使用 Python Paramiko SSH 服務器實現 SCP 服務器
[英]Implementing SCP server with Python Paramiko SSH server
問題描述
我想用 Paramiko 偽造一個 SCP 服務器。 我寫了以下代碼:
import base64
import time
from binascii import hexlify
import os
import socket
import sys
import threading
import traceback
import interactive
# from warnings import cls
import logging
logging.basicConfig(level='DEBUG')
import paramiko
from paramiko import SFTPClient
from paramiko.py3compat import b, u, decodebytes
dir_local='/tmp'
# setup logging
paramiko.util.log_to_file("demo_server.log")
host_key = paramiko.RSAKey(filename="test_rsa.key")
# host_key = paramiko.DSSKey(filename='test_dss.key')
print("Read key: " + u(hexlify(host_key.get_fingerprint())))
class Server(paramiko.ServerInterface):
# 'data' is the output of base64.b64encode(key)
# (using the "user_rsa_key" files)
data = (
b"AAAAB3NzaC1yc2EAAAABIwAAAIEAyO4it3fHlmGZWJaGrfeHOVY7RWO3P9M7hp"
b"fAu7jJ2d7eothvfeuoRFtJwhUmZDluRdFyhFY/hFAh76PJKGAusIqIQKlkJxMC"
b"KDqIexkgHAfID/6mqvmnSJf0b5W8v5h2pI/stOSwTQ+pxVhwJ9ctYDhRSlF0iT"
b"UWT10hcuO4Ks8="
)
good_pub_key = paramiko.RSAKey(data=decodebytes(data))
def __init__(self):
logging.info('__init__')
self.event = threading.Event()
def check_channel_request(self, kind, chanid):
logging.info('check_channel_request')
if kind == "session":
return paramiko.OPEN_SUCCEEDED
return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED
def check_auth_password(self, username, password):
logging.info('check_auth_password')
# Here you can add couple user/password
if (username == "root") and (password == "password"):
return paramiko.AUTH_SUCCESSFUL
return paramiko.AUTH_FAILED
def check_auth_publickey(self, username, key):
logging.info('check_auth_publickey')
print("Auth attempt with key: " + u(hexlify(key.get_fingerprint())))
if (username == "micki") and (key == self.good_pub_key):
return paramiko.AUTH_SUCCESSFUL
return paramiko.AUTH_FAILED
def check_auth_gssapi_with_mic(
self, username, gss_authenticated=paramiko.AUTH_FAILED, cc_file=None
):
logging.info('check_auth_gssapi_with_mic')
"""
.. note::
We are just checking in `AuthHandler` that the given user is a
valid krb5 principal! We don't check if the krb5 principal is
allowed to log in on the server, because there is no way to do that
in python. So if you develop your own SSH server with paramiko for
a certain platform like Linux, you should call ``krb5_kuserok()`` in
your local kerberos library to make sure that the krb5_principal
has an account on the server and is allowed to log in as a user.
.. seealso::
`krb5_kuserok() man page
<http://www.unix.com/man-page/all/3/krb5_kuserok/>`_
"""
if gss_authenticated == paramiko.AUTH_SUCCESSFUL:
return paramiko.AUTH_SUCCESSFUL
return paramiko.AUTH_FAILED
def check_auth_gssapi_keyex(
self, username, gss_authenticated=paramiko.AUTH_FAILED, cc_file=None
):
logging.info('check_auth_gssapi_keyex')
if gss_authenticated == paramiko.AUTH_SUCCESSFUL:
return paramiko.AUTH_SUCCESSFUL
return paramiko.AUTH_FAILED
def enable_auth_gssapi(self):
logging.info('enable_auth_gssapi')
return True
def get_allowed_auths(self, username):
logging.info('get_allowed_auths')
return "gssapi-keyex,gssapi-with-mic,password,publickey"
def check_channel_shell_request(self, channel):
logging.info('check_channel_shell_request')
self.event.set()
return True
def check_channel_pty_request(
self, channel, term, width, height, pixelwidth, pixelheight, modes
):
logging.info('check_channel_pty_request')
return True
DoGSSAPIKeyExchange = True
# now connect
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
sock.bind(("192.168.34.10", 22))
except Exception as e:
print("*** Bind failed: " + str(e))
traceback.print_exc()
sys.exit(1)
try:
sock.listen(100)
print("Listening for connection ...")
client, addr = sock.accept()
except Exception as e:
print("*** Listen/accept failed: " + str(e))
traceback.print_exc()
sys.exit(1)
print("Got a connection!")
try:
t = paramiko.Transport(client, gss_kex=DoGSSAPIKeyExchange)
t.set_gss_host(socket.getfqdn(""))
try:
t.load_server_moduli()
except:
print("(Failed to load moduli -- gex will be unsupported.)")
raise
t.add_server_key(host_key)
server = Server()
try:
t.start_server(server=server)
except paramiko.SSHException:
print("*** SSH negotiation failed.")
sys.exit(1)
# wait for auth
chan = t.accept(20)
if chan is None:
print("*** No channel.")
sys.exit(1)
print("Authenticated!")
transport = paramiko.Transport(sock=("192.168.34.10", 22))
transport.connect(username="root", password="password")
interactive.interactive_shell(chan)
server.event.wait(450)
if not server.event.is_set():
print("*** Client never asked for a shell.")
sys.exit(1)
chan.send("Success Connect\r\n\r\n")
f = chan.makefile("rU")
while True:
cmd = f.readline().strip("\r\n")
myCmd = os.popen(cmd).read()
print(myCmd)
# chan.send("\r\nGot The Command, " + myCmd + ".\r\n")
chan.close()
except Exception as e:
print("*** Caught exception: " + str(e.__class__) + ": " + str(e))
traceback.print_exc()
try:
t.close()
except:
pass
sys.exit(1)
在我的客戶端上,當我啟動scp -v file_to_transfer root@192.168.34.10:/home/user/時,我有以下幾行
root@192.168.34.10's password:
debug1: Authentication succeeded (password).
Authenticated to 192.168.34.10 ([192.168.34.10]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: Sending environment.
debug1: Sending env XMODIFIERS = @im=none
debug1: Sending env LANG = fr_FR.UTF-8
debug1: Sending command: scp -v -t /home/user/
exec request failed on channel 0
lost connection
ssh 連接運行良好。 但是當客戶端發送命令scp -v -t /home/user/ ,exec 請求失敗。
我已經嘗試了很多很多修改,但我不知道該怎么做才能解決我的問題......
你有什么想法可以解決我的問題。
謝謝。
1 個解決方案
解決方案1
0 2021-10-08 09:48:05
scp使用“exec”通道,而不是“shell”通道。
所以你需要實現ServerInterface.check_channel_exec_request 。
但請注意,如果您想創建自定義的“SCP 服務器”,則不需要對 SSH 服務器進行編碼。 使用標准 SSH 服務器(如 OpenSSH)並為其實現自定義“SCP 服務器”(使用 Python 或您喜歡的任何語言)。 scp用作服務器。 所以你需要做的就是把你的假scp二進制文件(服務器)放在你的 SSH 服務器上,而不是標准的 OpenSSH scp二進制文件。
在任何情況下,研究OpenSSH scp代碼以了解它是如何工作的。
也可以看看:
如何使用SCP或SSH將完整目錄遞歸復制到Python(paramiko)中的遠程服務器?
[英]How to copy a complete directory recursively to a remote server in Python (paramiko) using SCP or SSH?
如何使用 SCP 或 SSH 將文件復制到 Python 中的遠程服務器?
[英]How to copy a file to a remote server in Python using SCP or SSH?
在 Python Paramiko 中的 SSH 服務器上的輔助 shell/命令中執行(子)命令
[英]Execute (sub)commands in secondary shell/command on SSH server in Python Paramiko
如何使用 Python Paramiko 重寫 SSH 服務器上的文件內容?
[英]How to rewrite content of a file on SSH server with Python Paramiko?
有沒有辦法使用 Paramiko 和 Python 來獲取您連接的 SSH 服務器的橫幅?
[英]Is there a way using Paramiko and Python to get the banner of the SSH server you connected to?
使用Python Paramiko在后台運行遠程SSH服務器的過程
[英]Running process of remote SSH server in the background using Python Paramiko
Python SSH服務器(套接字+ paramiko)“地址已在使用中”
[英]Python SSH server (socket + paramiko) “Address already in use”
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
Python - Paramiko - 不兼容的ssh服務器
如何使用SCP或SSH將完整目錄遞歸復制到Python(paramiko)中的遠程服務器?
scp在python的paramiko中的嵌套ssh會話中
Paramiko,在SSH服務器上附加文件
如何使用 SCP 或 SSH 將文件復制到 Python 中的遠程服務器?
在 Python Paramiko 中的 SSH 服務器上的輔助 shell/命令中執行(子)命令
如何使用 Python Paramiko 重寫 SSH 服務器上的文件內容?
有沒有辦法使用 Paramiko 和 Python 來獲取您連接的 SSH 服務器的橫幅?
使用Python Paramiko在后台運行遠程SSH服務器的過程
Python SSH服務器(套接字+ paramiko)“地址已在使用中”
相關標簽