扭曲的海螺-服务器/客户端
[英]Twisted Conch - Server/Client
问题描述
I'm looking to create a Twisted Conch Server/Client SSH application similar to the below: 
我正在寻找创建类似于以下内容的Twisted Conch Server / Client SSH应用程序:
Client <---Key1---> Server/Client <---Key2---> Server
I guess it's like an SSH MITM or command proxier. 我想这就像SSH MITM或命令代理。
I have read the answers to similar Twisted related questions, such as: Twisted server-client data sharing and I understand the theory behind passing client/server data. 我已经阅读了类似Twisted相关问题的答案,例如: Twisted服务器-客户端数据共享,并且我了解传递客户端/服务器数据的原理。
The part I am unsure of is the user authentication. 我不确定的部分是用户身份验证。 I want to pass the login details from the first client, through my twisted conch application to the endpoint server. 我想通过扭曲的海螺应用程序将第一个客户端的登录详细信息传递给端点服务器。 Is there a way to do this? 有没有办法做到这一点?
Also, would it be possible to do separate SSH key negotiations but then pass all data, including credentials and any commands typed, between server and client? 另外,是否有可能进行单独的SSH密钥协商,然后在服务器和客户端之间传递所有数据,包括凭据和键入的任何命令?
1 个解决方案
解决方案1
0 已采纳 2013-08-01 02:36:46
Unfortunately, this is a little more complicated than it seems. 不幸的是,这比看起来要复杂一些。 SSH goes through some pains to try and avoid this kind of MITM. SSH经历了一些痛苦,试图避免这种MITM。 If you don't use the same key negotiation, the publickey authentication won't succeed because string you're signing is different on both sides of the connection (see the RFC section 7 for more). 如果您不使用相同的密钥协商,则publickey密钥身份验证将不会成功,因为您要签名的字符串在连接的两端都是不同的(有关更多信息,请参阅RFC 7节)。
Password authentication should still work okay, though. 不过,密码验证仍然可以正常进行。 The easiest way to do that would be to create a twisted.conch.ssh.session.SSHSession subclass which listens for packets on the packetReceived method and forwards them to the corresponding transport.sendPacket . 最简单的方法是创建一个twisted.conch.ssh.session.SSHSession子类,该子类侦听packetReceived方法上的数据包并将其转发到相应的transport.sendPacket 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.