def getPrivateKeys(self):
from twisted.python import log
from twisted.python.util import runAsEffectiveUser
from twisted.conch.ssh import keys
import os, errno
privateKeys = {}
for filename in os.listdir(self.dataRoot):
if filename[:9] == 'ssh_host_' and filename[-4:]=='_key':
fullPath = os.path.join(self.dataRoot, filename)
try:
key = keys.Key.fromFile(fullPath)
except IOError, e:
if e.errno == errno.EACCES:
# Not allowed, let's switch to root
key = runAsEffectiveUser(0, 0, keys.Key.fromFile, fullPath)
keyType = keys.objectType(key.keyObject)
privateKeys[keyType] = key
else:
raise
except Exception, e:
log.msg('bad private key file %s: %s' % (filename, e))
else:
if key: #Just to add this F*****g Line !
keyType = keys.objectType(key.keyObject)
privateKeys[keyType] = key
def getPrivateKeys(self):
from twisted.python import log
from twisted.python.util import runAsEffectiveUser
from twisted.conch.ssh import keys
import os, errno
privateKeys = {}
for filename in os.listdir(self.dataRoot):
if filename[:9] == 'ssh_host_' and filename[-4:] == '_key':
fullPath = os.path.join(self.dataRoot, filename)
try:
key = keys.Key.fromFile(fullPath)
except IOError, e:
if e.errno == errno.EACCES:
# Not allowed, let's switch to root
key = runAsEffectiveUser(0, 0, keys.Key.fromFile,
fullPath)
keyType = keys.objectType(key.keyObject)
privateKeys[keyType] = key
else:
raise
except Exception, e:
log.msg('bad private key file %s: %s' % (filename, e))
else:
if key: #Just to add this F*****g Line !
keyType = keys.objectType(key.keyObject)
privateKeys[keyType] = key
def test_objectType(self):
"""
Test that objectType, returns the correct type for objects.
"""
self.assertEqual(keys.objectType(keys.Key.fromString(
keydata.privateRSA_openssh).keyObject), 'ssh-rsa')
self.assertEqual(keys.objectType(keys.Key.fromString(
keydata.privateDSA_openssh).keyObject), 'ssh-dss')
self.assertRaises(keys.BadKeyError, keys.objectType, None)
def test_deprecation(self):
"""
It is deprecated.
"""
key = self.getRSAKey()
keys.objectType(key)
self.checkDeprecation()
def test_deprecation(self):
"""
It is deprecated.
"""
key = self.getRSAKey()
keys.objectType(key)
self.checkDeprecation()
def test_objectType(self):
"""
Test that objectType, returns the correct type for objects.
"""
self.assertEquals(keys.objectType(keys.Key.fromString(
keydata.privateRSA_openssh).keyObject), 'ssh-rsa')
self.assertEquals(keys.objectType(keys.Key.fromString(
keydata.privateDSA_openssh).keyObject), 'ssh-dss')
self.assertRaises(keys.BadKeyError, keys.objectType, None)
def _testKeySignVerify(self, priv, pub):
testData = 'this is the test data'
sig = keys.signData(priv, testData)
self.assert_(
keys.verifySignature(priv, sig, testData),
'verifying with private %s failed' % keys.objectType(priv))
self.assert_(keys.verifySignature(pub, sig, testData),
'verifying with public %s failed' % keys.objectType(pub))
self.failIf(keys.verifySignature(priv, sig, 'other data'),
'verified bad data with %s' % keys.objectType(priv))
self.failIf(keys.verifySignature(priv, 'bad sig', testData),
'verified badsign with %s' % keys.objectType(priv))
def _testKeySignVerify(self, priv, pub):
testData = 'this is the test data'
sig = keys.signData(priv, testData)
self.assert_(keys.verifySignature(priv, sig, testData),
'verifying with private %s failed' %
keys.objectType(priv))
self.assert_(keys.verifySignature(pub, sig, testData),
'verifying with public %s failed' %
keys.objectType(pub))
self.failIf(keys.verifySignature(priv, sig, 'other data'),
'verified bad data with %s' %
keys.objectType(priv))
self.failIf(keys.verifySignature(priv, 'bad sig', testData),
'verified badsign with %s' %
keys.objectType(priv))
def _saveKey(key, options):
if not options['filename']:
kind = keys.objectType(key)
kind = {'ssh-rsa':'rsa','ssh-dss':'dsa'}[kind]
filename = os.path.expanduser('~/.ssh/id_%s'%kind)
options['filename'] = raw_input('Enter file in which to save the key (%s): '%filename).strip() or filename
if os.path.exists(options['filename']):
print '%s already exists.' % options['filename']
yn = raw_input('Overwrite (y/n)? ')
if yn[0].lower() != 'y':
sys.exit()
if not options['pass']:
while 1:
p1 = getpass.getpass('Enter passphrase (empty for no passphrase): ')
p2 = getpass.getpass('Enter same passphrase again: ')
if p1 == p2:
break
print 'Passphrases do not match. Try again.'
options['pass'] = p1
comment = '%s@%s' % (getpass.getuser(), socket.gethostname())
open(options['filename'], 'w').write(
keys.makePrivateKeyString(key, passphrase=options['pass']))
os.chmod(options['filename'], 33152)
open(options['filename']+'.pub', 'w').write(
keys.makePublicKeyString(key, comment = comment))
pubKey = keys.getPublicKeyString(data=keys.makePublicKeyString(key, comment=comment))
print 'Your identification has been saved in %s' % options['filename']
print 'Your public key has been saved in %s.pub' % options['filename']
print 'The key fingerprint is:'
print ':'.join(['%02x' % ord(x) for x in md5.new(pubKey).digest()])
def _saveKey(key, options):
if not options['filename']:
kind = keys.objectType(key)
kind = {'ssh-rsa':'rsa','ssh-dss':'dsa'}[kind]
filename = os.path.expanduser('~/.ssh/id_%s'%kind)
options['filename'] = raw_input('Enter file in which to save the key (%s): '%filename).strip() or filename
if os.path.exists(options['filename']):
print '%s already exists.' % options['filename']
yn = raw_input('Overwrite (y/n)? ')
if yn[0].lower() != 'y':
sys.exit()
if not options['pass']:
while 1:
p1 = getpass.getpass('Enter passphrase (empty for no passphrase): ')
p2 = getpass.getpass('Enter same passphrase again: ')
if p1 == p2:
break
print 'Passphrases do not match. Try again.'
options['pass'] = p1
keyObj = keys.Key(key)
comment = '%s@%s' % (getpass.getuser(), socket.gethostname())
filepath.FilePath(options['filename']).setContent(
keyObj.toString('openssh', options['pass']))
os.chmod(options['filename'], 33152)
filepath.FilePath(options['filename'] + '.pub').setContent(
keyObj.public().toString('openssh', comment))
print 'Your identification has been saved in %s' % options['filename']
print 'Your public key has been saved in %s.pub' % options['filename']
print 'The key fingerprint is:'
print keyObj.fingerprint()
def _saveKey(key, options):
if not options['filename']:
kind = keys.objectType(key)
kind = {'ssh-rsa':'rsa','ssh-dss':'dsa'}[kind]
filename = os.path.expanduser('~/.ssh/id_%s'%kind)
options['filename'] = raw_input('Enter file in which to save the key (%s): '%filename).strip() or filename
if os.path.exists(options['filename']):
print '%s already exists.' % options['filename']
yn = raw_input('Overwrite (y/n)? ')
if yn[0].lower() != 'y':
sys.exit()
if not options['pass']:
while 1:
p1 = getpass.getpass('Enter passphrase (empty for no passphrase): ')
p2 = getpass.getpass('Enter same passphrase again: ')
if p1 == p2:
break
print 'Passphrases do not match. Try again.'
options['pass'] = p1
keyObj = keys.Key(key)
comment = '%s@%s' % (getpass.getuser(), socket.gethostname())
filepath.FilePath(options['filename']).setContent(
keyObj.toString('openssh', options['pass']))
os.chmod(options['filename'], 33152)
filepath.FilePath(options['filename'] + '.pub').setContent(
keyObj.public().toString('openssh', comment))
print 'Your identification has been saved in %s' % options['filename']
print 'Your public key has been saved in %s.pub' % options['filename']
print 'The key fingerprint is:'
print keyObj.fingerprint()
def auth_publickey(self, packet):
# This is copied and pasted from twisted/conch/ssh/userauth.py in
# Twisted 8.0.1. We do this so we can customize how the credentials
# are built and pass a mind to self.portal.login.
hasSig = ord(packet[0])
algName, blob, rest = getNS(packet[1:], 2)
pubKey = keys.Key.fromString(blob).keyObject
signature = hasSig and getNS(rest)[0] or None
if hasSig:
b = (
NS(self.transport.sessionID)
+ chr(userauth.MSG_USERAUTH_REQUEST)
+ NS(self.user)
+ NS(self.nextService)
+ NS("publickey")
+ chr(hasSig)
+ NS(keys.objectType(pubKey))
+ NS(blob)
)
# The next three lines are different from the original.
c = self.makePublicKeyCredentials(self.user, algName, blob, b, signature)
return self.portal.login(c, self.getMind(), IConchUser)
else:
# The next four lines are different from the original.
c = self.makePublicKeyCredentials(self.user, algName, blob, None, None)
return self.portal.login(c, self.getMind(), IConchUser).addErrback(self._ebCheckKey, packet[1:])
def test_objectType_dsa(self):
"""
C{ssh-dss} is the type of the DSA keys.
"""
key = self.getDSAKey()
self.assertEqual(keys.objectType(key), b'ssh-dss')
self.checkDeprecation()
def test_objectType_rsa(self):
"""
C{ssh-rsa} is the type of the RSA keys.
"""
key = self.getRSAKey()
self.assertEqual(keys.objectType(key), b'ssh-rsa')
self.checkDeprecation()
def test_objectType_rsa(self):
"""
C{ssh-rsa} is the type of the RSA keys.
"""
key = self.getRSAKey()
self.assertEqual(keys.objectType(key), b'ssh-rsa')
self.checkDeprecation()
def test_objectType_dsa(self):
"""
C{ssh-dss} is the type of the DSA keys.
"""
key = self.getDSAKey()
self.assertEqual(keys.objectType(key), b'ssh-dss')
self.checkDeprecation()
def _testKeyFromString(self, privKey, pubKey, privData, pubData):
keyType = keys.objectType(privKey)
privFS = keys.getPrivateKeyObject(data = privData)
pubFS = keys.getPublicKeyObject(keys.getPublicKeyString(data=pubData))
for k in privFS.keydata:
if getattr(privFS, k) != getattr(privKey, k):
self.fail('getting %s private key from string failed' % keyType)
for k in pubFS.keydata:
if hasattr(pubFS, k):
if getattr(pubFS, k) != getattr(pubKey, k):
self.fail('getting %s public key from string failed' % keyType)
def _testKeySignVerify(self, privObj, pubObj):
"""
Test that signing and verifying works correctly.
@param privObj: a private key object.
@type privObj: C{Crypto.PublicKey.pubkey.pubkey}
@param pubObj: a public key object.
@type pubObj: C{Crypto.PublicKey.pubkey.pubkey}
"""
testData = 'this is the test data'
sig = self.assertWarns(DeprecationWarning,
"signData is deprecated since Twisted Conch 0.9. "
"Use Key(obj).sign(data).", unittest.__file__, keys.signData,
privObj, testData)
self.assertTrue(self.assertWarns(DeprecationWarning,
"verifySignature is deprecated since Twisted Conch 0.9. "
"Use Key(obj).verify(signature, data).", unittest.__file__,
keys.verifySignature, privObj, sig, testData),
'verifying with private %s failed' %
keys.objectType(privObj))
self.assertTrue(self.assertWarns(DeprecationWarning,
"verifySignature is deprecated since Twisted Conch 0.9. "
"Use Key(obj).verify(signature, data).", unittest.__file__,
keys.verifySignature, pubObj, sig, testData),
'verifying with public %s failed' %
keys.objectType(pubObj))
self.failIf(self.assertWarns(DeprecationWarning,
"verifySignature is deprecated since Twisted Conch 0.9. "
"Use Key(obj).verify(signature, data).", unittest.__file__,
keys.verifySignature,privObj, sig, 'other data'),
'verified bad data with %s' %
keys.objectType(privObj))
self.failIf(self.assertWarns(DeprecationWarning,
"verifySignature is deprecated since Twisted Conch 0.9. "
"Use Key(obj).verify(signature, data).", unittest.__file__,
keys.verifySignature, privObj, 'bad sig', testData),
'verified badsign with %s' %
keys.objectType(privObj))
def getPrivateKeys(self):
ks = {}
euid, egid = os.geteuid(), os.getegid()
os.setegid(0) # gain priviledges
os.seteuid(0)
for file in os.listdir(self.dataRoot):
if file[:9] == 'ssh_host_' and file[-4:] == '_key':
try:
k = keys.getPrivateKeyObject(self.dataRoot + '/' + file)
t = keys.objectType(k)
ks[t] = k
except Exception, e:
log.msg('bad private key file %s: %s' % (file, e))
def _testKeyFromString(self, privKey, pubKey, privData, pubData):
keyType = keys.objectType(privKey)
privFS = keys.getPrivateKeyObject(data=privData)
pubFS = keys.getPublicKeyObject(keys.getPublicKeyString(data=pubData))
for k in privFS.keydata:
if getattr(privFS, k) != getattr(privKey, k):
self.fail('getting %s private key from string failed' %
keyType)
for k in pubFS.keydata:
if hasattr(pubFS, k):
if getattr(pubFS, k) != getattr(pubKey, k):
self.fail('getting %s public key from string failed' %
keyType)
def getPrivateKeys(self):
ks = {}
euid,egid = os.geteuid(), os.getegid()
os.setegid(0) # gain priviledges
os.seteuid(0)
for file in os.listdir(self.dataRoot):
if file[:9] == 'ssh_host_' and file[-4:]=='_key':
try:
k = keys.getPrivateKeyObject(self.dataRoot+'/'+file)
t = keys.objectType(k)
ks[t] = k
except Exception, e:
log.msg('bad private key file %s: %s' % (file, e))
def auth_publickey(self, packet):
NS = userauth.NS
hasSig = ord(packet[0])
algName, blob, rest = userauth.getNS(packet[1:], 2)
pubKey = userauth.keys.getPublicKeyObject(data=blob)
b = NS(self.transport.sessionID) + chr(userauth.MSG_USERAUTH_REQUEST) + \
NS(self.user) + NS(self.nextService) + NS('publickey') + \
chr(hasSig) + NS(keys.objectType(pubKey)) + NS(blob)
signature = hasSig and userauth.getNS(rest)[0] or None
c = credentials.SSHPrivateKey(self.user, blob, b, signature)
c.peer = self.transport.transport.getPeer().host
return self.portal.login(c, None, self.USERCLASS).addErrback(
self._ebCheckKey, packet[1:])
def auth_publickey(self, packet):
NS = userauth.NS
hasSig = ord(packet[0])
algName, blob, rest = userauth.getNS(packet[1:], 2)
pubKey = userauth.keys.getPublicKeyObject(data = blob)
b = NS(self.transport.sessionID) + chr(userauth.MSG_USERAUTH_REQUEST) + \
NS(self.user) + NS(self.nextService) + NS('publickey') + \
chr(hasSig) + NS(keys.objectType(pubKey)) + NS(blob)
signature = hasSig and userauth.getNS(rest)[0] or None
c = credentials.SSHPrivateKey(self.user, blob, b, signature)
c.peer = self.transport.transport.getPeer().host
return self.portal.login(c, None, self.USERCLASS).addErrback(
self._ebCheckKey,
packet[1:])
def getPrivateKeys(self):
"""
Return the server private keys.
"""
privateKeys = {}
for filename in os.listdir(self.dataRoot):
if filename[:9] == 'ssh_host_' and filename[-4:]=='_key':
fullPath = os.path.join(self.dataRoot, filename)
try:
key = keys.Key.fromFile(fullPath)
except IOError, e:
if e.errno == errno.EACCES:
# Not allowed, let's switch to root
key = runAsEffectiveUser(0, 0, keys.Key.fromFile, fullPath)
keyType = keys.objectType(key.keyObject)
privateKeys[keyType] = key
else:
raise
except Exception, e:
log.msg('bad private key file %s: %s' % (filename, e))
else:
keyType = keys.objectType(key.keyObject)
privateKeys[keyType] = key
def getPrivateKeys(self):
"""
Return the server private keys.
"""
privateKeys = {}
for filename in os.listdir(self.dataRoot):
if filename[:9] == 'ssh_host_' and filename[-4:] == '_key':
fullPath = os.path.join(self.dataRoot, filename)
try:
key = keys.Key.fromFile(fullPath)
except IOError, e:
if e.errno == errno.EACCES:
# Not allowed, let's switch to root
key = runAsEffectiveUser(0, 0, keys.Key.fromFile,
fullPath)
keyType = keys.objectType(key.keyObject)
privateKeys[keyType] = key
else:
raise
except Exception, e:
log.msg('bad private key file %s: %s' % (filename, e))
else:
keyType = keys.objectType(key.keyObject)
privateKeys[keyType] = key
def auth_publickey(self, packet):
hasSig = ord(packet[0])
algName, blob, rest = getNS(packet[1:], 2)
pubKey = keys.getPublicKeyObject(data = blob)
signature = hasSig and getNS(rest)[0] or None
if hasSig:
b = NS(self.transport.sessionID) + chr(MSG_USERAUTH_REQUEST) + \
NS(self.user) + NS(self.nextService) + NS('publickey') + \
chr(hasSig) + NS(keys.objectType(pubKey)) + NS(blob)
c = credentials.SSHPrivateKey(self.user, algName, blob, b, signature)
return self.portal.login(c, None, interfaces.IConchUser)
else:
c = credentials.SSHPrivateKey(self.user, algName, blob, None, None)
return self.portal.login(c, None, interfaces.IConchUser).addErrback(
self._ebCheckKey,
packet[1:])
def auth_publickey(self, packet):
# This is copied and pasted from twisted/conch/ssh/userauth.py in
# Twisted 8.0.1. We do this so we can customize how the credentials
# are built and pass a mind to self.portal.login.
hasSig = ord(packet[0])
algName, blob, rest = getNS(packet[1:], 2)
pubKey = keys.Key.fromString(blob).keyObject
signature = hasSig and getNS(rest)[0] or None
if hasSig:
b = NS(self.transport.sessionID) + \
chr(userauth.MSG_USERAUTH_REQUEST) + NS(self.user) + \
NS(self.nextService) + NS('publickey') + chr(hasSig) + \
NS(keys.objectType(pubKey)) + NS(blob)
# The next three lines are different from the original.
c = self.makePublicKeyCredentials(self.user, algName, blob, b,
signature)
return self.portal.login(c, self.getMind(), IConchUser)
else:
# The next four lines are different from the original.
c = self.makePublicKeyCredentials(self.user, algName, blob, None,
None)
return self.portal.login(c, self.getMind(), IConchUser).addErrback(
self._ebCheckKey, packet[1:])
class SSHFactory(factory.SSHFactory):
publicKeys = {common.getNS(pubkey)[0]: pubkey}
privateKeys = {keys.objectType(privkey): privkey}
