[X2go-Commits] python-x2go.git - release/0.1.1.x (branch) updated: 0.1.1.7-16-g4b731c0
X2go dev team
git-admin at x2go.org
Mon Oct 10 20:06:27 CEST 2011
The branch, release/0.1.1.x has been updated
via 4b731c0bdc8f0628ceeac6be8bf0300c638ce242 (commit)
via f8fce4fb41c7419eaaa1a2c06ae20913e7059d67 (commit)
via 8ded9d358d19af42b0f1ae3b71160ebda7d2bd30 (commit)
via 7e6a2ed8a4bcd1b3f8b34c9fc2efc87c8375878f (commit)
from 4efe7f08c4ff3b7c09c997e365ca0f6c4e60d942 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 4b731c0bdc8f0628ceeac6be8bf0300c638ce242
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Mon Oct 10 20:04:34 2011 +0200
Fix duplication of SSH keys in known_hosts file, use hashed hostnames in known_hosts file. Make sure SSH keys written to known_hosts file are available to other SSHClient instances immediately.
commit f8fce4fb41c7419eaaa1a2c06ae20913e7059d67
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Mon Oct 10 20:00:35 2011 +0200
change random pwd mechanism in checkhosts.py
commit 8ded9d358d19af42b0f1ae3b71160ebda7d2bd30
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Mon Oct 10 19:58:59 2011 +0200
fix hostname parameter in checkhosts.py
commit 7e6a2ed8a4bcd1b3f8b34c9fc2efc87c8375878f
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Sun Oct 9 15:26:30 2011 +0200
Use random passwords for checking SSH host keys.
-----------------------------------------------------------------------
Summary of changes:
debian/changelog | 4 +
x2go/backends/control/_stdout.py | 3 +
x2go/checkhosts.py | 5 +-
x2go/monkey_patch_paramiko.py | 119 ++++++++++++++++++++++++++++++++++++++
x2go/sshproxy.py | 9 ++-
5 files changed, 135 insertions(+), 5 deletions(-)
create mode 100644 x2go/monkey_patch_paramiko.py
The diff of changes is:
diff --git a/debian/changelog b/debian/changelog
index bdb7124..19e841d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,10 @@ python-x2go (0.1.1.8-0-x2go1) UNRELEASED; urgency=low
- Fix missing import of socket module in backends/control/_stdout.py.
- Catch failures on sftp_write in control session instance.
- Always disconnect from X2goSession instance.
+ - Use random passwords for checking SSH host keys.
+ - Fix duplication of SSH keys in known_hosts file, use hashed hostnames in
+ known_hosts file. Make sure SSH keys written to known_hosts file are
+ available to other SSHClient instances immediately.
-- Mike Gabriel <mike.gabriel at das-netzwerkteam.de> Sun, 25 Sep 2011 02:08:11 +0200
diff --git a/x2go/backends/control/_stdout.py b/x2go/backends/control/_stdout.py
index 57df4f7..35990ee 100644
--- a/x2go/backends/control/_stdout.py
+++ b/x2go/backends/control/_stdout.py
@@ -52,6 +52,9 @@ from x2go.backends.info import X2goServerSessionInfo as _X2goServerSessionInfo
from x2go.backends.info import X2goServerSessionList as _X2goServerSessionList
from x2go.backends.proxy import X2goProxy as _X2goProxy
+from x2go.monkey_patch_paramiko import monkey_patch_paramiko
+monkey_patch_paramiko()
+
def _rerewrite_blanks(cmd):
# X2go run command replace X2GO_SPACE_CHAR string with blanks
if cmd:
diff --git a/x2go/checkhosts.py b/x2go/checkhosts.py
index d204527..1f0bea4 100644
--- a/x2go/checkhosts.py
+++ b/x2go/checkhosts.py
@@ -26,6 +26,7 @@ __NAME__ = 'x2gocheckhosts-pylib'
# modules
import paramiko
import binascii
+import uuid
# Python X2go modules
import sshproxy
@@ -96,7 +97,7 @@ class X2goInteractiveAddPolicy(paramiko.MissingHostKeyPolicy):
fingerprint_type=self.get_key_name(),
)
if _valid:
- paramiko.AutoAddPolicy().missing_host_key(client, hostname, key)
+ paramiko.AutoAddPolicy().missing_host_key(client, self.hostname, key)
else:
if type(self.caller) in (sshproxy.X2goSSHProxy, ):
raise x2go_exceptions.X2goSSHProxyHostKeyException('Invalid host %s is not authorized for access. Add the host to Paramiko/SSH\'s known_hosts file.' % hostname)
@@ -221,7 +222,7 @@ def check_ssh_host_key(x2go_sshclient_instance, hostname, port=22):
host_ok = False
try:
- paramiko.SSHClient.connect(x2go_sshclient_instance, hostname=hostname, port=port, username='foo', password='bar')
+ paramiko.SSHClient.connect(x2go_sshclient_instance, hostname=hostname, port=port, username='foo', password="".join([random.choice(string.letters+string.digits) for x in range(1, 20)]))
except x2go_exceptions.AuthenticationException:
host_ok = True
x2go_sshclient_instance.logger('SSH host key verification for host [%s]:%s succeeded. Host is already known to the client\'s Paramiko/SSH sub-system.' % (_hostname, _port), loglevel=log.loglevel_NOTICE)
diff --git a/x2go/monkey_patch_paramiko.py b/x2go/monkey_patch_paramiko.py
new file mode 100644
index 0000000..c9a460a
--- /dev/null
+++ b/x2go/monkey_patch_paramiko.py
@@ -0,0 +1,119 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2010-2011 by Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
+#
+# Python X2go is free software; you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# Python X2go is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program; if not, write to the
+# Free Software Foundation, Inc.,
+# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+
+"""\
+Monkey Patch for Python Paramiko
+
+"""
+
+import paramiko
+
+def _SSHClient_save_host_keys(self, filename):
+ """\
+ FIXME!!! --- this method should become part of Paramiko
+
+ This method has been taken from SSHClient class in Paramiko and
+ has been improved and adapted to latest SSH implementations.
+
+ Save the host keys back to a file.
+ Only the host keys loaded with
+ L{load_host_keys} (plus any added directly) will be saved -- not any
+ host keys loaded with L{load_system_host_keys}.
+
+ @param filename: the filename to save to
+ @type filename: str
+
+ @raise IOError: if the file could not be written
+
+ """
+ # update local host keys from file (in case other SSH clients
+ # have written to the known_hosts file meanwhile.
+ if self.known_hosts is not None:
+ self.load_host_keys(self.known_hosts)
+
+ f = open(filename, 'w')
+ #f.write('# SSH host keys collected by paramiko\n')
+ _host_keys = self.get_host_keys()
+ for hostname, keys in _host_keys.iteritems():
+
+ for keytype, key in keys.iteritems():
+ f.write('%s %s %s\n' % (hostname, keytype, key.get_base64()))
+
+ f.close()
+
+
+def _HostKeys_load(self, filename):
+ """\
+ Read a file of known SSH host keys, in the format used by openssh.
+ This type of file unfortunately doesn't exist on Windows, but on
+ posix, it will usually be stored in
+ C{os.path.expanduser("~/.ssh/known_hosts")}.
+
+ If this method is called multiple times, the host keys are merged,
+ not cleared. So multiple calls to C{load} will just call L{add},
+ replacing any existing entries and adding new ones.
+
+ @param filename: name of the file to read host keys from
+ @type filename: str
+
+ @raise IOError: if there was an error reading the file
+
+ """
+ f = open(filename, 'r')
+ for line in f:
+ line = line.strip()
+ if (len(line) == 0) or (line[0] == '#'):
+ continue
+ e = paramiko.hostkeys.HostKeyEntry.from_line(line)
+ if e is not None:
+ _hostnames = e.hostnames
+ for h in _hostnames:
+ if self.check(h, e.key):
+ e.hostnames.remove(h)
+ if len(e.hostnames):
+ self._entries.append(e)
+ f.close()
+
+
+def _HostKeys_add(self, hostname, keytype, key, hash_hostname=True):
+ """\
+ Add a host key entry to the table. Any existing entry for a
+ C{(hostname, keytype)} pair will be replaced.
+
+ @param hostname: the hostname (or IP) to add
+ @type hostname: str
+ @param keytype: key type (C{"ssh-rsa"} or C{"ssh-dss"})
+ @type keytype: str
+ @param key: the key to add
+ @type key: L{PKey}
+
+ """
+ for e in self._entries:
+ if (hostname in e.hostnames) and (e.key.get_name() == keytype):
+ e.key = key
+ return
+ if not hostname.startswith('|1|') and hash_hostname:
+ hostname = self.hash_host(hostname)
+ self._entries.append(paramiko.hostkeys.HostKeyEntry([hostname], key))
+
+
+def monkey_patch_paramiko():
+ paramiko.SSHClient.save_host_keys = _SSHClient_save_host_keys
+ paramiko.hostkeys.HostKeys.load = _HostKeys_load
+ paramiko.hostkeys.HostKeys.add = _HostKeys_add
diff --git a/x2go/sshproxy.py b/x2go/sshproxy.py
index cd51afe..b61f9cf 100644
--- a/x2go/sshproxy.py
+++ b/x2go/sshproxy.py
@@ -45,6 +45,8 @@ from x2go.defaults import CURRENT_LOCAL_USER as _CURRENT_LOCAL_USER
from x2go.defaults import LOCAL_HOME as _LOCAL_HOME
from x2go.defaults import X2GO_SSH_ROOTDIR as _X2GO_SSH_ROOTDIR
+from monkey_patch_paramiko import monkey_patch_paramiko
+monkey_patch_paramiko()
class X2goSSHProxy(paramiko.SSHClient, threading.Thread):
"""\
@@ -173,9 +175,10 @@ class X2goSSHProxy(paramiko.SSHClient, threading.Thread):
self.ssh_rootdir = ssh_rootdir
paramiko.SSHClient.__init__(self)
- if known_hosts:
- utils.touch_file(known_hosts)
- self.load_host_keys(known_hosts)
+ self.known_hosts = known_hosts
+ if self.known_hosts:
+ utils.touch_file(self.known_hosts)
+ self.load_host_keys(self.known_hosts)
if not add_to_known_hosts and session_instance:
self.set_missing_host_key_policy(checkhosts.X2goInteractiveAddPolicy(caller=self, session_instance=session_instance))
hooks/post-receive
--
python-x2go.git (Python X2go Client API)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "python-x2go.git" (Python X2go Client API).
More information about the x2go-commits
mailing list