(data=privateRSA_openssh), 'ssh-dss':keys.getPrivateKeyObject(data=privateDSA_openssh) }
def getPrivateKey(self): self.canSucceedPublicKey = 1 return defer.succeed( keys.getPrivateKeyObject(data=privateDSA_openssh))
def getPrivateKeys(self): return { 'ssh-rsa': keys.getPrivateKeyObject(data=privateRSA_openssh), 'ssh-dss': keys.getPrivateKeyObject(data=privateDSA_openssh) }
def getPrivateKeys(self): return { "ssh-rsa": keys.getPrivateKeyObject(data=privateRSA_openssh), "ssh-dss": keys.getPrivateKeyObject(data=privateDSA_openssh), }
def getPrivateKey(self): if debug: print "At getPrivateKey" path = os.path.expanduser("~/.ssh/id_dsa") return defer.succeed(keys.getPrivateKeyObject(path))
def getPrivateKey(self): self.canSucceedPublicKey = 1 return defer.succeed(keys.getPrivateKeyObject('dsa_test'))