def test_ed25519(self): key1 = Ed25519Key.from_private_key_file(test_path('test_ed25519.key')) key2 = Ed25519Key.from_private_key_file( test_path('test_ed25519_password.key'), b'abc123' ) self.assertNotEqual(key1.asbytes(), key2.asbytes())
def test_ed25519_public(self): pub_bytes = base64.b64decode(PUB_ED25519.split()[1]) key1 = Ed25519Key(data=pub_bytes) key2 = Ed25519Key(msg=Message(pub_bytes)) self.assertEqual(key1.asbytes(), key2.asbytes()) self.assertFalse(key1.can_sign()) self.assertFalse(key2.can_sign())
def test_ed25519_nonbytes_password(self): # https://github.com/paramiko/paramiko/issues/1039 Ed25519Key.from_private_key_file( _support("test_ed25519_password.key"), # NOTE: not a bytes. Amusingly, the test above for same key DOES # explicitly cast to bytes...code smell! "abc123", )
def test_ed25519_compare(self): # verify that the private & public keys compare equal key = Ed25519Key.from_private_key_file(_support("test_ed25519.key")) self.assertEqual(key, key) pub = Ed25519Key(data=key.asbytes()) self.assertTrue(key.can_sign()) self.assertTrue(not pub.can_sign()) self.assertEqual(key, pub)
def test_ed25519(self): key1 = Ed25519Key.from_private_key_file(_support('test_ed25519.key')) self.assert_key_values(key1, 'ssh-ed25519', 256, PUB_ED25519, FINGER_ED25519, FINGER_SHA256_ED25519) key2 = Ed25519Key.from_private_key_file( _support('test_ed25519_password.key'), b'abc123') self.assertNotEqual(key1.asbytes(), key2.asbytes()) self.assertTrue(key1.can_sign()) self.assertTrue(key2.can_sign())
def test_sign_ed25519(self): private = Ed25519Key.from_private_key_file( _support("test_ed25519.key")) msg = private.sign_ssh_data(b"ice weasels") msg.rewind() self.assertEqual(msg.get_text(), "ssh-ed25519") self.assertEqual(msg.get_binary(), base64.b64decode(SIGNED_ED25519)) msg.rewind() pub = Ed25519Key(data=base64.b64decode(PUB_ED25519.split()[1])) self.assertTrue(pub.verify_ssh_sig(b"ice weasels", msg))
def test_verify_ed25519_invalid(self): signature = Message() signature.add_string("ssh-ed25519") signature.add_string(b'bad/signature') pub = Ed25519Key(data=base64.b64decode(PUB_ED25519.split()[1])) self.assertFalse(pub.verify_ssh_sig(b"ice weasels", signature))
def test_certificates(self): # NOTE: we also test 'live' use of cert auth for all key types in # test_client.py; this and nearby cert tests are more about the gritty # details. # PKey.load_certificate key_path = _support(os.path.join('cert_support', 'test_rsa.key')) key = RSAKey.from_private_key_file(key_path) self.assertTrue(key.public_blob is None) cert_path = _support( os.path.join('cert_support', 'test_rsa.key-cert.pub') ) key.load_certificate(cert_path) self.assertTrue(key.public_blob is not None) self.assertEqual(key.public_blob.key_type, '*****@*****.**') self.assertEqual(key.public_blob.comment, 'test_rsa.key.pub') # Delve into blob contents, for test purposes msg = Message(key.public_blob.key_blob) self.assertEqual(msg.get_text(), '*****@*****.**') nonce = msg.get_string() e = msg.get_mpint() n = msg.get_mpint() self.assertEqual(e, key.public_numbers.e) self.assertEqual(n, key.public_numbers.n) # Serial number self.assertEqual(msg.get_int64(), 1234) # Prevented from loading certificate that doesn't match key_path = _support(os.path.join('cert_support', 'test_ed25519.key')) key1 = Ed25519Key.from_private_key_file(key_path) self.assertRaises( ValueError, key1.load_certificate, _support('test_rsa.key-cert.pub'), )
def test_certificates(self): # NOTE: we also test 'live' use of cert auth for all key types in # test_client.py; this and nearby cert tests are more about the gritty # details. # PKey.load_certificate key_path = _support(os.path.join("cert_support", "test_rsa.key")) key = RSAKey.from_private_key_file(key_path) self.assertTrue(key.public_blob is None) cert_path = _support( os.path.join("cert_support", "test_rsa.key-cert.pub")) key.load_certificate(cert_path) self.assertTrue(key.public_blob is not None) self.assertEqual(key.public_blob.key_type, "*****@*****.**") self.assertEqual(key.public_blob.comment, "test_rsa.key.pub") # Delve into blob contents, for test purposes msg = Message(key.public_blob.key_blob) self.assertEqual(msg.get_text(), "*****@*****.**") msg.get_string() e = msg.get_mpint() n = msg.get_mpint() self.assertEqual(e, key.public_numbers.e) self.assertEqual(n, key.public_numbers.n) # Serial number self.assertEqual(msg.get_int64(), 1234) # Prevented from loading certificate that doesn't match key_path = _support(os.path.join("cert_support", "test_ed25519.key")) key1 = Ed25519Key.from_private_key_file(key_path) self.assertRaises( ValueError, key1.load_certificate, _support("test_rsa.key-cert.pub"), )
def test_certificates(self): # PKey.load_certificate key = RSAKey.from_private_key_file(test_path('test_rsa.key')) self.assertTrue(key.public_blob is None) key.load_certificate(test_path('test_rsa.key-cert.pub')) self.assertTrue(key.public_blob is not None) self.assertEqual(key.public_blob.key_type, '*****@*****.**') self.assertEqual(key.public_blob.comment, 'test_rsa.key.pub') # Delve into blob contents, for test purposes msg = Message(key.public_blob.key_blob) self.assertEqual(msg.get_text(), '*****@*****.**') nonce = msg.get_string() e = msg.get_mpint() n = msg.get_mpint() self.assertEqual(e, key.public_numbers.e) self.assertEqual(n, key.public_numbers.n) # Serial number self.assertEqual(msg.get_int64(), 1234) # Prevented from loading certificate that doesn't match key1 = Ed25519Key.from_private_key_file(test_path('test_ed25519.key')) self.assertRaises( ValueError, key1.load_certificate, test_path('test_rsa.key-cert.pub'), )
def test_ed25519_compare(self): # verify that the private & public keys compare equal key = Ed25519Key.from_private_key_file(test_path('test_ed25519.key')) self.assertEqual(key, key) pub = Ed25519Key(data=key.asbytes()) self.assertTrue(key.can_sign()) self.assertTrue(not pub.can_sign()) self.assertEqual(key, pub)
def test_verify_ed25519_valid(self): signature = Message() signature.add_string("ssh-ed25519") signature.add_string(base64.b64decode(SIGNED_ED25519)) signature.rewind() pub = Ed25519Key(data=base64.b64decode(PUB_ED25519.split()[1])) self.assertTrue(pub.verify_ssh_sig(b"ice weasels", signature))
def test_ed25519_nonbytes_password(self): # https://github.com/paramiko/paramiko/issues/1039 key = Ed25519Key.from_private_key_file( _support("test_ed25519_password.key"), # NOTE: not a bytes. Amusingly, the test above for same key DOES # explicitly cast to bytes...code smell! "abc123", )
def test_certs_allowed_as_key_filename_values(self): # NOTE: giving cert path here, not key path. (Key path test is below. # They're similar except for which path is given; the expected auth and # server-side behavior is 100% identical.) # NOTE: only bothered whipping up one cert per overall class/family. for type_ in ('rsa', 'dss', 'ecdsa_256', 'ed25519'): if type_ == 'ed25519' and not Ed25519Key.is_supported(): continue cert_name = 'test_{}.key-cert.pub'.format(type_) cert_path = _support(os.path.join('cert_support', cert_name)) self._test_connection( key_filename=cert_path, public_blob=PublicBlob.from_file(cert_path), )
def get_private_key(self): """Returns the private key. If the key doesn't exist, None is returned. Returns: object -- The key. """ if self.private_key_exists: if platform == "linux" or platform == "linux2" or platform == "darwin": return RSAKey.from_private_key_file(Paths.private_key_file) elif platform == "win32": return Ed25519Key.from_private_key_file(Paths.private_key_file) else: return None
def test_certs_implicitly_loaded_alongside_key_filename_keys(self): # NOTE: a regular test_connection() w/ test_rsa.key would incidentally # test this (because test_xxx.key-cert.pub exists) but incidental tests # stink, so NullServer and friends were updated to allow assertions # about the server-side key object's public blob. Thus, we can prove # that a specific cert was found, along with regular authorization # succeeding proving that the overall flow works. for type_ in ('rsa', 'dss', 'ecdsa_256', 'ed25519'): if type_ == 'ed25519' and not Ed25519Key.is_supported(): continue key_name = 'test_{}.key'.format(type_) key_path = _support(os.path.join('cert_support', key_name)) self._test_connection( key_filename=key_path, public_blob=PublicBlob.from_file( '{}-cert.pub'.format(key_path)), )
def shell(self, cmd: str): if self.accessible == False: print("No access info...") return False pkey_file = self.pkey.open() client = SSHClient() client.set_missing_host_key_policy(AutoAddPolicy()) client.connect(hostname=self.host, pkey=Ed25519Key.from_private_key( pkey_file, self.passphrase), passphrase=self.passphrase, username=self.user) _, _, stderr = client.exec_command(cmd) for line in stderr: print(line, file=sys.stderr) client.close()
def ping(self): if self.accessible == False: print("No access info...") return False pkey_file = self.pkey.open() client = SSHClient() client.set_missing_host_key_policy(AutoAddPolicy()) try: client.connect(hostname=self.host, pkey=Ed25519Key.from_private_key( pkey_file, self.passphrase), passphrase=self.passphrase, username=self.user) print(f"{self.name} is started.", flush=True) client.close() return True except NoValidConnectionsError as e: print(e, flush=True) return False
def load(self): """Try to load the public key We support RSA, ECDSA and Ed25519 keys and return instances of: * paramiko.rsakey.RSAKey * paramiko.ecdsakey.ECDSAKey * paramiko.ed25519key.Ed25519Key (requires paramiko >= 2.2) """ # I don't think there is a key type independent way of doing this public_key_blob = b64decode(self.key_base64) if self.key_algorithm.startswith('ssh-ed25519'): try: return Ed25519Key(data=public_key_blob) except NameError: raise ValidationError('Paramiko too old to load ed25519 keys') elif self.key_algorithm.startswith('ecdsa-'): return ECDSAKey(data=public_key_blob) elif self.key_algorithm.startswith('ssh-rsa'): return RSAKey(data=public_key_blob) raise SSHException('Key is not RSA, ECDSA or Ed25519')
def _get_server(self, platform_ssh: bool): """Method for getting and starting ssh server.""" if platform_ssh: return None try: pkey = RSAKey.from_private_key( StringIO(self.tunnel["privateKey"]), password=self.tunnel.get("password")) except SSHException: pkey = Ed25519Key.from_private_key( StringIO(self.tunnel["privateKey"]), password=self.tunnel.get("password")) server = SSHTunnelForwarder(ssh_address_or_host=(self.tunnel["host"], self.tunnel["port"]), ssh_username=self.tunnel["username"], ssh_password=self.tunnel.get("password"), ssh_pkey=pkey, remote_bind_address=(self.host, self.port)) server.start() return server
def test_ed25519_load_from_file_obj(self): with open(_support("test_ed25519.key")) as pkey_fileobj: key = Ed25519Key.from_private_key(pkey_fileobj) self.assertEqual(key, key) self.assertTrue(key.can_sign())
def test_ed25519(self): key1 = Ed25519Key.from_private_key_file(_support("test_ed25519.key")) key2 = Ed25519Key.from_private_key_file( _support("test_ed25519_password.key"), b"abc123" ) self.assertNotEqual(key1.asbytes(), key2.asbytes())
def test_ed25519_funky_padding_with_passphrase(self): # Proves #1306 by just not exploding with 'Invalid key'. Ed25519Key.from_private_key_file( _support("test_ed25519-funky-padding_password.key"), b"asdf")
def test_ed25519_funky_padding(self): # Proves #1306 by just not exploding with 'Invalid key'. Ed25519Key.from_private_key_file( _support("test_ed25519-funky-padding.key"))
def test_ed25519(self): key1 = Ed25519Key.from_private_key_file(test_path('test_ed25519.key')) key2 = Ed25519Key.from_private_key_file( test_path('test_ed25519_password.key'), b'abc123') self.assertNotEqual(key1.asbytes(), key2.asbytes())
def test_ed25519_nopad(self): Ed25519Key.from_private_key_file(_support("test_ed25519_nopad.key"))
def test_ed25519_nopad(self): key = Ed25519Key.from_private_key_file( _support("test_ed25519_nopad.key")) self.assert_key_values(key, 'ssh-ed25519', 256, None, FINGER_ED25519_NOPAD, FINGER_SHA256_ED25519_NOPAD)
def test_ed25519_nonbytes_password(self): key = Ed25519Key.from_private_key_file( _support('test_ed25519_password.key'), 'abc123') self.assert_key_values(key, 'ssh-ed25519', 256, None, FINGER_ED25519_PASS, FINGER_SHA256_ED25519_PASS)
def test_ed25519_load_from_file_obj(self): with open(test_path('test_ed25519.key')) as pkey_fileobj: key = Ed25519Key.from_private_key(pkey_fileobj) self.assertEqual(key, key) self.assertTrue(key.can_sign())