def test_savingsPreservesExisting(self): """ L{KnownHostsFile.save} will not overwrite existing entries in its save path, even if they were only added after the L{KnownHostsFile} instance was initialized. """ # Start off with one host/key pair in the file path = self.pathWithContent(sampleHashedLine) knownHosts = KnownHostsFile.fromPath(path) # After initializing the KnownHostsFile instance, add a second host/key # pair to the file directly - without the instance's help or knowledge. with path.open("a") as hostsFileObj: hostsFileObj.write(otherSamplePlaintextLine) # Add a third host/key pair using the KnownHostsFile instance key = Key.fromString(thirdSampleKey) knownHosts.addHostKey("brandnew.example.com", key) knownHosts.save() # Check that all three host/key pairs are present. knownHosts = KnownHostsFile.fromPath(path) self.assertEqual([True, True, True], [ knownHosts.hasHostKey( "www.twistedmatrix.com", Key.fromString(sampleKey)), knownHosts.hasHostKey( "divmod.com", Key.fromString(otherSampleKey)), knownHosts.hasHostKey("brandnew.example.com", key)])
def test_defaultInitializerIgnoresExisting(self): """ The default initializer for L{KnownHostsFile} disregards any existing contents in the save path. """ hostsFile = KnownHostsFile(self.pathWithContent(sampleHashedLine)) self.assertEqual([], list(hostsFile.iterentries()))
def test_mismatchedHostKey(self): """ If the SSH public key presented by the SSH server does not match the previously remembered key, as reported by the L{KnownHostsFile} instance use to construct the endpoint, for that server, the L{Deferred} returned by L{SSHCommandClientEndpoint.connect} fires with a L{Failure} wrapping L{HostKeyChanged}. """ differentKey = Key.fromString(privateDSA_openssh).public() knownHosts = KnownHostsFile(self.mktemp()) knownHosts.addHostKey(self.serverAddress.host, differentKey) knownHosts.addHostKey(self.hostname, differentKey) # The UI may answer true to any questions asked of it; they should # make no difference, since a *mismatched* key is not even optionally # allowed to complete a connection. ui = FixedResponseUI(True) endpoint = SSHCommandClientEndpoint.newConnection( self.reactor, b"/bin/ls -l", b"dummy user", self.hostname, self.port, password=b"dummy password", knownHosts=knownHosts, ui=ui) factory = Factory() factory.protocol = Protocol connected = endpoint.connect(factory) server, client, pump = self.connectedServerAndClient( self.factory, self.reactor.tcpClients[0][2]) f = self.failureResultOf(connected) f.trap(HostKeyChanged)
def test_iterentriesUnsaved(self): """ If the save path for a L{KnownHostsFile} does not exist, L{KnownHostsFile.iterentries} still returns added but unsaved entries. """ hostsFile = KnownHostsFile(FilePath(self.mktemp())) hostsFile.addHostKey("www.example.com", Key.fromString(sampleKey)) self.assertEqual(1, len(list(hostsFile.iterentries())))
def test_defaultInitializerClobbersExisting(self): """ After using the default initializer for L{KnownHostsFile}, the first use of L{KnownHostsFile.save} overwrites any existing contents in the save path. """ path = self.pathWithContent(sampleHashedLine) hostsFile = KnownHostsFile(path) entry = hostsFile.addHostKey( "www.example.com", Key.fromString(otherSampleKey)) hostsFile.save() # Check KnownHostsFile to see what it thinks the state is self.assertEqual([entry], list(hostsFile.iterentries())) # And also directly check the underlying file itself self.assertEqual(entry.toString() + "\n", path.getContent())
def fromConfig(cls, reactor): keys = [] if "identity" in _CONFIG: keyPath = os.path.expanduser(_CONFIG["identity"]) if os.path.exists(keyPath): keys.append(readKey(keyPath)) knownHostsPath = FilePath(os.path.expanduser(_CONFIG["knownhosts"])) if knownHostsPath.exists(): knownHosts = KnownHostsFile.fromPath(knownHostsPath) else: knownHosts = None if "no-agent" in _CONFIG or "SSH_AUTH_SOCK" not in os.environ: agentEndpoint = None else: agentEndpoint = UNIXClientEndpoint( reactor, os.environ["SSH_AUTH_SOCK"]) if "password" in _CONFIG: password = _CONFIG["password"] else: password = None return cls( reactor, _CONFIG["host"], _CONFIG["port"], _CONFIG["username"], password, keys, knownHosts, agentEndpoint)
def fromCommandLine(cls, reactor, argv): config = EchoOptions() config.parseOptions(argv) keys = [] if config["identity"]: keyPath = os.path.expanduser(config["identity"]) if os.path.exists(keyPath): keys.append(readKey(keyPath)) knownHostsPath = FilePath(os.path.expanduser(config["knownhosts"])) if knownHostsPath.exists(): knownHosts = KnownHostsFile.fromPath(knownHostsPath) else: knownHosts = None if config["no-agent"] or "SSH_AUTH_SOCK" not in os.environ: agentEndpoint = None else: agentEndpoint = UNIXClientEndpoint( reactor, os.environ["SSH_AUTH_SOCK"]) return cls( reactor, config["host"], config["port"], config["username"], config["password"], keys, knownHosts, agentEndpoint)
def _knownHosts(cls): """ @return: A L{KnownHostsFile} instance pointed at the user's personal I{known hosts} file. @type: L{KnownHostsFile} """ return KnownHostsFile.fromPath(FilePath(expanduser(cls._KNOWN_HOSTS)))
def __init__(self, *args, **kw): channel.CowrieSSHChannel.__init__(self, *args, **kw) keyPath = CONFIG.get('proxy', 'private_key') self.keys.append(keys.Key.fromFile(keyPath)) try: keyPath = CONFIG.get('proxy', 'private_key') self.keys.append(keys.Key.fromFile(keyPath)) except NoOptionError: self.keys = None knownHostsPath = CONFIG.get('proxy', 'known_hosts') self.knownHosts = KnownHostsFile.fromPath(knownHostsPath) self.host = CONFIG.get('proxy', 'host') self.port = CONFIG.getint('proxy', 'port') self.user = CONFIG.get('proxy', 'user') try: self.password = CONFIG.get('proxy', 'password') except NoOptionError: self.password = None log.msg("knownHosts = {0}".format(repr(self.knownHosts))) log.msg("host = {0}".format(self.host)) log.msg("port = {0}".format(self.port)) log.msg("user = {0}".format(self.user)) self.client = ProxyClient(self)
def get_connection_helper(reactor, address, username, port): """ Get a :class:`twisted.conch.endpoints._ISSHConnectionCreator` to connect to the given remote. :param reactor: Reactor to connect with. :param bytes address: The address of the remote host to connect to. :param bytes username: The user to connect as. :param int port: The port of the ssh server to connect to. :return _ISSHConnectionCreator: """ try: agentEndpoint = UNIXClientEndpoint( reactor, os.environ["SSH_AUTH_SOCK"]) except KeyError: agentEndpoint = None return _NewConnectionHelper( reactor, address, port, None, username, keys=None, password=None, agentEndpoint=agentEndpoint, knownHosts=KnownHostsFile.fromPath(FilePath("/dev/null")), ui=ConsoleUI(lambda: _ReadFile(b"yes")))
def verifyHostKey(transport, host, pubKey, fingerprint): log.msg("verifying host key") actualHost = transport.factory.options["host"] actualKey = keys.Key.fromString(pubKey) kh = KnownHostsFile.fromPath( FilePath(transport.factory.options["known-hosts"] or os.path.expanduser("~/.ssh/known_hosts")) ) return kh.verifyHostKey(console, actualHost, host, actualKey).addErrback(log.err)
def test_unsavedEntryHasKeyMismatch(self): """ L{KnownHostsFile.hasHostKey} raises L{HostKeyChanged} if the host key is present in memory (but not yet saved), but different from the expected one. The resulting exception has a C{offendingEntry} indicating the given entry, but no filename or line number information (reflecting the fact that the entry exists only in memory). """ hostsFile = KnownHostsFile(FilePath(self.mktemp())) entry = hostsFile.addHostKey( "www.example.com", Key.fromString(otherSampleKey)) exception = self.assertRaises( HostKeyChanged, hostsFile.hasHostKey, "www.example.com", Key.fromString(thirdSampleKey)) self.assertEqual(exception.offendingEntry, entry) self.assertEqual(exception.lineno, None) self.assertEqual(exception.path, None)
def setUp(self): """ Configure an SSH server with password authentication enabled for a well-known (to the tests) account. """ SSHCommandClientEndpointTestsMixin.setUp(self) knownHosts = KnownHostsFile(FilePath(self.mktemp())) knownHosts.addHostKey( self.hostname, self.factory.publicKeys['ssh-rsa']) knownHosts.addHostKey( self.serverAddress.host, self.factory.publicKeys['ssh-rsa']) self.endpoint = SSHCommandClientEndpoint.newConnection( self.reactor, b"/bin/ls -l", self.user, self.hostname, self.port, password=self.password, knownHosts=knownHosts, ui=FixedResponseUI(False))
def __init__(self, factory): self.factory = factory self._state = b'STARTING' self.knownHosts = KnownHostsFile.fromPath( FilePath(os.path.expanduser('~/.ssh/known_hosts')) ) self._hostKeyFailure = None self._user_auth = None self._connection_lost_reason = None
def connectionMade(self): script_dir = os.getcwd() rel_path = "hostkeys" abs_file_path = os.path.join(script_dir, rel_path) knownHosts = KnownHostsFile.fromPath(abs_file_path) self.point = SSHCommandClientEndpoint.newConnection(reactor, 'cmd', 'user', '127.0.0.1', port=5122, password='******', knownHosts=PermissiveKnownHosts()) self.sshSide = FzSSHClient() self.sshSide.tcpSide = self connectProtocol(self.point, self.sshSide)
def setUp(self): """ Patch 'open' in verifyHostKey. """ self.fakeFile = FakeFile() self.patch(default, "_open", self.patchedOpen) self.hostsOption = self.mktemp() self.hashedEntries = {} knownHostsFile = KnownHostsFile(FilePath(self.hostsOption)) for host in (b"exists.example.com", b"4.3.2.1"): entry = knownHostsFile.addHostKey(host, Key.fromString(sampleKey)) self.hashedEntries[host] = entry knownHostsFile.save() self.fakeTransport = FakeObject() self.fakeTransport.factory = FakeObject() self.options = self.fakeTransport.factory.options = { 'host': b"exists.example.com", 'known-hosts': self.hostsOption }
def loadSampleHostsFile(self, content=( sampleHashedLine + otherSamplePlaintextLine + "\n# That was a blank line.\n" "This is just unparseable.\n" "|1|This also unparseable.\n")): """ Return a sample hosts file, with keys for www.twistedmatrix.com and divmod.com present. """ return KnownHostsFile.fromPath(self.pathWithContent(content))
def test_loadNonExistent(self): """ Loading a L{KnownHostsFile} from a path that does not exist should result in an empty L{KnownHostsFile} that will save back to that path. """ pn = self.mktemp() knownHostsFile = KnownHostsFile.fromPath(FilePath(pn)) self.assertEqual([], list(knownHostsFile._entries)) self.assertEqual(False, FilePath(pn).exists()) knownHostsFile.save() self.assertEqual(True, FilePath(pn).exists())
def test_loadNonExistentParent(self): """ Loading a L{KnownHostsFile} from a path whose parent directory does not exist should result in an empty L{KnownHostsFile} that will save back to that path, creating its parent directory(ies) in the process. """ thePath = FilePath(self.mktemp()) knownHostsPath = thePath.child("foo").child("known_hosts") knownHostsFile = KnownHostsFile.fromPath(knownHostsPath) knownHostsFile.save() knownHostsPath.restat(False) self.assertEqual(True, knownHostsPath.exists())
def test_readExisting(self): """ Existing entries in the I{known_hosts} file are reflected by the L{KnownHostsFile} created by L{_NewConnectionHelper} when none is supplied to it. """ key = CommandFactory().publicKeys['ssh-rsa'] path = FilePath(self.mktemp()) knownHosts = KnownHostsFile(path) knownHosts.addHostKey("127.0.0.1", key) knownHosts.save() msg("Created known_hosts file at %r" % (path.path,)) # Unexpand ${HOME} to make sure ~ syntax is respected. home = os.path.expanduser("~/") default = path.path.replace(home, "~/") self.patch(_NewConnectionHelper, "_KNOWN_HOSTS", default) msg("Patched _KNOWN_HOSTS with %r" % (default,)) loaded = _NewConnectionHelper._knownHosts() self.assertTrue(loaded.hasHostKey("127.0.0.1", key))
def test_saveResetsClobberState(self): """ After L{KnownHostsFile.save} is used once with an instance initialized by the default initializer, contents of the save path are respected and preserved. """ hostsFile = KnownHostsFile(self.pathWithContent(sampleHashedLine)) preSave = hostsFile.addHostKey( "www.example.com", Key.fromString(otherSampleKey)) hostsFile.save() postSave = hostsFile.addHostKey( "another.example.com", Key.fromString(thirdSampleKey)) hostsFile.save() self.assertEqual([preSave, postSave], list(hostsFile.iterentries()))
def setUp(self): """ Configure an SSH server with password authentication enabled for a well-known (to the tests) account. """ SSHCommandClientEndpointTestsMixin.setUp(self) # Make the server's host key available to be verified by the client. self.hostKeyPath = FilePath(self.mktemp()) self.knownHosts = KnownHostsFile(self.hostKeyPath) self.knownHosts.addHostKey( self.hostname, self.factory.publicKeys['ssh-rsa']) self.knownHosts.addHostKey( self.serverAddress.host, self.factory.publicKeys['ssh-rsa']) self.knownHosts.save()
def verifyHostKey(transport, host, pubKey, fingerprint): """ Verify a host's key. This function is a gross vestige of some bad factoring in the client internals. The actual implementation, and a better signature of this logic is in L{KnownHostsFile.verifyHostKey}. This function is not deprecated yet because the callers have not yet been rehabilitated, but they should eventually be changed to call that method instead. However, this function does perform two functions not implemented by L{KnownHostsFile.verifyHostKey}. It determines the path to the user's known_hosts file based on the options (which should really be the options object's job), and it provides an opener to L{ConsoleUI} which opens '/dev/tty' so that the user will be prompted on the tty of the process even if the input and output of the process has been redirected. This latter part is, somewhat obviously, not portable, but I don't know of a portable equivalent that could be used. @param host: Due to a bug in L{SSHClientTransport.verifyHostKey}, this is always the dotted-quad IP address of the host being connected to. @type host: L{str} @param transport: the client transport which is attempting to connect to the given host. @type transport: L{SSHClientTransport} @param fingerprint: the fingerprint of the given public key, in xx:xx:xx:... format. This is ignored in favor of getting the fingerprint from the key itself. @type fingerprint: L{str} @param pubKey: The public key of the server being connected to. @type pubKey: L{str} @return: a L{Deferred} which fires with C{1} if the key was successfully verified, or fails if the key could not be successfully verified. Failure types may include L{HostKeyChanged}, L{UserRejectedKey}, L{IOError} or L{KeyboardInterrupt}. """ actualHost = transport.factory.options['host'] actualKey = keys.Key.fromString(pubKey) kh = KnownHostsFile.fromPath(FilePath( transport.factory.options['known-hosts'] or os.path.expanduser(_KNOWN_HOSTS) )) ui = ConsoleUI(lambda : _open("/dev/tty", "r+b", buffering=0)) return kh.verifyHostKey(ui, actualHost, host, actualKey)
def verifyHostKey(transport, host, pubKey, fingerprint): """ Verify a host's key. This function is a gross vestige of some bad factoring in the client internals. The actual implementation, and a better signature of this logic is in L{KnownHostsFile.verifyHostKey}. This function is not deprecated yet because the callers have not yet been rehabilitated, but they should eventually be changed to call that method instead. However, this function does perform two functions not implemented by L{KnownHostsFile.verifyHostKey}. It determines the path to the user's known_hosts file based on the options (which should really be the options object's job), and it provides an opener to L{ConsoleUI} which opens '/dev/tty' so that the user will be prompted on the tty of the process even if the input and output of the process has been redirected. This latter part is, somewhat obviously, not portable, but I don't know of a portable equivalent that could be used. @param host: Due to a bug in L{SSHClientTransport.verifyHostKey}, this is always the dotted-quad IP address of the host being connected to. @type host: L{str} @param transport: the client transport which is attempting to connect to the given host. @type transport: L{SSHClientTransport} @param fingerprint: the fingerprint of the given public key, in xx:xx:xx:... format. This is ignored in favor of getting the fingerprint from the key itself. @type fingerprint: L{str} @param pubKey: The public key of the server being connected to. @type pubKey: L{str} @return: a L{Deferred} which fires with C{1} if the key was successfully verified, or fails if the key could not be successfully verified. Failure types may include L{HostKeyChanged}, L{UserRejectedKey}, L{IOError} or L{KeyboardInterrupt}. """ actualHost = transport.factory.options['host'] actualKey = keys.Key.fromString(pubKey) kh = KnownHostsFile.fromPath(FilePath( transport.factory.options['known-hosts'] or os.path.expanduser(_KNOWN_HOSTS) )) ui = ConsoleUI(lambda : _open("/dev/tty", "r+b")) return kh.verifyHostKey(ui, actualHost, host, actualKey)
def connectionMade(self): script_dir = os.getcwd() rel_path = "hostkeys" abs_file_path = os.path.join(script_dir, rel_path) knownHosts = KnownHostsFile.fromPath(abs_file_path) self.point = SSHCommandClientEndpoint.newConnection( reactor, 'cmd', 'user', '127.0.0.1', port=5122, password='******', knownHosts=PermissiveKnownHosts()) self.sshSide = FzSSHClient() self.sshSide.tcpSide = self connectProtocol(self.point, self.sshSide)
def setUp(self): """ Patch 'open' in verifyHostKey. """ self.fakeFile = FakeFile() self.patch(default, "_open", self.patchedOpen) self.hostsOption = self.mktemp() knownHostsFile = KnownHostsFile(FilePath(self.hostsOption)) knownHostsFile.addHostKey("exists.example.com", Key.fromString(sampleKey)) knownHostsFile.addHostKey("4.3.2.1", Key.fromString(sampleKey)) knownHostsFile.save() self.fakeTransport = FakeObject() self.fakeTransport.factory = FakeObject() self.options = self.fakeTransport.factory.options = { 'host': "exists.example.com", 'known-hosts': self.hostsOption }
def test_verifyNonPresentKey_Yes(self): """ Verifying a key where neither the hostname nor the IP are present should result in the UI being prompted with a message explaining as much. If the UI says yes, the Deferred should fire with True. """ ui, l, knownHostsFile = self.verifyNonPresentKey() ui.promptDeferred.callback(True) self.assertEqual([True], l) reloaded = KnownHostsFile.fromPath(knownHostsFile._savePath) self.assertEqual( True, reloaded.hasHostKey("4.3.2.1", Key.fromString(thirdSampleKey))) self.assertEqual( True, reloaded.hasHostKey("sample-host.example.com", Key.fromString(thirdSampleKey)))
def test_savingAvoidsDuplication(self): """ L{KnownHostsFile.save} only writes new entries to the save path, not entries which were added and already written by a previous call to C{save}. """ path = FilePath(self.mktemp()) knownHosts = KnownHostsFile(path) entry = knownHosts.addHostKey("some.example.com", Key.fromString(sampleKey)) knownHosts.save() knownHosts.save() knownHosts = KnownHostsFile.fromPath(path) self.assertEqual([entry], list(knownHosts.iterentries()))
def test_verifyNonPresentKey_Yes(self): """ Verifying a key where neither the hostname nor the IP are present should result in the UI being prompted with a message explaining as much. If the UI says yes, the Deferred should fire with True. """ ui, l, knownHostsFile = self.verifyNonPresentKey() ui.promptDeferred.callback(True) self.assertEqual([True], l) reloaded = KnownHostsFile.fromPath(knownHostsFile.savePath) self.assertEqual( True, reloaded.hasHostKey("4.3.2.1", Key.fromString(thirdSampleKey))) self.assertEqual( True, reloaded.hasHostKey("sample-host.example.com", Key.fromString(thirdSampleKey)))
def test_verifyKeyForHostAndIP(self): """ Verifying a key where the hostname is present but the IP is not should result in the key being added for the IP and the user being warned about the change. """ ui = FakeUI() hostsFile = self.loadSampleHostsFile() expectedKey = Key.fromString(sampleKey) hostsFile.verifyHostKey( ui, "www.twistedmatrix.com", "5.4.3.2", expectedKey) self.assertEqual( True, KnownHostsFile.fromPath(hostsFile.savePath).hasHostKey( "5.4.3.2", expectedKey)) self.assertEqual( ["Warning: Permanently added the RSA host key for IP address " "'5.4.3.2' to the list of known hosts."], ui.userWarnings)
def __init__(self, hostname, username, port, password=None, knownhosts=None): self.hostname = hostname.encode() self.username = username.encode() self.port = int(port) self.password = None if password: self.password = password.encode() self.connection = None if not knownhosts: knownhosts = '/var/lib/tensor/known_hosts' self.knownHosts = KnownHostsFile.fromPath(FilePath(knownhosts.encode())) self.knownHosts.verifyHostKey = self.verifyHostKey self.keys = []
def test_verifyHostButNotIP(self): """ L{default.verifyHostKey} should return a L{Deferred} which fires with C{1} when passed a host which matches with an IP is not present in its known_hosts file, and should also warn the user that it has added the IP address. """ l = [] default.verifyHostKey(self.fakeTransport, "8.7.6.5", sampleKey, "Fingerprint not required.").addCallback(l.append) self.assertEqual( ["Warning: Permanently added the RSA host key for IP address " "'8.7.6.5' to the list of known hosts."], self.fakeFile.outchunks) self.assertEqual([1], l) knownHostsFile = KnownHostsFile.fromPath(FilePath(self.hostsOption)) self.assertEqual(True, knownHostsFile.hasHostKey("8.7.6.5", Key.fromString(sampleKey)))
def __init__(self, *args, **kw): channel.CowrieSSHChannel.__init__(self, *args, **kw) #self.__dict__['*****@*****.**'] = self.request_agent keyPath = CONFIG.get('proxy', 'private_key') self.keys.append(keys.Key.fromFile(keyPath)) knownHostsPath = CONFIG.get('proxy', 'known_hosts') self.knownHosts = KnownHostsFile.fromPath(knownHostsPath) self.host = CONFIG.get('proxy', 'host') self.port = CONFIG.getint('proxy', 'port') self.user = CONFIG.get('proxy', 'user') self.password = CONFIG.get('proxy', 'password') log.msg( "host = "+self.host) log.msg( "port = "+str(self.port)) log.msg( "user = "******"known = "+str(self.knownHosts))
def getHostKeyAlgorithms(host, options): """ Look in known_hosts for a key corresponding to C{host}. This can be used to change the order of supported key types in the KEXINIT packet. @type host: L{str} @param host: the host to check in known_hosts @type options: L{twisted.conch.client.options.ConchOptions} @param options: options passed to client @return: L{list} of L{str} representing key types or L{None}. """ knownHosts = KnownHostsFile.fromPath( FilePath(options['known-hosts'] or os.path.expanduser(_KNOWN_HOSTS))) keyTypes = [] for entry in knownHosts.iterentries(): if entry.matchesHost(host): if entry.keyType not in keyTypes: keyTypes.append(entry.keyType) return keyTypes or None
def test_savingAvoidsDuplication(self): """ L{KnownHostsFile.save} only writes new entries to the save path, not entries which were added and already written by a previous call to C{save}. """ path = FilePath(self.mktemp()) knownHosts = KnownHostsFile(path) entry = knownHosts.addHostKey( "some.example.com", Key.fromString(sampleKey)) knownHosts.save() knownHosts.save() knownHosts = KnownHostsFile.fromPath(path) self.assertEqual([entry], list(knownHosts.iterentries()))
def test_defaultInitializerClobbersExisting(self): """ After using the default initializer for L{KnownHostsFile}, the first use of L{KnownHostsFile.save} overwrites any existing contents in the save path. """ path = self.pathWithContent(sampleHashedLine) hostsFile = KnownHostsFile(path) entry = hostsFile.addHostKey("www.example.com", Key.fromString(otherSampleKey)) hostsFile.save() # Check KnownHostsFile to see what it thinks the state is self.assertEqual([entry], list(hostsFile.iterentries())) # And also directly check the underlying file itself self.assertEqual(entry.toString() + "\n", path.getContent())
def test_savingAddsEntry(self): """ L{KnownHostsFile.save} will write out a new file with any entries that have been added. """ path = self.pathWithContent(sampleHashedLine + otherSamplePlaintextLine) knownHostsFile = KnownHostsFile.fromPath(path) newEntry = knownHostsFile.addHostKey("some.example.com", Key.fromString(thirdSampleKey)) expectedContent = (sampleHashedLine + otherSamplePlaintextLine + HashedEntry.MAGIC + b2a_base64(newEntry._hostSalt).strip() + "|" + b2a_base64(newEntry._hostHash).strip() + " ssh-rsa " + thirdSampleEncodedKey + "\n") # Sanity check, let's make sure the base64 API being used for the test # isn't inserting spurious newlines. self.assertEqual(3, expectedContent.count("\n")) knownHostsFile.save() self.assertEqual(expectedContent, path.getContent())
def test_savingAddsEntry(self): """ L{KnownHostsFile.save()} will write out a new file with any entries that have been added. """ path = self.pathWithContent(sampleHashedLine + otherSamplePlaintextLine) knownHostsFile = KnownHostsFile.fromPath(path) newEntry = knownHostsFile.addHostKey("some.example.com", Key.fromString(thirdSampleKey)) expectedContent = ( sampleHashedLine + otherSamplePlaintextLine + HashedEntry.MAGIC + b2a_base64(newEntry._hostSalt).strip() + "|" + b2a_base64(newEntry._hostHash).strip() + " ssh-rsa " + thirdSampleEncodedKey + "\n") # Sanity check, let's make sure the base64 API being used for the test # isn't inserting spurious newlines. self.assertEqual(3, expectedContent.count("\n")) knownHostsFile.save() self.assertEqual(expectedContent, path.getContent())
def __init__(self, remote_config, cmd): """Create a new remote Astrisk CLI Protocol instance Keyword Arguments: remote_config The parameters configuring this remote CLI command cmd The CLI command to run """ if REMOTE_ERROR: raise REMOTE_ERROR self.exitcode = -1 self.output = "" self.err = "" self.config = remote_config self.cmd = cmd self.keys = [] identity = self.config.get('identity') if identity: key_path = os.path.expanduser(identity) if os.path.exists(key_path): passphrase = self.config.get('passphrase') self.keys.append(Key.fromFile(key_path, passphrase=passphrase)) known_hosts_file = self.config.get('known_hosts', '~/.ssh/known_hosts') known_hosts_path = FilePath(os.path.expanduser(known_hosts_file)) if known_hosts_path.exists(): self.known_hosts = KnownHostsFile.fromPath(known_hosts_path) else: self.known_hosts = None no_agent = self.config.get('no-agent') if no_agent or 'SSH_AUTH_SOCK' not in os.environ: self.agent_endpoint = None else: self.agent_endpoint = UNIXClientEndpoint(reactor, os.environ['SSH_AUTH_SOCK'])
def __init__(self, hostname, username, port, password=None, knownhosts=None): self.hostname = hostname.encode() self.username = username.encode() self.port = int(port) self.password = None self.endpoint = None if password: self.password = password.encode() self.connection = None if not knownhosts: knownhosts = '/var/lib/duct/known_hosts' self.knownHosts = KnownHostsFile.fromPath(FilePath( knownhosts.encode())) self.knownHosts.verifyHostKey = self.verifyHostKey self.keys = []
def fromCommandLine(cls, reactor, argv): config = EchoOptions() config.parseOptions(argv) keys = [] if config["identity"]: keyPath = os.path.expanduser(config["identity"]) if os.path.exists(keyPath): keys.append(readKey(keyPath)) knownHostsPath = FilePath(os.path.expanduser(config["knownhosts"])) if knownHostsPath.exists(): knownHosts = KnownHostsFile.fromPath(knownHostsPath) else: knownHosts = None if config["no-agent"] or "SSH_AUTH_SOCK" not in os.environ: agentEndpoint = None else: agentEndpoint = UNIXClientEndpoint(reactor, os.environ["SSH_AUTH_SOCK"]) return cls(reactor, config["host"], config["port"], config["username"], config["password"], keys, knownHosts, agentEndpoint)
def setUp(self): """ Configure an SSH server with password authentication enabled for a well-known (to the tests) account. """ SSHCommandClientEndpointTestsMixin.setUp(self) knownHosts = KnownHostsFile(FilePath(self.mktemp())) knownHosts.addHostKey(self.hostname, self.factory.publicKeys['ssh-rsa']) knownHosts.addHostKey(self.serverAddress.host, self.factory.publicKeys['ssh-rsa']) self.endpoint = SSHCommandClientEndpoint.newConnection( self.reactor, b"/bin/ls -l", self.user, self.hostname, self.port, password=self.password, knownHosts=knownHosts, ui=FixedResponseUI(False))
def test_readExisting(self): """ Existing entries in the I{known_hosts} file are reflected by the L{KnownHostsFile} created by L{_NewConnectionHelper} when none is supplied to it. """ key = CommandFactory().publicKeys['ssh-rsa'] path = FilePath(self.mktemp()) knownHosts = KnownHostsFile(path) knownHosts.addHostKey("127.0.0.1", key) knownHosts.save() msg("Created known_hosts file at %r" % (path.path, )) # Unexpand ${HOME} to make sure ~ syntax is respected. home = os.path.expanduser("~/") default = path.path.replace(home, "~/") self.patch(_NewConnectionHelper, "_KNOWN_HOSTS", default) msg("Patched _KNOWN_HOSTS with %r" % (default, )) loaded = _NewConnectionHelper._knownHosts() self.assertTrue(loaded.hasHostKey("127.0.0.1", key))
def getKnownHosts(knownhosts, **kwargs): known_hosts_path = FilePath(os.path.expanduser(knownhosts)) if known_hosts_path.exists(): return KnownHostsFile.fromPath(known_hosts_path)
class NewConnectionTests(TestCase, SSHCommandClientEndpointTestsMixin): """ Tests for L{SSHCommandClientEndpoint} when using the C{newConnection} constructor. """ def setUp(self): """ Configure an SSH server with password authentication enabled for a well-known (to the tests) account. """ SSHCommandClientEndpointTestsMixin.setUp(self) # Make the server's host key available to be verified by the client. self.hostKeyPath = FilePath(self.mktemp()) self.knownHosts = KnownHostsFile(self.hostKeyPath) self.knownHosts.addHostKey(self.hostname, self.factory.publicKeys['ssh-rsa']) self.knownHosts.addHostKey(self.serverAddress.host, self.factory.publicKeys['ssh-rsa']) self.knownHosts.save() def create(self): """ Create and return a new L{SSHCommandClientEndpoint} using the C{newConnection} constructor. """ return SSHCommandClientEndpoint.newConnection( self.reactor, b"/bin/ls -l", self.user, self.hostname, self.port, password=self.password, knownHosts=self.knownHosts, ui=FixedResponseUI(False)) def finishConnection(self): """ Establish the first attempted TCP connection using the SSH server which C{self.factory} can create. """ return self.connectedServerAndClient(self.factory, self.reactor.tcpClients[0][2]) def assertClientTransportState(self, client, immediateClose): """ Assert that the transport for the given protocol has been disconnected. L{SSHCommandClientEndpoint.newConnection} creates a new dedicated SSH connection and cleans it up after the command exits. """ # Nothing useful can be done with the connection at this point, so the # endpoint should close it. if immediateClose: self.assertTrue(client.transport.aborted) else: self.assertTrue(client.transport.disconnecting) def test_destination(self): """ L{SSHCommandClientEndpoint} uses the L{IReactorTCP} passed to it to attempt a connection to the host/port address also passed to it. """ endpoint = SSHCommandClientEndpoint.newConnection( self.reactor, b"/bin/ls -l", self.user, self.hostname, self.port, password=self.password, knownHosts=self.knownHosts, ui=FixedResponseUI(False)) factory = Factory() factory.protocol = Protocol endpoint.connect(factory) host, port, factory, timeout, bindAddress = self.reactor.tcpClients[0] self.assertEqual(self.hostname, host) self.assertEqual(self.port, port) self.assertEqual(1, len(self.reactor.tcpClients)) def test_connectionFailed(self): """ If a connection cannot be established, the L{Deferred} returned by L{SSHCommandClientEndpoint.connect} fires with a L{Failure} representing the reason for the connection setup failure. """ endpoint = SSHCommandClientEndpoint.newConnection( self.reactor, b"/bin/ls -l", b"dummy user", self.hostname, self.port, knownHosts=self.knownHosts, ui=FixedResponseUI(False)) factory = Factory() factory.protocol = Protocol d = endpoint.connect(factory) factory = self.reactor.tcpClients[0][2] factory.clientConnectionFailed(None, Failure(ConnectionRefusedError())) self.failureResultOf(d).trap(ConnectionRefusedError) def test_userRejectedHostKey(self): """ If the L{KnownHostsFile} instance used to construct L{SSHCommandClientEndpoint} rejects the SSH public key presented by the server, the L{Deferred} returned by L{SSHCommandClientEndpoint.connect} fires with a L{Failure} wrapping L{UserRejectedKey}. """ endpoint = SSHCommandClientEndpoint.newConnection( self.reactor, b"/bin/ls -l", b"dummy user", self.hostname, self.port, knownHosts=KnownHostsFile(self.mktemp()), ui=FixedResponseUI(False)) factory = Factory() factory.protocol = Protocol connected = endpoint.connect(factory) server, client, pump = self.connectedServerAndClient( self.factory, self.reactor.tcpClients[0][2]) f = self.failureResultOf(connected) f.trap(UserRejectedKey) def test_mismatchedHostKey(self): """ If the SSH public key presented by the SSH server does not match the previously remembered key, as reported by the L{KnownHostsFile} instance use to construct the endpoint, for that server, the L{Deferred} returned by L{SSHCommandClientEndpoint.connect} fires with a L{Failure} wrapping L{HostKeyChanged}. """ differentKey = Key.fromString(privateDSA_openssh).public() knownHosts = KnownHostsFile(self.mktemp()) knownHosts.addHostKey(self.serverAddress.host, differentKey) knownHosts.addHostKey(self.hostname, differentKey) # The UI may answer true to any questions asked of it; they should # make no difference, since a *mismatched* key is not even optionally # allowed to complete a connection. ui = FixedResponseUI(True) endpoint = SSHCommandClientEndpoint.newConnection( self.reactor, b"/bin/ls -l", b"dummy user", self.hostname, self.port, password=b"dummy password", knownHosts=knownHosts, ui=ui) factory = Factory() factory.protocol = Protocol connected = endpoint.connect(factory) server, client, pump = self.connectedServerAndClient( self.factory, self.reactor.tcpClients[0][2]) f = self.failureResultOf(connected) f.trap(HostKeyChanged) def test_connectionClosedBeforeSecure(self): """ If the connection closes at any point before the SSH transport layer has finished key exchange (ie, gotten to the point where we may attempt to authenticate), the L{Deferred} returned by L{SSHCommandClientEndpoint.connect} fires with a L{Failure} wrapping the reason for the lost connection. """ endpoint = SSHCommandClientEndpoint.newConnection( self.reactor, b"/bin/ls -l", b"dummy user", self.hostname, self.port, knownHosts=self.knownHosts, ui=FixedResponseUI(False)) factory = Factory() factory.protocol = Protocol d = endpoint.connect(factory) transport = StringTransport() factory = self.reactor.tcpClients[0][2] client = factory.buildProtocol(None) client.makeConnection(transport) client.connectionLost(Failure(ConnectionDone())) self.failureResultOf(d).trap(ConnectionDone) def test_connectionCancelledBeforeSecure(self): """ If the connection is cancelled before the SSH transport layer has finished key exchange (ie, gotten to the point where we may attempt to authenticate), the L{Deferred} returned by L{SSHCommandClientEndpoint.connect} fires with a L{Failure} wrapping L{CancelledError} and the connection is aborted. """ endpoint = SSHCommandClientEndpoint.newConnection( self.reactor, b"/bin/ls -l", b"dummy user", self.hostname, self.port, knownHosts=self.knownHosts, ui=FixedResponseUI(False)) factory = Factory() factory.protocol = Protocol d = endpoint.connect(factory) transport = AbortableFakeTransport(None, isServer=False) factory = self.reactor.tcpClients[0][2] client = factory.buildProtocol(None) client.makeConnection(transport) d.cancel() self.failureResultOf(d).trap(CancelledError) self.assertTrue(transport.aborted) # Make sure the connection closing doesn't result in unexpected # behavior when due to cancellation: client.connectionLost(Failure(ConnectionDone())) def test_connectionCancelledBeforeConnected(self): """ If the connection is cancelled before it finishes connecting, the connection attempt is stopped. """ endpoint = SSHCommandClientEndpoint.newConnection( self.reactor, b"/bin/ls -l", b"dummy user", self.hostname, self.port, knownHosts=self.knownHosts, ui=FixedResponseUI(False)) factory = Factory() factory.protocol = Protocol d = endpoint.connect(factory) d.cancel() self.failureResultOf(d).trap(ConnectingCancelledError) self.assertTrue(self.reactor.connectors[0].stoppedConnecting) def test_passwordAuthenticationFailure(self): """ If the SSH server rejects the password presented during authentication, the L{Deferred} returned by L{SSHCommandClientEndpoint.connect} fires with a L{Failure} wrapping L{AuthenticationFailed}. """ endpoint = SSHCommandClientEndpoint.newConnection( self.reactor, b"/bin/ls -l", b"dummy user", self.hostname, self.port, password=b"dummy password", knownHosts=self.knownHosts, ui=FixedResponseUI(False)) factory = Factory() factory.protocol = Protocol connected = endpoint.connect(factory) server, client, pump = self.connectedServerAndClient( self.factory, self.reactor.tcpClients[0][2]) # For security, the server delays password authentication failure # response. Advance the simulation clock so the client sees the # failure. self.reactor.advance(server.service.passwordDelay) # Let the failure response traverse the "network" pump.flush() f = self.failureResultOf(connected) f.trap(AuthenticationFailed) # XXX Should assert something specific about the arguments of the # exception self.assertClientTransportState(client, False) def setupKeyChecker(self, portal, users): """ Create an L{ISSHPrivateKey} checker which recognizes C{users} and add it to C{portal}. @param portal: A L{Portal} to which to add the checker. @type portal: L{Portal} @param users: The users and their keys the checker will recognize. Keys are byte strings giving user names. Values are byte strings giving OpenSSH-formatted private keys. @type users: C{dict} """ credentials = {} for username, keyString in users.iteritems(): goodKey = Key.fromString(keyString) authorizedKeys = FilePath(self.mktemp()) authorizedKeys.setContent(goodKey.public().toString("OPENSSH")) credentials[username] = [authorizedKeys] checker = MemorySSHPublicKeyDatabase(credentials) portal.registerChecker(checker) def test_publicKeyAuthenticationFailure(self): """ If the SSH server rejects the key pair presented during authentication, the L{Deferred} returned by L{SSHCommandClientEndpoint.connect} fires with a L{Failure} wrapping L{AuthenticationFailed}. """ badKey = Key.fromString(privateRSA_openssh) self.setupKeyChecker(self.portal, {self.user: privateDSA_openssh}) endpoint = SSHCommandClientEndpoint.newConnection( self.reactor, b"/bin/ls -l", self.user, self.hostname, self.port, keys=[badKey], knownHosts=self.knownHosts, ui=FixedResponseUI(False)) factory = Factory() factory.protocol = Protocol connected = endpoint.connect(factory) server, client, pump = self.connectedServerAndClient( self.factory, self.reactor.tcpClients[0][2]) f = self.failureResultOf(connected) f.trap(AuthenticationFailed) # XXX Should assert something specific about the arguments of the # exception # Nothing useful can be done with the connection at this point, so the # endpoint should close it. self.assertTrue(client.transport.disconnecting) def test_authenticationFallback(self): """ If the SSH server does not accept any of the specified SSH keys, the specified password is tried. """ badKey = Key.fromString(privateRSA_openssh) self.setupKeyChecker(self.portal, {self.user: privateDSA_openssh}) endpoint = SSHCommandClientEndpoint.newConnection( self.reactor, b"/bin/ls -l", self.user, self.hostname, self.port, keys=[badKey], password=self.password, knownHosts=self.knownHosts, ui=FixedResponseUI(False)) factory = Factory() factory.protocol = Protocol connected = endpoint.connect(factory) # Exercising fallback requires a failed authentication attempt. Allow # one. self.factory.attemptsBeforeDisconnect += 1 server, client, pump = self.connectedServerAndClient( self.factory, self.reactor.tcpClients[0][2]) pump.pump() # The server logs the channel open failure - this is expected. errors = self.flushLoggedErrors(ConchError) self.assertIn('unknown channel', (errors[0].value.data, errors[0].value.value)) self.assertEqual(1, len(errors)) # Now deal with the results on the endpoint side. f = self.failureResultOf(connected) f.trap(ConchError) self.assertEqual('unknown channel', f.value.value) # Nothing useful can be done with the connection at this point, so the # endpoint should close it. self.assertTrue(client.transport.disconnecting) def test_publicKeyAuthentication(self): """ If L{SSHCommandClientEndpoint} is initialized with any private keys, it will try to use them to authenticate with the SSH server. """ key = Key.fromString(privateDSA_openssh) self.setupKeyChecker(self.portal, {self.user: privateDSA_openssh}) self.realm.channelLookup[b'session'] = WorkingExecSession endpoint = SSHCommandClientEndpoint.newConnection( self.reactor, b"/bin/ls -l", self.user, self.hostname, self.port, keys=[key], knownHosts=self.knownHosts, ui=FixedResponseUI(False)) factory = Factory() factory.protocol = Protocol connected = endpoint.connect(factory) server, client, pump = self.connectedServerAndClient( self.factory, self.reactor.tcpClients[0][2]) protocol = self.successResultOf(connected) self.assertNotIdentical(None, protocol.transport) def test_agentAuthentication(self): """ If L{SSHCommandClientEndpoint} is initialized with an L{SSHAgentClient}, the agent is used to authenticate with the SSH server. """ key = Key.fromString(privateRSA_openssh) agentServer = SSHAgentServer() agentServer.factory = Factory() agentServer.factory.keys = {key.blob(): (key, "")} self.setupKeyChecker(self.portal, {self.user: privateRSA_openssh}) agentEndpoint = SingleUseMemoryEndpoint(agentServer) endpoint = SSHCommandClientEndpoint.newConnection( self.reactor, b"/bin/ls -l", self.user, self.hostname, self.port, knownHosts=self.knownHosts, ui=FixedResponseUI(False), agentEndpoint=agentEndpoint) self.realm.channelLookup[b'session'] = WorkingExecSession factory = Factory() factory.protocol = Protocol connected = endpoint.connect(factory) server, client, pump = self.connectedServerAndClient( self.factory, self.reactor.tcpClients[0][2]) # Let the agent client talk with the agent server and the ssh client # talk with the ssh server. for i in range(14): agentEndpoint.pump.pump() pump.pump() protocol = self.successResultOf(connected) self.assertNotIdentical(None, protocol.transport) def test_loseConnection(self): """ The transport connected to the protocol has a C{loseConnection} method which causes the channel in which the command is running to close and the overall connection to be closed. """ self.realm.channelLookup[b'session'] = WorkingExecSession endpoint = self.create() factory = Factory() factory.protocol = Protocol connected = endpoint.connect(factory) server, client, pump = self.finishConnection() protocol = self.successResultOf(connected) closed = self.record(server, protocol, 'closed', noArgs=True) protocol.transport.loseConnection() pump.pump() self.assertEqual([None], closed) # Let the last bit of network traffic flow. This lets the server's # close acknowledgement through, at which point the client can close # the overall SSH connection. pump.pump() # Nothing useful can be done with the connection at this point, so the # endpoint should close it. self.assertTrue(client.transport.disconnecting)