Modify ssh server bug for using public key

apps/common/utils.py

@@ -30,11 +30,17 @@ def get_object_or_none(model, **kwargs):
 
 
 def encrypt(*args, **kwargs):
-    return signing.dumps(*args, **kwargs)
+    try:
+        return signing.dumps(*args, **kwargs)
+    except signing.BadSignature:
+        return ''
 
 
 def decrypt(*args, **kwargs):
-    return signing.loads(*args, **kwargs)
+    try:
+        return signing.loads(*args, **kwargs)
+    except signing.BadSignature:
+        return ''
 
 
 def date_expired_default():

connect.py

@@ -1,32 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-#
-
-import sys
-import os
-
-# reload(sys)
-# sys.setdefaultencoding('utf8')
-
-BASE_DIR = os.path.dirname(os.path.abspath(__file__))
-sys.path.append(os.path.join(BASE_DIR, 'apps'))
-
-import re
-import time
-import datetime
-import textwrap
-import getpass
-import readline
-import django
-import paramiko
-import errno
-import pyte
-import operator
-import struct, fcntl, signal, socket, select
-from io import open as copen
-import uuid
-
-
-os.environ['DJANGO_SETTINGS_MODULE'] = 'jumpserver.settings'
-
-

requirements.txt

@@ -20,3 +20,4 @@ django-simple-captcha==0.5.2
 django-formtools==1.0
 sshpubkeys==2.2.0
 djangorestframework-bulk==0.2.1
+python-gssapi==0.6.4

terminal/ssh_server.py

@@ -41,6 +41,8 @@ from utils import get_logger, SSHServerException, control_char
 
 logger = get_logger(__name__)
 
+paramiko.util.log_to_file(os.path.join(BASE_DIR, 'logs', 'paramiko.log'))
+
 
 class SSHServer(paramiko.ServerInterface):
     host_key_path = os.path.join(BASE_DIR, 'host_rsa_key')
@@ -79,6 +81,27 @@ class SSHServer(paramiko.ServerInterface):
             return paramiko.OPEN_SUCCEEDED
         return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED
 
+    def check_auth_gssapi_with_mic(self, username,
+                                   gss_authenticated=paramiko.AUTH_FAILED,
+                                   cc_file=None):
+
+        if gss_authenticated == paramiko.AUTH_SUCCESSFUL:
+            return paramiko.AUTH_SUCCESSFUL
+        return paramiko.AUTH_FAILED
+
+    def check_auth_gssapi_keyex(self, username,
+                                gss_authenticated=paramiko.AUTH_FAILED,
+                                cc_file=None):
+
+        if gss_authenticated == paramiko.AUTH_SUCCESSFUL:
+            return paramiko.AUTH_SUCCESSFUL
+        return paramiko.AUTH_FAILED
+
+    def enable_auth_gssapi(self):
+        UseGSSAPI = True
+        GSSAPICleanupCredentials = False
+        return UseGSSAPI
+
     def check_auth_password(self, username, password):
         self.user = user = check_user_is_valid(username=username, password=password)
         self.username = username = user.username
@@ -99,9 +122,9 @@ class SSHServer(paramiko.ServerInterface):
 
     def check_auth_publickey(self, username, public_key):
         self.user = user = check_user_is_valid(username=username, public_key=public_key)
-        self.username = username = user.username
 
         if self.user:
+            self.username = username = user.username
             logger.info('Accepted public key for %(username)s from %(host)s port %(port)s ' % {
                 'username': username,
                 'host': self.addr[0],

test_rsa.key

@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICWgIBAAKBgQDTj1bqB4WmayWNPB+8jVSYpZYk80Ujvj680pOTh2bORBjbIAyz
-oWGW+GUjzKxTiiPvVmxFgx5wdsFvF03v34lEVVhMpouqPAYQ15N37K/ir5XY+9m/
-d8ufMCkjeXsQkKqFbAlQcnWMCRnOoPHS3I4vi6hmnDDeeYTSRvfLbW0fhwIBIwKB
-gBIiOqZYaoqbeD9OS9z2K9KR2atlTxGxOJPXiP4ESqP3NVScWNwyZ3NXHpyrJLa0
-EbVtzsQhLn6rF+TzXnOlcipFvjsem3iYzCpuChfGQ6SovTcOjHV9z+hnpXvQ/fon
-soVRZY65wKnF7IAoUwTmJS9opqgrN6kRgCd3DASAMd1bAkEA96SBVWFt/fJBNJ9H
-tYnBKZGw0VeHOYmVYbvMSstssn8un+pQpUm9vlG/bp7Oxd/m+b9KWEh2xPfv6zqU
-avNwHwJBANqzGZa/EpzF4J8pGti7oIAPUIDGMtfIcmqNXVMckrmzQ2vTfqtkEZsA
-4rE1IERRyiJQx6EJsz21wJmGV9WJQ5kCQQDwkS0uXqVdFzgHO6S++tjmjYcxwr3g
-H0CoFYSgbddOT6miqRskOQF3DZVkJT3kyuBgU2zKygz52ukQZMqxCb1fAkASvuTv
-qfpH87Qq5kQhNKdbbwbmd2NxlNabazPijWuphGTdW0VfJdWfklyS2Kr+iqrs/5wV
-HhathJt636Eg7oIjAkA8ht3MQ+XSl9yIJIS8gVpbPxSw5OMfw0PjVE7tBdQruiSc
-nvuQES5C9BMHjF39LZiGH1iLQy7FgdHyoP+eodI7
------END RSA PRIVATE KEY-----

test_server.py

@@ -1,44 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-# 
-
-import socket
-import sys
-import threading
-
-
-class ThreadSocket:
-    def __init__(self, host, port):
-        self.host = host
-        self.port = port
-        self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-        self.sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-        self.sock.bind((self.host, self.port))
-
-    def listen(self):
-        self.sock.listen(5)
-        while True:
-            client, address = self.sock.accept()
-            client.settimeout(60)
-            threading.Thread(target=self.handle_client_request, args=(client, address)).start()
-
-    def handle_client_request(self, client, address):
-        print("Get client: %s" % str(address))
-        while True:
-            try:
-                data = client.recv(1024)
-                print("sleep : %s" % str(address))
-                if data:
-                    client.send(data)
-                else:
-                    raise IndexError('Client has disconnected')
-            except:
-                client.close()
-
-
-if __name__ == '__main__':
-    server = ThreadSocket('', 9000)
-    try:
-        server.listen()
-    except KeyboardInterrupt:
-        sys.exit(1)