def check_key(self, pubkey, bits, fingerprint_md5, fingerprint_sha256, options, comment, **kwargs): # pylint:disable=too-many-arguments
""" Checks valid key """
ssh = SSHKey(pubkey, **kwargs)
ssh.parse()
self.assertEqual(ssh.bits, bits)
self.assertEqual(ssh.hash_md5(), fingerprint_md5)
self.assertEqual(ssh.options_raw, options)
self.assertEqual(ssh.comment, comment)
if fingerprint_sha256 is not None:
self.assertEqual(ssh.hash_sha256(), fingerprint_sha256)
def key_to_public_key(key):
# type: (str) -> PublicKey
"""Convert the string representation of a public key to a PublicKey transfer object."""
pubkey = SSHKey(key, strict=True)
pubkey.parse()
return PublicKey(
public_key=pubkey.keydata.strip(),
fingerprint=pubkey.hash_md5().replace("MD5:", ""),
fingerprint_sha256=pubkey.hash_sha256().replace("SHA256:", ""),
)
def check_key(self, pubkey, bits, fingerprint_md5, fingerprint_sha256, options, comment, **kwargs): # pylint:disable=too-many-arguments
""" Checks valid key """
ssh = SSHKey(pubkey, **kwargs)
ssh.parse()
self.assertEqual(ssh.bits, bits)
self.assertEqual(ssh.hash_md5(), fingerprint_md5)
self.assertEqual(ssh.options_raw, options)
self.assertEqual(ssh.comment, comment)
if fingerprint_sha256 is not None:
self.assertEqual(ssh.hash_sha256(), fingerprint_sha256)
def check_ssh_key(key_name: str) -> bool:
client = boto3.client("ec2")
response = client.describe_key_pairs(KeyNames=[key_name])
fingerprint = dpath.util.get(response, "KeyPairs/0/KeyFingerprint")
path = str(Path.home() / ".ssh" / f"{key_name}.pub")
# try:
with open(path, "r") as file:
ssh = SSHKey(file.read(), strict=True)
ssh.parse()
assert (ssh.hash_md5() == fingerprint
), f"Local key {ssh.hash_md5()} does not match {fingerprint}"
return True
def parse(self):
"""
Cleans the key from comments and options and pulates the MD5, SHA256
and SHA512 sums.
"""
ssh_key = SSHKey(self.public_key,
parse_options=False,
strict_mode=True)
ssh_key.parse()
# Tiny hack, to get the clean key
self.public_key = ' '.join(ssh_key._split_key(ssh_key.keydata))
self.md5 = ssh_key.hash_md5()
self.sha256 = ssh_key.hash_sha256()
self.sha512 = ssh_key.hash_sha512()
def add_key():
user = login_user
payload = request.get_json()
if not payload:
return jsonify({
'message': 'illegal params',
'code': 104000,
}), 400
public_key = payload.get('public_key')
name = payload.get('name')
if not public_key:
return jsonify({'message': 'invalid public key', 'code': 104000}), 400
ssh = SSHKey(public_key)
try:
ssh.parse()
except Exception as err:
return jsonify({
'message': 'invalid ssh key: {}'.format(str(err)),
'code': 104001,
}), 400
fingerprint = ssh.hash_md5()
existed = db.collection('public_keys').find_one(
{'fingerprint': fingerprint})
if existed:
return jsonify({
'message': 'ssh public key existed',
'code': 104003
}), 400
options = {'vault_pass': config.vault.get('secret')}
encode = Vault(options).encrypt_string(public_key)
data = {
'fingerprint': fingerprint,
'user_id': user.get('user_id'),
'content': encode,
'name': name,
'created_at': time.time()
}
result = db.collection('public_keys').insert_one(data)
data['_id'] = result.inserted_id
logger.info('add public_keys', extra={'record': data})
return jsonify({
'message': 'ok',
'code': 0,
})
def add_public_key_to_user(self, key, user):
# type: (str, str) -> None
sql_user = User.get(self.session, name=user)
assert sql_user
public_key = SSHKey(key, strict=True)
public_key.parse()
sql_public_key = PublicKey(
user_id=sql_user.id,
public_key=public_key.keydata.strip(),
fingerprint=public_key.hash_md5().replace("MD5:", ""),
fingerprint_sha256=public_key.hash_sha256().replace("SHA256:", ""),
key_size=public_key.bits,
key_type=public_key.key_type,
comment=public_key.comment,
)
sql_public_key.add(self.session)
def ssh():
if request.method == 'POST':
ssh_key_request = request.get_json(force=True)['ssh_key']
SSHKey(ssh_key_request).parse()
with open(os.path.expanduser("~/.ssh/authorized_keys"), "a") as f:
f.write(ssh_key_request.strip() + "\n")
ssh_keys = []
with open(os.path.expanduser("~/.ssh/authorized_keys")) as f:
for line in f.readlines():
pub_key = SSHKey(line)
pub_key.parse()
ssh_keys.append({
'bits': pub_key.bits,
'md5': pub_key.hash_md5(),
'comment': pub_key.comment
})
return jsonify(ssh_keys)
def save(self, *args, **kwargs):
# Set fingerprint
ssh = SSHKey(self.public_key)
ssh.parse()
self.fingerprint = ssh.hash_md5()[4:]
super().save(*args, **kwargs)
from sshpubkeys import SSHKey pub_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDS4ZCRAuR7Gr0SS2B3XR3IYLcwrCVTSu9nzEDIBHxkVYM+zwO4SBXxECJaOZMI14hgYGa1KMGMqoVAtd72Te+Uwmu4iwGNWW5mheAGUMsYJHhUzTpKxcHqhmXCJI9ngbrPO6KoBVSmYQ1QkYBMI/E8jYBPIy8cfMJIeX7/TL8irTrfA3RS04l84ngSCOFipLLsBq4fbDVc6qbMF6Y4hGcknpOY5PbqX/nG2PdNJ68acT9K1IwqXmi9ZukX1yvpH4a1J4EkwbMyrvrV+3f5RYyHOJr+HL9PhDUWu04zxg2RYl75mbLFOA+kZ92YxF8DRMh6k37GD+VvA56Q+33owZl1" ssh = SSHKey(pub_key) ssh.parse() print(ssh.hash_md5()) # MD5:c9:91:4f:48:43:2f:83:66:cc:22:d3:57:b2:69:40:7a
def get_sshkey_fingerprint(key):
keyfp = SSHKey(key)
fingerstr = "({})-{} ({})".format(
keyfp.comment, keyfp.hash_md5(),
keyfp.key_type.decode('utf-8').split('-')[0].upper())
return fingerstr.encode("utf-8")
def get_ssh_key_hash(self, key):
ssh = SSHKey(key)
ssh.parse()
return ssh.hash_md5().split('MD5:').pop()
