[X2go-Commits] python-x2go.git - master (branch) updated: 0.1.1.4-66-g5d87bf5
X2go dev team
git-admin at x2go.org
Mon Oct 10 20:04:46 CEST 2011
The branch, master has been updated
via 5d87bf5b39fc37f9ff7c0c91dc174d52625c2af9 (commit)
via b18df4022b3306e84a4e58501f75087bd8c25f7e (commit)
via 637fa24c2bcc98706959a7214554892ac02ecea9 (commit)
via 42e073c3a6ccf65bb1a98283c6d9f394626b079d (commit)
from 8966252f797a3dcf1bde347d6cfb7520e9900129 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5d87bf5b39fc37f9ff7c0c91dc174d52625c2af9
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Mon Oct 10 20:04:34 2011 +0200
Fix duplication of SSH keys in known_hosts file, use hashed hostnames in known_hosts file. Make sure SSH keys written to known_hosts file are available to other SSHClient instances immediately.
commit b18df4022b3306e84a4e58501f75087bd8c25f7e
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Mon Oct 10 20:00:35 2011 +0200
change random pwd mechanism in checkhosts.py
commit 637fa24c2bcc98706959a7214554892ac02ecea9
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Mon Oct 10 19:58:59 2011 +0200
fix hostname parameter in checkhosts.py
commit 42e073c3a6ccf65bb1a98283c6d9f394626b079d
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Sun Oct 9 15:26:30 2011 +0200
Use random passwords for checking SSH host keys.
-----------------------------------------------------------------------
Summary of changes:
debian/changelog | 4 +
x2go/backends/control/_stdout.py | 3 +
x2go/checkhosts.py | 5 +-
x2go/monkey_patch_paramiko.py | 119 ++++++++++++++++++++++++++++++++++++++
x2go/sshproxy.py | 9 ++-
5 files changed, 135 insertions(+), 5 deletions(-)
create mode 100644 x2go/monkey_patch_paramiko.py
The diff of changes is:
diff --git a/debian/changelog b/debian/changelog
index b2c7439..d2bc701 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -14,6 +14,10 @@ python-x2go (0.1.1.8-0-x2go1) UNRELEASED; urgency=low
- Fix missing import of socket module in backends/control/_stdout.py.
- Catch failures on sftp_write in control session instance.
- Always disconnect from X2goSession instance.
+ - Use random passwords for checking SSH host keys.
+ - Fix duplication of SSH keys in known_hosts file, use hashed hostnames in
+ known_hosts file. Make sure SSH keys written to known_hosts file are
+ available to other SSHClient instances immediately.
-- Mike Gabriel <mike.gabriel at das-netzwerkteam.de> Sun, 25 Sep 2011 02:08:11 +0200
diff --git a/x2go/backends/control/_stdout.py b/x2go/backends/control/_stdout.py
index 0a61c50..9f2f9a3 100644
--- a/x2go/backends/control/_stdout.py
+++ b/x2go/backends/control/_stdout.py
@@ -52,6 +52,9 @@ from x2go.backends.info import X2goServerSessionInfo as _X2goServerSessionInfo
from x2go.backends.info import X2goServerSessionList as _X2goServerSessionList
from x2go.backends.proxy import X2goProxy as _X2goProxy
+from x2go.monkey_patch_paramiko import monkey_patch_paramiko
+monkey_patch_paramiko()
+
def _rerewrite_blanks(cmd):
# X2go run command replace X2GO_SPACE_CHAR string with blanks
if cmd:
diff --git a/x2go/checkhosts.py b/x2go/checkhosts.py
index 7e8c209..b47193c 100644
--- a/x2go/checkhosts.py
+++ b/x2go/checkhosts.py
@@ -26,6 +26,7 @@ __NAME__ = 'x2gocheckhosts-pylib'
# modules
import paramiko
import binascii
+import uuid
# Python X2go modules
import sshproxy
@@ -96,7 +97,7 @@ class X2goInteractiveAddPolicy(paramiko.MissingHostKeyPolicy):
fingerprint_type=self.get_key_name(),
)
if _valid:
- paramiko.AutoAddPolicy().missing_host_key(client, hostname, key)
+ paramiko.AutoAddPolicy().missing_host_key(client, self.hostname, key)
else:
if type(self.caller) in (sshproxy.X2goSSHProxy, ):
raise x2go_exceptions.X2goSSHProxyHostKeyException('Invalid host %s is not authorized for access. Add the host to Paramiko/SSH\'s known_hosts file.' % hostname)
@@ -221,7 +222,7 @@ def check_ssh_host_key(x2go_sshclient_instance, hostname, port=22):
host_ok = False
try:
- paramiko.SSHClient.connect(x2go_sshclient_instance, hostname=hostname, port=port, username='foo', password='bar')
+ paramiko.SSHClient.connect(x2go_sshclient_instance, hostname=hostname, port=port, username='foo', password="".join([random.choice(string.letters+string.digits) for x in range(1, 20)]))
except x2go_exceptions.AuthenticationException:
host_ok = True
x2go_sshclient_instance.logger('SSH host key verification for host [%s]:%s succeeded. Host is already known to the client\'s Paramiko/SSH sub-system.' % (_hostname, _port), loglevel=log.loglevel_NOTICE)
diff --git a/x2go/monkey_patch_paramiko.py b/x2go/monkey_patch_paramiko.py
new file mode 100644
index 0000000..c9a460a
--- /dev/null
+++ b/x2go/monkey_patch_paramiko.py
@@ -0,0 +1,119 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2010-2011 by Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
+#
+# Python X2go is free software; you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# Python X2go is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program; if not, write to the
+# Free Software Foundation, Inc.,
+# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+
+"""\
+Monkey Patch for Python Paramiko
+
+"""
+
+import paramiko
+
+def _SSHClient_save_host_keys(self, filename):
+ """\
+ FIXME!!! --- this method should become part of Paramiko
+
+ This method has been taken from SSHClient class in Paramiko and
+ has been improved and adapted to latest SSH implementations.
+
+ Save the host keys back to a file.
+ Only the host keys loaded with
+ L{load_host_keys} (plus any added directly) will be saved -- not any
+ host keys loaded with L{load_system_host_keys}.
+
+ @param filename: the filename to save to
+ @type filename: str
+
+ @raise IOError: if the file could not be written
+
+ """
+ # update local host keys from file (in case other SSH clients
+ # have written to the known_hosts file meanwhile.
+ if self.known_hosts is not None:
+ self.load_host_keys(self.known_hosts)
+
+ f = open(filename, 'w')
+ #f.write('# SSH host keys collected by paramiko\n')
+ _host_keys = self.get_host_keys()
+ for hostname, keys in _host_keys.iteritems():
+
+ for keytype, key in keys.iteritems():
+ f.write('%s %s %s\n' % (hostname, keytype, key.get_base64()))
+
+ f.close()
+
+
+def _HostKeys_load(self, filename):
+ """\
+ Read a file of known SSH host keys, in the format used by openssh.
+ This type of file unfortunately doesn't exist on Windows, but on
+ posix, it will usually be stored in
+ C{os.path.expanduser("~/.ssh/known_hosts")}.
+
+ If this method is called multiple times, the host keys are merged,
+ not cleared. So multiple calls to C{load} will just call L{add},
+ replacing any existing entries and adding new ones.
+
+ @param filename: name of the file to read host keys from
+ @type filename: str
+
+ @raise IOError: if there was an error reading the file
+
+ """
+ f = open(filename, 'r')
+ for line in f:
+ line = line.strip()
+ if (len(line) == 0) or (line[0] == '#'):
+ continue
+ e = paramiko.hostkeys.HostKeyEntry.from_line(line)
+ if e is not None:
+ _hostnames = e.hostnames
+ for h in _hostnames:
+ if self.check(h, e.key):
+ e.hostnames.remove(h)
+ if len(e.hostnames):
+ self._entries.append(e)
+ f.close()
+
+
+def _HostKeys_add(self, hostname, keytype, key, hash_hostname=True):
+ """\
+ Add a host key entry to the table. Any existing entry for a
+ C{(hostname, keytype)} pair will be replaced.
+
+ @param hostname: the hostname (or IP) to add
+ @type hostname: str
+ @param keytype: key type (C{"ssh-rsa"} or C{"ssh-dss"})
+ @type keytype: str
+ @param key: the key to add
+ @type key: L{PKey}
+
+ """
+ for e in self._entries:
+ if (hostname in e.hostnames) and (e.key.get_name() == keytype):
+ e.key = key
+ return
+ if not hostname.startswith('|1|') and hash_hostname:
+ hostname = self.hash_host(hostname)
+ self._entries.append(paramiko.hostkeys.HostKeyEntry([hostname], key))
+
+
+def monkey_patch_paramiko():
+ paramiko.SSHClient.save_host_keys = _SSHClient_save_host_keys
+ paramiko.hostkeys.HostKeys.load = _HostKeys_load
+ paramiko.hostkeys.HostKeys.add = _HostKeys_add
diff --git a/x2go/sshproxy.py b/x2go/sshproxy.py
index 2306860..f50bc32 100644
--- a/x2go/sshproxy.py
+++ b/x2go/sshproxy.py
@@ -45,6 +45,8 @@ from x2go.defaults import CURRENT_LOCAL_USER as _CURRENT_LOCAL_USER
from x2go.defaults import LOCAL_HOME as _LOCAL_HOME
from x2go.defaults import X2GO_SSH_ROOTDIR as _X2GO_SSH_ROOTDIR
+from monkey_patch_paramiko import monkey_patch_paramiko
+monkey_patch_paramiko()
class X2goSSHProxy(paramiko.SSHClient, threading.Thread):
"""\
@@ -173,9 +175,10 @@ class X2goSSHProxy(paramiko.SSHClient, threading.Thread):
self.ssh_rootdir = ssh_rootdir
paramiko.SSHClient.__init__(self)
- if known_hosts:
- utils.touch_file(known_hosts)
- self.load_host_keys(known_hosts)
+ self.known_hosts = known_hosts
+ if self.known_hosts:
+ utils.touch_file(self.known_hosts)
+ self.load_host_keys(self.known_hosts)
if not add_to_known_hosts and session_instance:
self.set_missing_host_key_policy(checkhosts.X2goInteractiveAddPolicy(caller=self, session_instance=session_instance))
hooks/post-receive
--
python-x2go.git (Python X2go Client API)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "python-x2go.git" (Python X2go Client API).
More information about the x2go-commits
mailing list