堆栈内存溢出
  繁体   English   中英

Python SSH服务器(twisted.conch)命令过滤和端口转发

[英]Python SSH server (twisted.conch) command filtering and port forwarding

 原文  2016-01-23 22:21:13       python/ ssh/ twisted/ twisted.internet/ twisted.conch

问题描述

我需要创建一个SSH服务器(已为该任务选择了twisted.conch),它将执行以下操作:

  1. 执行端口转发(附加的代码不执行该操作,并且我不知道要修改什么)
  2. 过滤命令在执行之前(或至少在执行之前或之后记录)。

下面附带的代码创建了一个完美的SSH和SFTP服务器,但缺少一个主要组件-端口转发(和命令过滤,但是不如端口转发重要)

我搜索了可能的地方,但找不到这两个地方。.请帮助我,-这是难题的最后和平。 

#!/usr/bin/env python
from twisted.conch.unix import UnixSSHRealm
from twisted.cred.portal import Portal
from twisted.cred.credentials import IUsernamePassword
from twisted.cred.checkers import ICredentialsChecker
from twisted.cred.error import UnauthorizedLogin
from twisted.conch.ssh.factory import SSHFactory
from twisted.internet import reactor, defer
from twisted.conch.ssh.transport import SSHServerTransport
from twisted.conch.ssh.userauth import SSHUserAuthServer
from twisted.conch.ssh.connection import SSHConnection
from twisted.conch.ssh.keys import Key
from zope.interface import implements
from subprocess import Popen,PIPE
from crypt import crypt

publicKey = 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAGEArzJx8OYOnJmzf4tfBEvLi8DVPrJ3/c9k2I/Az64fxjHf9imyRJbixtQhlH9lfNjUIx+4LmrJH5QNRsFporcHDKOTwTTYLh5KmRpslkYHRivcJSkbh/C+BR3utDS555mV'
privateKey = """-----BEGIN RSA PRIVATE KEY-----
MIIByAIBAAJhAK8ycfDmDpyZs3+LXwRLy4vA1T6yd/3PZNiPwM+uH8Yx3/YpskSW
4sbUIZR/ZXzY1CMfuC5qyR+UDUbBaaK3Bwyjk8E02C4eSpkabJZGB0Yr3CUpG4fw
vgUd7rQ0ueeZlQIBIwJgbh+1VZfr7WftK5lu7MHtqE1S1vPWZQYE3+VUn8yJADyb
Z4fsZaCrzW9lkIqXkE3GIY+ojdhZhkO1gbG0118sIgphwSWKRxK0mvh6ERxKqIt1
xJEJO74EykXZV4oNJ8sjAjEA3J9r2ZghVhGN6V8DnQrTk24Td0E8hU8AcP0FVP+8
PQm/g/aXf2QQkQT+omdHVEJrAjEAy0pL0EBH6EVS98evDCBtQw22OZT52qXlAwZ2
gyTriKFVoqjeEjt3SZKKqXHSApP/AjBLpF99zcJJZRq2abgYlf9lv1chkrWqDHUu
DZttmYJeEfiFBBavVYIF1dOlZT0G8jMCMBc7sOSZodFnAiryP+Qg9otSBjJ3bQML
pSTqy7c3a2AScC/YyOwkDaICHnnD3XyjMwIxALRzl0tQEKMXs6hH8ToUdlLROCrP
EhQ0wahUTCk1gKA4uPD6TMTChavbh4K63OvbKg==
-----END RSA PRIVATE KEY-----"""

# check if username/password is valid
def checkPassword(username,password):
    try:
        ret=False
        if username and password:
            output=Popen(["grep",username,"/etc/shadow"],stdout=PIPE,stderr=PIPE).communicate()[0]
            hash=""
            if output:
                tmp=output.split(":")
                if tmp>=2:
                    hash=tmp[1]
                del tmp
            ret=crypt(password,hash)==hash
            del output,hash
    except Exception,e:
        ret=False
    return ret

# authorization methods
class XSSHAuth(object):
    credentialInterfaces=IUsernamePassword,implements(ICredentialsChecker)
    def requestAvatarId(self, credentials):
        #print "Credentials:",credentials.username,credentials.password
        if credentials.username=="root" and credentials.password and checkPassword(credentials.username,credentials.password):
            # successful authorization
            return defer.succeed(credentials.username)
        # failed authorization
        return defer.fail(UnauthorizedLogin("invalid password"))
class XSSHUserAuthServer(SSHUserAuthServer):
    def _ebPassword(self, reason):
        addr = self.transport.getPeer().address
        if addr.host!="3.22.116.85" and addr.host!="127.0.0.1":
            p1 = Popen(["iptables","-I","INPUT","-s",addr.host,"-j","DROP"], stdout=PIPE, stderr=PIPE)
            p1.communicate()
        print(addr.host, addr.port, self.user, self.method)
        self.transport.loseConnection()
        return defer.fail(UnauthorizedLogin("invalid password"))

# the transport class - we use it to log MOST OF THE ACTIONS executed thru the server
class XSSHTransport(SSHServerTransport):
    ourVersionString="SSH-2.0-X"
    logCommand=""
    def connectionMade(self):
        print "Connection made",self.getPeer()
        SSHServerTransport.connectionMade(self)
        #self.transport.loseConnection()
    def connectionLost(self,reason):
        print "Connection closed",self.getPeer()
        SSHServerTransport.connectionLost(self,reason)
    def dataReceived(self, data):
        SSHServerTransport.dataReceived(self,data)
    def dispatchMessage(self, messageNum, payload):
        SSHServerTransport.dispatchMessage(self,messageNum,payload)

# start the server
class XSSHFactory(SSHFactory):
    protocol=XSSHTransport
factory = XSSHFactory()
factory.publicKeys = {'ssh-rsa': Key.fromString(data=publicKey)}
factory.privateKeys = {'ssh-rsa': Key.fromString(data=privateKey)}
factory.services = {
    'ssh-userauth': XSSHUserAuthServer,
    'ssh-connection': SSHConnection
}
portal=Portal(UnixSSHRealm())
portal.registerChecker(XSSHAuth())
factory.portal=portal
reactor.listenTCP(22, factory)
reactor.run()

2 个解决方案

解决方案1
 0  2016-01-27 09:55:30

由于您使用的是UnixConchUser ,它实现了global_tcpip_forward ,因此它确实可以工作。 当我运行您的示例并使用ssh -L4321:remote.host:1234 root@localhost -p 2222然后使用telnet localhost 4321连接到该示例时,我通过隧道连接到remote.host 1234 您将不得不更详细地陈述您的问题。

解决方案2
 0  2016-04-20 09:47:52

命令日志可以在dataReceived(self, data) 

def dataReceived(self, data):  
        SSHServerTransport.dataReceived(self,data)   
        self.buf += data  
        if data == '\r':  
           cmd = self.buf  
           self.buf = ''

但是它不能很好地处理删除键,选项卡,向上箭头,向下箭头和其他特殊字符。 我想知道您最后如何获得命令。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Python SSH服务器(twisted.conch)更改密码提示 Python SSH服务器(twisted.conch)获取用户的命令 使用twisted.conch访问SSH服务器所需的最小信息量是多少? 使用twisted.conch作为客户端使用ssh接收扩展数据 使用twisted.conch跟踪ssh登录尝试的IP 扭曲的海螺-服务器/客户端 Python执行ssh命令(仅用于远程端口转发的SSH服务器)并捕获输出 Python扭曲:扭曲的海螺文件传输verifyHostKey 通过SSH与Twisted Conch连接时出错 如何从 Python Twisted 中进行 SSH 端口转发?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM