[英]Implementing SCP server with Python Paramiko SSH server
我想用 Paramiko 偽造一個 SCP 服務器。 我寫了以下代碼:
import base64
import time
from binascii import hexlify
import os
import socket
import sys
import threading
import traceback
import interactive
# from warnings import cls
import logging
logging.basicConfig(level='DEBUG')
import paramiko
from paramiko import SFTPClient
from paramiko.py3compat import b, u, decodebytes
dir_local='/tmp'
# setup logging
paramiko.util.log_to_file("demo_server.log")
host_key = paramiko.RSAKey(filename="test_rsa.key")
# host_key = paramiko.DSSKey(filename='test_dss.key')
print("Read key: " + u(hexlify(host_key.get_fingerprint())))
class Server(paramiko.ServerInterface):
# 'data' is the output of base64.b64encode(key)
# (using the "user_rsa_key" files)
data = (
b"AAAAB3NzaC1yc2EAAAABIwAAAIEAyO4it3fHlmGZWJaGrfeHOVY7RWO3P9M7hp"
b"fAu7jJ2d7eothvfeuoRFtJwhUmZDluRdFyhFY/hFAh76PJKGAusIqIQKlkJxMC"
b"KDqIexkgHAfID/6mqvmnSJf0b5W8v5h2pI/stOSwTQ+pxVhwJ9ctYDhRSlF0iT"
b"UWT10hcuO4Ks8="
)
good_pub_key = paramiko.RSAKey(data=decodebytes(data))
def __init__(self):
logging.info('__init__')
self.event = threading.Event()
def check_channel_request(self, kind, chanid):
logging.info('check_channel_request')
if kind == "session":
return paramiko.OPEN_SUCCEEDED
return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED
def check_auth_password(self, username, password):
logging.info('check_auth_password')
# Here you can add couple user/password
if (username == "root") and (password == "password"):
return paramiko.AUTH_SUCCESSFUL
return paramiko.AUTH_FAILED
def check_auth_publickey(self, username, key):
logging.info('check_auth_publickey')
print("Auth attempt with key: " + u(hexlify(key.get_fingerprint())))
if (username == "micki") and (key == self.good_pub_key):
return paramiko.AUTH_SUCCESSFUL
return paramiko.AUTH_FAILED
def check_auth_gssapi_with_mic(
self, username, gss_authenticated=paramiko.AUTH_FAILED, cc_file=None
):
logging.info('check_auth_gssapi_with_mic')
"""
.. note::
We are just checking in `AuthHandler` that the given user is a
valid krb5 principal! We don't check if the krb5 principal is
allowed to log in on the server, because there is no way to do that
in python. So if you develop your own SSH server with paramiko for
a certain platform like Linux, you should call ``krb5_kuserok()`` in
your local kerberos library to make sure that the krb5_principal
has an account on the server and is allowed to log in as a user.
.. seealso::
`krb5_kuserok() man page
<http://www.unix.com/man-page/all/3/krb5_kuserok/>`_
"""
if gss_authenticated == paramiko.AUTH_SUCCESSFUL:
return paramiko.AUTH_SUCCESSFUL
return paramiko.AUTH_FAILED
def check_auth_gssapi_keyex(
self, username, gss_authenticated=paramiko.AUTH_FAILED, cc_file=None
):
logging.info('check_auth_gssapi_keyex')
if gss_authenticated == paramiko.AUTH_SUCCESSFUL:
return paramiko.AUTH_SUCCESSFUL
return paramiko.AUTH_FAILED
def enable_auth_gssapi(self):
logging.info('enable_auth_gssapi')
return True
def get_allowed_auths(self, username):
logging.info('get_allowed_auths')
return "gssapi-keyex,gssapi-with-mic,password,publickey"
def check_channel_shell_request(self, channel):
logging.info('check_channel_shell_request')
self.event.set()
return True
def check_channel_pty_request(
self, channel, term, width, height, pixelwidth, pixelheight, modes
):
logging.info('check_channel_pty_request')
return True
DoGSSAPIKeyExchange = True
# now connect
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
sock.bind(("192.168.34.10", 22))
except Exception as e:
print("*** Bind failed: " + str(e))
traceback.print_exc()
sys.exit(1)
try:
sock.listen(100)
print("Listening for connection ...")
client, addr = sock.accept()
except Exception as e:
print("*** Listen/accept failed: " + str(e))
traceback.print_exc()
sys.exit(1)
print("Got a connection!")
try:
t = paramiko.Transport(client, gss_kex=DoGSSAPIKeyExchange)
t.set_gss_host(socket.getfqdn(""))
try:
t.load_server_moduli()
except:
print("(Failed to load moduli -- gex will be unsupported.)")
raise
t.add_server_key(host_key)
server = Server()
try:
t.start_server(server=server)
except paramiko.SSHException:
print("*** SSH negotiation failed.")
sys.exit(1)
# wait for auth
chan = t.accept(20)
if chan is None:
print("*** No channel.")
sys.exit(1)
print("Authenticated!")
transport = paramiko.Transport(sock=("192.168.34.10", 22))
transport.connect(username="root", password="password")
interactive.interactive_shell(chan)
server.event.wait(450)
if not server.event.is_set():
print("*** Client never asked for a shell.")
sys.exit(1)
chan.send("Success Connect\r\n\r\n")
f = chan.makefile("rU")
while True:
cmd = f.readline().strip("\r\n")
myCmd = os.popen(cmd).read()
print(myCmd)
# chan.send("\r\nGot The Command, " + myCmd + ".\r\n")
chan.close()
except Exception as e:
print("*** Caught exception: " + str(e.__class__) + ": " + str(e))
traceback.print_exc()
try:
t.close()
except:
pass
sys.exit(1)
在我的客戶端上,當我啟動scp -v file_to_transfer root@192.168.34.10:/home/user/
時,我有以下幾行
root@192.168.34.10's password:
debug1: Authentication succeeded (password).
Authenticated to 192.168.34.10 ([192.168.34.10]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: Sending environment.
debug1: Sending env XMODIFIERS = @im=none
debug1: Sending env LANG = fr_FR.UTF-8
debug1: Sending command: scp -v -t /home/user/
exec request failed on channel 0
lost connection
ssh 連接運行良好。 但是當客戶端發送命令scp -v -t /home/user/
,exec 請求失敗。
我已經嘗試了很多很多修改,但我不知道該怎么做才能解決我的問題......
你有什么想法可以解決我的問題。
謝謝。
scp
使用“exec”通道,而不是“shell”通道。
所以你需要實現ServerInterface.check_channel_exec_request
。
但請注意,如果您想創建自定義的“SCP 服務器”,則不需要對 SSH 服務器進行編碼。 使用標准 SSH 服務器(如 OpenSSH)並為其實現自定義“SCP 服務器”(使用 Python 或您喜歡的任何語言)。 scp
用作服務器。 所以你需要做的就是把你的假scp
二進制文件(服務器)放在你的 SSH 服務器上,而不是標准的 OpenSSH scp
二進制文件。
在任何情況下,研究OpenSSH scp
代碼以了解它是如何工作的。
也可以看看:
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.