def _ssh_authentication_input_loop(self, hostkeys: paramiko.HostKeys, key: paramiko.PKey) -> None: # Ask user for permission to continue # let it look like openssh sha64_fingerprint = base64.b64encode( hashlib.sha256(base64.b64decode( key.get_base64())).digest()).decode("utf-8")[:-1] key_type = key.get_name().replace("ssh-", "").upper() print(f"The authenticity of host '{self.hostname}' can't " "be established.") print(f"{key_type} key fingerprint is {sha64_fingerprint}.") print("Are you sure you want to continue connecting (yes/no)? ", end="") add = input() while True: if add == "yes": hostkeys.add(self.hostname, key.get_name(), key) # ask user if the key should be added permanently print( f"Do you want to add {self.hostname} " "to known_hosts (yes/no)? ", end="", ) save = input() while True: if save == "yes": try: hostkeys.save(filename=self.known_hosts_file) except OSError as e: raise GvmError( "Something went wrong with writing " f"the known_hosts file: {e}") from None logger.info( "Warning: Permanently added '%s' (%s) to " "the list of known hosts.", self.hostname, key_type, ) break elif save == "no": logger.info( "Warning: Host '%s' (%s) not added to " "the list of known hosts.", self.hostname, key_type, ) break else: print("Please type 'yes' or 'no': ", end="") save = input() break elif add == "no": return sys.exit( "User denied key. Host key verification failed.") else: print("Please type 'yes' or 'no': ", end="") add = input()
def _validate_key(host: str, server_key: PKey): known_hosts_file = '~/.ssh/known_hosts' host_keys = HostKeys() host_keys.load(os.path.expanduser(known_hosts_file)) known_server_keys = host_keys.get(host) add_host_key_instructions = 'You can add the host key with `\n' \ f'ssh-keyscan -H {host} >> {known_hosts_file}\n`' if known_server_keys is None: raise SSHAuthenticationError( f'plz host is not known. {add_host_key_instructions}') known_server_keys = host_keys.get(host) if known_server_keys.get(server_key.get_name()) is None: raise SSHAuthenticationError( f'No key found for host {host} with name ' f'{server_key.get_name()}. {add_host_key_instructions}') if server_key != known_server_keys.get(server_key.get_name()): raise SSHAuthenticationError( f'Bad host key for `{host}`. Fix your `{known_hosts_file}` file')
def auth_publickey(self, username: Text, host: Text, port: int, key: PKey) -> int: ssh_pub_key = SSHKey(f"{key.get_name()} {key.get_base64()}") ssh_pub_key.parse() if key.can_sign(): logging.debug( "AuthenticatorPassThrough.auth_publickey: username=%s, key=%s %s %sbits", username, key.get_name(), ssh_pub_key.hash_sha256(), ssh_pub_key.bits) return self.connect(username, host, port, AuthenticationMethod.publickey, key=key) # Ein Publickey wird nur direkt von check_auth_publickey # übergeben. In dem Fall müssen wir den Client authentifizieren, # damit wir auf den Agent warten können! publickey = paramiko.pkey.PublicBlob(key.get_name(), key.asbytes()) if probe_host(host, port, username, publickey): logging.debug( f"Found valid key for host {host}:{port} username={username}, key={key.get_name()} {ssh_pub_key.hash_sha256()} {ssh_pub_key.bits}bits" ) return paramiko.common.AUTH_SUCCESSFUL return paramiko.common.AUTH_FAILED