# -*- test-case-name: twisted.conch.test.test_knownhosts,twisted.conch.test.test_default -*- # Copyright (c) Twisted Matrix Laboratories. # See LICENSE for details. """ Various classes and functions for implementing user-interaction in the command-line conch client. You probably shouldn't use anything in this module directly, since it assumes you are sitting at an interactive terminal. For example, to programmatically interact with a known_hosts database, use L{twisted.conch.client.knownhosts}. """ import contextlib import getpass import io import os import sys from base64 import decodebytes from twisted.conch.client import agent from twisted.conch.client.knownhosts import ConsoleUI, KnownHostsFile from twisted.conch.error import ConchError from twisted.conch.ssh import common, keys, userauth from twisted.internet import defer, protocol, reactor from twisted.python.compat import nativeString from twisted.python.filepath import FilePath # The default location of the known hosts file (probably should be parsed out # of an ssh config file someday). _KNOWN_HOSTS = "~/.ssh/known_hosts" # This name is bound so that the unit tests can use 'patch' to override it. _open = open _input = input def verifyHostKey(transport, host, pubKey, fingerprint): """ Verify a host's key. This function is a gross vestige of some bad factoring in the client internals. The actual implementation, and a better signature of this logic is in L{KnownHostsFile.verifyHostKey}. This function is not deprecated yet because the callers have not yet been rehabilitated, but they should eventually be changed to call that method instead. However, this function does perform two functions not implemented by L{KnownHostsFile.verifyHostKey}. It determines the path to the user's known_hosts file based on the options (which should really be the options object's job), and it provides an opener to L{ConsoleUI} which opens '/dev/tty' so that the user will be prompted on the tty of the process even if the input and output of the process has been redirected. This latter part is, somewhat obviously, not portable, but I don't know of a portable equivalent that could be used. @param host: Due to a bug in L{SSHClientTransport.verifyHostKey}, this is always the dotted-quad IP address of the host being connected to. @type host: L{str} @param transport: the client transport which is attempting to connect to the given host. @type transport: L{SSHClientTransport} @param fingerprint: the fingerprint of the given public key, in xx:xx:xx:... format. This is ignored in favor of getting the fingerprint from the key itself. @type fingerprint: L{str} @param pubKey: The public key of the server being connected to. @type pubKey: L{str} @return: a L{Deferred} which fires with C{1} if the key was successfully verified, or fails if the key could not be successfully verified. Failure types may include L{HostKeyChanged}, L{UserRejectedKey}, L{IOError} or L{KeyboardInterrupt}. """ actualHost = transport.factory.options["host"] actualKey = keys.Key.fromString(pubKey) kh = KnownHostsFile.fromPath( FilePath( transport.factory.options["known-hosts"] or os.path.expanduser(_KNOWN_HOSTS) ) ) ui = ConsoleUI(lambda: _open("/dev/tty", "r+b", buffering=0)) return kh.verifyHostKey(ui, actualHost, host, actualKey) def isInKnownHosts(host, pubKey, options): """ Checks to see if host is in the known_hosts file for the user. @return: 0 if it isn't, 1 if it is and is the same, 2 if it's changed. @rtype: L{int} """ keyType = common.getNS(pubKey)[0] retVal = 0 if not options["known-hosts"] and not os.path.exists(os.path.expanduser("~/.ssh/")): print("Creating ~/.ssh directory...") os.mkdir(os.path.expanduser("~/.ssh")) kh_file = options["known-hosts"] or _KNOWN_HOSTS try: known_hosts = open(os.path.expanduser(kh_file), "rb") except OSError: return 0 with known_hosts: for line in known_hosts.readlines(): split = line.split() if len(split) < 3: continue hosts, hostKeyType, encodedKey = split[:3] if host not in hosts.split(b","): # incorrect host continue if hostKeyType != keyType: # incorrect type of key continue try: decodedKey = decodebytes(encodedKey) except BaseException: continue if decodedKey == pubKey: return 1 else: retVal = 2 return retVal def getHostKeyAlgorithms(host, options): """ Look in known_hosts for a key corresponding to C{host}. This can be used to change the order of supported key types in the KEXINIT packet. @type host: L{str} @param host: the host to check in known_hosts @type options: L{twisted.conch.client.options.ConchOptions} @param options: options passed to client @return: L{list} of L{str} representing key types or L{None}. """ knownHosts = KnownHostsFile.fromPath( FilePath(options["known-hosts"] or os.path.expanduser(_KNOWN_HOSTS)) ) keyTypes = [] for entry in knownHosts.iterentries(): if entry.matchesHost(host): if entry.keyType not in keyTypes: keyTypes.append(entry.keyType) return keyTypes or None class SSHUserAuthClient(userauth.SSHUserAuthClient): def __init__(self, user, options, *args): userauth.SSHUserAuthClient.__init__(self, user, *args) self.keyAgent = None self.options = options self.usedFiles = [] if not options.identitys: options.identitys = ["~/.ssh/id_rsa", "~/.ssh/id_dsa"] def serviceStarted(self): if "SSH_AUTH_SOCK" in os.environ and not self.options["noagent"]: self._log.debug( "using SSH agent {authSock!r}", authSock=os.environ["SSH_AUTH_SOCK"] ) cc = protocol.ClientCreator(reactor, agent.SSHAgentClient) d = cc.connectUNIX(os.environ["SSH_AUTH_SOCK"]) d.addCallback(self._setAgent) d.addErrback(self._ebSetAgent) else: userauth.SSHUserAuthClient.serviceStarted(self) def serviceStopped(self): if self.keyAgent: self.keyAgent.transport.loseConnection() self.keyAgent = None def _setAgent(self, a): self.keyAgent = a d = self.keyAgent.getPublicKeys() d.addBoth(self._ebSetAgent) return d def _ebSetAgent(self, f): userauth.SSHUserAuthClient.serviceStarted(self) def _getPassword(self, prompt): """ Prompt for a password using L{getpass.getpass}. @param prompt: Written on tty to ask for the input. @type prompt: L{str} @return: The input. @rtype: L{str} """ with self._replaceStdoutStdin(): try: p = getpass.getpass(prompt) return p except (KeyboardInterrupt, OSError): print() raise ConchError("PEBKAC") def getPassword(self, prompt=None): if prompt: prompt = nativeString(prompt) else: prompt = "{}@{}'s password: ".format( nativeString(self.user), self.transport.transport.getPeer().host, ) try: # We don't know the encoding the other side is using, # signaling that is not part of the SSH protocol. But # using our defaultencoding is better than just going for # ASCII. p = self._getPassword(prompt).encode(sys.getdefaultencoding()) return defer.succeed(p) except ConchError: return defer.fail() def getPublicKey(self): """ Get a public key from the key agent if possible, otherwise look in the next configured identity file for one. """ if self.keyAgent: key = self.keyAgent.getPublicKey() if key is not None: return key files = [x for x in self.options.identitys if x not in self.usedFiles] self._log.debug( "public key identities: {identities}\n{files}", identities=self.options.identitys, files=files, ) if not files: return None file = files[0] self.usedFiles.append(file) file = os.path.expanduser(file) file += ".pub" if not os.path.exists(file): return self.getPublicKey() # try again try: return keys.Key.fromFile(file) except keys.BadKeyError: return self.getPublicKey() # try again def signData(self, publicKey, signData): """ Extend the base signing behavior by using an SSH agent to sign the data, if one is available. @type publicKey: L{Key} @type signData: L{bytes} """ if not self.usedFiles: # agent key return self.keyAgent.signData(publicKey.blob(), signData) else: return userauth.SSHUserAuthClient.signData(self, publicKey, signData) def getPrivateKey(self): """ Try to load the private key from the last used file identified by C{getPublicKey}, potentially asking for the passphrase if the key is encrypted. """ file = os.path.expanduser(self.usedFiles[-1]) if not os.path.exists(file): return None try: return defer.succeed(keys.Key.fromFile(file)) except keys.EncryptedKeyError: for i in range(3): prompt = "Enter passphrase for key '%s': " % self.usedFiles[-1] try: p = self._getPassword(prompt).encode(sys.getfilesystemencoding()) return defer.succeed(keys.Key.fromFile(file, passphrase=p)) except (keys.BadKeyError, ConchError): pass return defer.fail(ConchError("bad password")) raise except KeyboardInterrupt: print() reactor.stop() def getGenericAnswers(self, name, instruction, prompts): responses = [] with self._replaceStdoutStdin(): if name: print(name.decode("utf-8")) if instruction: print(instruction.decode("utf-8")) for prompt, echo in prompts: prompt = prompt.decode("utf-8") if echo: responses.append(_input(prompt)) else: responses.append(getpass.getpass(prompt)) return defer.succeed(responses) @classmethod def _openTty(cls): """ Open /dev/tty as two streams one in read, one in write mode, and return them. @return: File objects for reading and writing to /dev/tty, corresponding to standard input and standard output. @rtype: A L{tuple} of L{io.TextIOWrapper} on Python 3. """ stdin = io.TextIOWrapper(open("/dev/tty", "rb")) stdout = io.TextIOWrapper(open("/dev/tty", "wb")) return stdin, stdout @classmethod @contextlib.contextmanager def _replaceStdoutStdin(cls): """ Contextmanager that replaces stdout and stdin with /dev/tty and resets them when it is done. """ oldout, oldin = sys.stdout, sys.stdin sys.stdin, sys.stdout = cls._openTty() try: yield finally: sys.stdout.close() sys.stdin.close() sys.stdout, sys.stdin = oldout, oldin