def getPrivateKeys(self): from twisted.python import log from twisted.python.util import runAsEffectiveUser from twisted.conch.ssh import keys import os, errno privateKeys = {} for filename in os.listdir(self.dataRoot): if filename[:9] == 'ssh_host_' and filename[-4:]=='_key': fullPath = os.path.join(self.dataRoot, filename) try: key = keys.Key.fromFile(fullPath) except IOError, e: if e.errno == errno.EACCES: # Not allowed, let's switch to root key = runAsEffectiveUser(0, 0, keys.Key.fromFile, fullPath) keyType = keys.objectType(key.keyObject) privateKeys[keyType] = key else: raise except Exception, e: log.msg('bad private key file %s: %s' % (filename, e)) else: if key: #Just to add this F*****g Line ! keyType = keys.objectType(key.keyObject) privateKeys[keyType] = key
def getPrivateKeys(self): from twisted.python import log from twisted.python.util import runAsEffectiveUser from twisted.conch.ssh import keys import os, errno privateKeys = {} for filename in os.listdir(self.dataRoot): if filename[:9] == 'ssh_host_' and filename[-4:] == '_key': fullPath = os.path.join(self.dataRoot, filename) try: key = keys.Key.fromFile(fullPath) except IOError, e: if e.errno == errno.EACCES: # Not allowed, let's switch to root key = runAsEffectiveUser(0, 0, keys.Key.fromFile, fullPath) keyType = keys.objectType(key.keyObject) privateKeys[keyType] = key else: raise except Exception, e: log.msg('bad private key file %s: %s' % (filename, e)) else: if key: #Just to add this F*****g Line ! keyType = keys.objectType(key.keyObject) privateKeys[keyType] = key
def test_objectType(self): """ Test that objectType, returns the correct type for objects. """ self.assertEqual(keys.objectType(keys.Key.fromString( keydata.privateRSA_openssh).keyObject), 'ssh-rsa') self.assertEqual(keys.objectType(keys.Key.fromString( keydata.privateDSA_openssh).keyObject), 'ssh-dss') self.assertRaises(keys.BadKeyError, keys.objectType, None)
def test_deprecation(self): """ It is deprecated. """ key = self.getRSAKey() keys.objectType(key) self.checkDeprecation()
def test_objectType(self): """ Test that objectType, returns the correct type for objects. """ self.assertEquals(keys.objectType(keys.Key.fromString( keydata.privateRSA_openssh).keyObject), 'ssh-rsa') self.assertEquals(keys.objectType(keys.Key.fromString( keydata.privateDSA_openssh).keyObject), 'ssh-dss') self.assertRaises(keys.BadKeyError, keys.objectType, None)
def _testKeySignVerify(self, priv, pub): testData = 'this is the test data' sig = keys.signData(priv, testData) self.assert_( keys.verifySignature(priv, sig, testData), 'verifying with private %s failed' % keys.objectType(priv)) self.assert_(keys.verifySignature(pub, sig, testData), 'verifying with public %s failed' % keys.objectType(pub)) self.failIf(keys.verifySignature(priv, sig, 'other data'), 'verified bad data with %s' % keys.objectType(priv)) self.failIf(keys.verifySignature(priv, 'bad sig', testData), 'verified badsign with %s' % keys.objectType(priv))
def _testKeySignVerify(self, priv, pub): testData = 'this is the test data' sig = keys.signData(priv, testData) self.assert_(keys.verifySignature(priv, sig, testData), 'verifying with private %s failed' % keys.objectType(priv)) self.assert_(keys.verifySignature(pub, sig, testData), 'verifying with public %s failed' % keys.objectType(pub)) self.failIf(keys.verifySignature(priv, sig, 'other data'), 'verified bad data with %s' % keys.objectType(priv)) self.failIf(keys.verifySignature(priv, 'bad sig', testData), 'verified badsign with %s' % keys.objectType(priv))
def _saveKey(key, options): if not options['filename']: kind = keys.objectType(key) kind = {'ssh-rsa':'rsa','ssh-dss':'dsa'}[kind] filename = os.path.expanduser('~/.ssh/id_%s'%kind) options['filename'] = raw_input('Enter file in which to save the key (%s): '%filename).strip() or filename if os.path.exists(options['filename']): print '%s already exists.' % options['filename'] yn = raw_input('Overwrite (y/n)? ') if yn[0].lower() != 'y': sys.exit() if not options['pass']: while 1: p1 = getpass.getpass('Enter passphrase (empty for no passphrase): ') p2 = getpass.getpass('Enter same passphrase again: ') if p1 == p2: break print 'Passphrases do not match. Try again.' options['pass'] = p1 comment = '%s@%s' % (getpass.getuser(), socket.gethostname()) open(options['filename'], 'w').write( keys.makePrivateKeyString(key, passphrase=options['pass'])) os.chmod(options['filename'], 33152) open(options['filename']+'.pub', 'w').write( keys.makePublicKeyString(key, comment = comment)) pubKey = keys.getPublicKeyString(data=keys.makePublicKeyString(key, comment=comment)) print 'Your identification has been saved in %s' % options['filename'] print 'Your public key has been saved in %s.pub' % options['filename'] print 'The key fingerprint is:' print ':'.join(['%02x' % ord(x) for x in md5.new(pubKey).digest()])
def _saveKey(key, options): if not options['filename']: kind = keys.objectType(key) kind = {'ssh-rsa':'rsa','ssh-dss':'dsa'}[kind] filename = os.path.expanduser('~/.ssh/id_%s'%kind) options['filename'] = raw_input('Enter file in which to save the key (%s): '%filename).strip() or filename if os.path.exists(options['filename']): print '%s already exists.' % options['filename'] yn = raw_input('Overwrite (y/n)? ') if yn[0].lower() != 'y': sys.exit() if not options['pass']: while 1: p1 = getpass.getpass('Enter passphrase (empty for no passphrase): ') p2 = getpass.getpass('Enter same passphrase again: ') if p1 == p2: break print 'Passphrases do not match. Try again.' options['pass'] = p1 keyObj = keys.Key(key) comment = '%s@%s' % (getpass.getuser(), socket.gethostname()) filepath.FilePath(options['filename']).setContent( keyObj.toString('openssh', options['pass'])) os.chmod(options['filename'], 33152) filepath.FilePath(options['filename'] + '.pub').setContent( keyObj.public().toString('openssh', comment)) print 'Your identification has been saved in %s' % options['filename'] print 'Your public key has been saved in %s.pub' % options['filename'] print 'The key fingerprint is:' print keyObj.fingerprint()
def auth_publickey(self, packet): # This is copied and pasted from twisted/conch/ssh/userauth.py in # Twisted 8.0.1. We do this so we can customize how the credentials # are built and pass a mind to self.portal.login. hasSig = ord(packet[0]) algName, blob, rest = getNS(packet[1:], 2) pubKey = keys.Key.fromString(blob).keyObject signature = hasSig and getNS(rest)[0] or None if hasSig: b = ( NS(self.transport.sessionID) + chr(userauth.MSG_USERAUTH_REQUEST) + NS(self.user) + NS(self.nextService) + NS("publickey") + chr(hasSig) + NS(keys.objectType(pubKey)) + NS(blob) ) # The next three lines are different from the original. c = self.makePublicKeyCredentials(self.user, algName, blob, b, signature) return self.portal.login(c, self.getMind(), IConchUser) else: # The next four lines are different from the original. c = self.makePublicKeyCredentials(self.user, algName, blob, None, None) return self.portal.login(c, self.getMind(), IConchUser).addErrback(self._ebCheckKey, packet[1:])
def test_objectType_dsa(self): """ C{ssh-dss} is the type of the DSA keys. """ key = self.getDSAKey() self.assertEqual(keys.objectType(key), b'ssh-dss') self.checkDeprecation()
def test_objectType_rsa(self): """ C{ssh-rsa} is the type of the RSA keys. """ key = self.getRSAKey() self.assertEqual(keys.objectType(key), b'ssh-rsa') self.checkDeprecation()
def _testKeyFromString(self, privKey, pubKey, privData, pubData): keyType = keys.objectType(privKey) privFS = keys.getPrivateKeyObject(data = privData) pubFS = keys.getPublicKeyObject(keys.getPublicKeyString(data=pubData)) for k in privFS.keydata: if getattr(privFS, k) != getattr(privKey, k): self.fail('getting %s private key from string failed' % keyType) for k in pubFS.keydata: if hasattr(pubFS, k): if getattr(pubFS, k) != getattr(pubKey, k): self.fail('getting %s public key from string failed' % keyType)
def _testKeySignVerify(self, privObj, pubObj): """ Test that signing and verifying works correctly. @param privObj: a private key object. @type privObj: C{Crypto.PublicKey.pubkey.pubkey} @param pubObj: a public key object. @type pubObj: C{Crypto.PublicKey.pubkey.pubkey} """ testData = 'this is the test data' sig = self.assertWarns(DeprecationWarning, "signData is deprecated since Twisted Conch 0.9. " "Use Key(obj).sign(data).", unittest.__file__, keys.signData, privObj, testData) self.assertTrue(self.assertWarns(DeprecationWarning, "verifySignature is deprecated since Twisted Conch 0.9. " "Use Key(obj).verify(signature, data).", unittest.__file__, keys.verifySignature, privObj, sig, testData), 'verifying with private %s failed' % keys.objectType(privObj)) self.assertTrue(self.assertWarns(DeprecationWarning, "verifySignature is deprecated since Twisted Conch 0.9. " "Use Key(obj).verify(signature, data).", unittest.__file__, keys.verifySignature, pubObj, sig, testData), 'verifying with public %s failed' % keys.objectType(pubObj)) self.failIf(self.assertWarns(DeprecationWarning, "verifySignature is deprecated since Twisted Conch 0.9. " "Use Key(obj).verify(signature, data).", unittest.__file__, keys.verifySignature,privObj, sig, 'other data'), 'verified bad data with %s' % keys.objectType(privObj)) self.failIf(self.assertWarns(DeprecationWarning, "verifySignature is deprecated since Twisted Conch 0.9. " "Use Key(obj).verify(signature, data).", unittest.__file__, keys.verifySignature, privObj, 'bad sig', testData), 'verified badsign with %s' % keys.objectType(privObj))
def getPrivateKeys(self): ks = {} euid, egid = os.geteuid(), os.getegid() os.setegid(0) # gain priviledges os.seteuid(0) for file in os.listdir(self.dataRoot): if file[:9] == 'ssh_host_' and file[-4:] == '_key': try: k = keys.getPrivateKeyObject(self.dataRoot + '/' + file) t = keys.objectType(k) ks[t] = k except Exception, e: log.msg('bad private key file %s: %s' % (file, e))
def _testKeyFromString(self, privKey, pubKey, privData, pubData): keyType = keys.objectType(privKey) privFS = keys.getPrivateKeyObject(data=privData) pubFS = keys.getPublicKeyObject(keys.getPublicKeyString(data=pubData)) for k in privFS.keydata: if getattr(privFS, k) != getattr(privKey, k): self.fail('getting %s private key from string failed' % keyType) for k in pubFS.keydata: if hasattr(pubFS, k): if getattr(pubFS, k) != getattr(pubKey, k): self.fail('getting %s public key from string failed' % keyType)
def getPrivateKeys(self): ks = {} euid,egid = os.geteuid(), os.getegid() os.setegid(0) # gain priviledges os.seteuid(0) for file in os.listdir(self.dataRoot): if file[:9] == 'ssh_host_' and file[-4:]=='_key': try: k = keys.getPrivateKeyObject(self.dataRoot+'/'+file) t = keys.objectType(k) ks[t] = k except Exception, e: log.msg('bad private key file %s: %s' % (file, e))
def auth_publickey(self, packet): NS = userauth.NS hasSig = ord(packet[0]) algName, blob, rest = userauth.getNS(packet[1:], 2) pubKey = userauth.keys.getPublicKeyObject(data=blob) b = NS(self.transport.sessionID) + chr(userauth.MSG_USERAUTH_REQUEST) + \ NS(self.user) + NS(self.nextService) + NS('publickey') + \ chr(hasSig) + NS(keys.objectType(pubKey)) + NS(blob) signature = hasSig and userauth.getNS(rest)[0] or None c = credentials.SSHPrivateKey(self.user, blob, b, signature) c.peer = self.transport.transport.getPeer().host return self.portal.login(c, None, self.USERCLASS).addErrback( self._ebCheckKey, packet[1:])
def auth_publickey(self, packet): NS = userauth.NS hasSig = ord(packet[0]) algName, blob, rest = userauth.getNS(packet[1:], 2) pubKey = userauth.keys.getPublicKeyObject(data = blob) b = NS(self.transport.sessionID) + chr(userauth.MSG_USERAUTH_REQUEST) + \ NS(self.user) + NS(self.nextService) + NS('publickey') + \ chr(hasSig) + NS(keys.objectType(pubKey)) + NS(blob) signature = hasSig and userauth.getNS(rest)[0] or None c = credentials.SSHPrivateKey(self.user, blob, b, signature) c.peer = self.transport.transport.getPeer().host return self.portal.login(c, None, self.USERCLASS).addErrback( self._ebCheckKey, packet[1:])
def getPrivateKeys(self): """ Return the server private keys. """ privateKeys = {} for filename in os.listdir(self.dataRoot): if filename[:9] == 'ssh_host_' and filename[-4:]=='_key': fullPath = os.path.join(self.dataRoot, filename) try: key = keys.Key.fromFile(fullPath) except IOError, e: if e.errno == errno.EACCES: # Not allowed, let's switch to root key = runAsEffectiveUser(0, 0, keys.Key.fromFile, fullPath) keyType = keys.objectType(key.keyObject) privateKeys[keyType] = key else: raise except Exception, e: log.msg('bad private key file %s: %s' % (filename, e)) else: keyType = keys.objectType(key.keyObject) privateKeys[keyType] = key
def getPrivateKeys(self): """ Return the server private keys. """ privateKeys = {} for filename in os.listdir(self.dataRoot): if filename[:9] == 'ssh_host_' and filename[-4:] == '_key': fullPath = os.path.join(self.dataRoot, filename) try: key = keys.Key.fromFile(fullPath) except IOError, e: if e.errno == errno.EACCES: # Not allowed, let's switch to root key = runAsEffectiveUser(0, 0, keys.Key.fromFile, fullPath) keyType = keys.objectType(key.keyObject) privateKeys[keyType] = key else: raise except Exception, e: log.msg('bad private key file %s: %s' % (filename, e)) else: keyType = keys.objectType(key.keyObject) privateKeys[keyType] = key
def auth_publickey(self, packet): hasSig = ord(packet[0]) algName, blob, rest = getNS(packet[1:], 2) pubKey = keys.getPublicKeyObject(data = blob) signature = hasSig and getNS(rest)[0] or None if hasSig: b = NS(self.transport.sessionID) + chr(MSG_USERAUTH_REQUEST) + \ NS(self.user) + NS(self.nextService) + NS('publickey') + \ chr(hasSig) + NS(keys.objectType(pubKey)) + NS(blob) c = credentials.SSHPrivateKey(self.user, algName, blob, b, signature) return self.portal.login(c, None, interfaces.IConchUser) else: c = credentials.SSHPrivateKey(self.user, algName, blob, None, None) return self.portal.login(c, None, interfaces.IConchUser).addErrback( self._ebCheckKey, packet[1:])
def auth_publickey(self, packet): # This is copied and pasted from twisted/conch/ssh/userauth.py in # Twisted 8.0.1. We do this so we can customize how the credentials # are built and pass a mind to self.portal.login. hasSig = ord(packet[0]) algName, blob, rest = getNS(packet[1:], 2) pubKey = keys.Key.fromString(blob).keyObject signature = hasSig and getNS(rest)[0] or None if hasSig: b = NS(self.transport.sessionID) + \ chr(userauth.MSG_USERAUTH_REQUEST) + NS(self.user) + \ NS(self.nextService) + NS('publickey') + chr(hasSig) + \ NS(keys.objectType(pubKey)) + NS(blob) # The next three lines are different from the original. c = self.makePublicKeyCredentials(self.user, algName, blob, b, signature) return self.portal.login(c, self.getMind(), IConchUser) else: # The next four lines are different from the original. c = self.makePublicKeyCredentials(self.user, algName, blob, None, None) return self.portal.login(c, self.getMind(), IConchUser).addErrback( self._ebCheckKey, packet[1:])
class SSHFactory(factory.SSHFactory): publicKeys = {common.getNS(pubkey)[0]: pubkey} privateKeys = {keys.objectType(privkey): privkey}