#!/usr/bin/env python# Copyright (C) 2003-2007 Robey Pointer <robeypointer@

1. #!/usr/bin/env python
2.  
3. # Copyright (C) 2003-2007 Robey Pointer <robeypointer@gmail.com>
4. #
5. # This file is part of paramiko.
6. #
7. # Paramiko is free software; you can redistribute it and/or modify it under the
8. # terms of the GNU Lesser General Public License as published by the Free
9. # Software Foundation; either version 2.1 of the License, or (at your option)
10. # any later version.
11. #
12. # Paramiko is distributed in the hope that it will be useful, but WITHOUT ANY
13. # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
14. # A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
15. # details.
16. #
17. # You should have received a copy of the GNU Lesser General Public License
18. # along with Paramiko; if not, write to the Free Software Foundation, Inc.,
19. # 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
20.  
21. import base64
22. from binascii import hexlify
23. import os
24. import socket
25. import sys
26. import threading
27. import traceback
28.  
29. import paramiko
30. from paramiko.py3compat import b, u, decodebytes
31.  
32.  
33. # setup logging
34. paramiko.util.log_to_file('demo_server.log')
35.  
36. host_key = paramiko.RSAKey(filename='test_rsa.key')
37. #host_key = paramiko.DSSKey(filename='test_dss.key')
38.  
39. print('Read key: ' + u(hexlify(host_key.get_fingerprint())))
40.  
41.  
42. class Server (paramiko.ServerInterface):
43. # 'data' is the output of base64.b64encode(key)
44. # (using the "user_rsa_key" files)
45. data = (b'AAAAB3NzaC1yc2EAAAABIwAAAIEAyO4it3fHlmGZWJaGrfeHOVY7RWO3P9M7hp'
46. b'fAu7jJ2d7eothvfeuoRFtJwhUmZDluRdFyhFY/hFAh76PJKGAusIqIQKlkJxMC'
47. b'KDqIexkgHAfID/6mqvmnSJf0b5W8v5h2pI/stOSwTQ+pxVhwJ9ctYDhRSlF0iT'
48. b'UWT10hcuO4Ks8=')
49. good_pub_key = paramiko.RSAKey(data=decodebytes(data))
50.  
51. def __init__(self):
52. self.event = threading.Event()
53.  
54. def check_channel_request(self, kind, chanid):
55. if kind == 'session':
56. return paramiko.OPEN_SUCCEEDED
57. return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED
58.  
59. def check_auth_password(self, username, password):
60. if (username == 'robey') and (password == 'foo'):
61. return paramiko.AUTH_SUCCESSFUL
62. return paramiko.AUTH_FAILED
63.  
64. def check_auth_publickey(self, username, key):
65. print('Auth attempt with key: ' + u(hexlify(key.get_fingerprint())))
66. if (username == 'robey') and (key == self.good_pub_key):
67. return paramiko.AUTH_SUCCESSFUL
68. return paramiko.AUTH_FAILED
69.  
70. def check_auth_gssapi_with_mic(self, username,
71. gss_authenticated=paramiko.AUTH_FAILED,
72. cc_file=None):
73. """
74. .. note::
75. We are just checking in `AuthHandler` that the given user is a
76. valid krb5 principal! We don't check if the krb5 principal is
77. allowed to log in on the server, because there is no way to do that
78. in python. So if you develop your own SSH server with paramiko for
79. a certain platform like Linux, you should call ``krb5_kuserok()`` in
80. your local kerberos library to make sure that the krb5_principal
81. has an account on the server and is allowed to log in as a user.
82.  
83. .. seealso::
84. `krb5_kuserok() man page
85. <http://www.unix.com/man-page/all/3/krb5_kuserok/>`_
86. """
87. if gss_authenticated == paramiko.AUTH_SUCCESSFUL:
88. return paramiko.AUTH_SUCCESSFUL
89. return paramiko.AUTH_FAILED
90.  
91. def check_auth_gssapi_keyex(self, username,
92. gss_authenticated=paramiko.AUTH_FAILED,
93. cc_file=None):
94. if gss_authenticated == paramiko.AUTH_SUCCESSFUL:
95. return paramiko.AUTH_SUCCESSFUL
96. return paramiko.AUTH_FAILED
97.  
98. def enable_auth_gssapi(self):
99. UseGSSAPI = True
100. GSSAPICleanupCredentials = False
101. return UseGSSAPI
102.  
103. def get_allowed_auths(self, username):
104. return 'gssapi-keyex,gssapi-with-mic,password,publickey'
105.  
106. def check_channel_shell_request(self, channel):
107. self.event.set()
108. return True
109.  
110. def check_channel_pty_request(self, channel, term, width, height, pixelwidth,
111. pixelheight, modes):
112. return True
113.  
114.  
115. DoGSSAPIKeyExchange = True
116.  
117. # now connect
118. try:
119. sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
120. sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
121. sock.bind(('', 2200))
122. except Exception as e:
123. print('*** Bind failed: ' + str(e))
124. traceback.print_exc()
125. sys.exit(1)
126.  
127. try:
128. sock.listen(100)
129. print('Listening for connection ...')
130. client, addr = sock.accept()
131. except Exception as e:
132. print('*** Listen/accept failed: ' + str(e))
133. traceback.print_exc()
134. sys.exit(1)
135.  
136. print('Got a connection!')
137.  
138. try:
139. t = paramiko.Transport(client, gss_kex=DoGSSAPIKeyExchange)
140. t.set_gss_host(socket.getfqdn(""))
141. try:
142. t.load_server_moduli()
143. except:
144. print('(Failed to load moduli -- gex will be unsupported.)')
145. raise
146. t.add_server_key(host_key)
147. server = Server()
148. try:
149. t.start_server(server=server)
150. except paramiko.SSHException:
151. print('*** SSH negotiation failed.')
152. sys.exit(1)
153.  
154. # wait for auth
155. chan = t.accept(20)
156. if chan is None:
157. print('*** No channel.')
158. sys.exit(1)
159. print('Authenticated!')
160.  
161. server.event.wait(10)
162. if not server.event.is_set():
163. print('*** Client never asked for a shell.')
164. sys.exit(1)
165.  
166. chan.send('\r\n\r\nWelcome to my dorky little BBS!\r\n\r\n')
167. chan.send('We are on fire all the time! Hooray! Candy corn for everyone!\r\n')
168. chan.send('Happy birthday to Robot Dave!\r\n\r\n')
169. chan.send('Username: ')
170. f = chan.makefile('rU')
171. username = f.readline().strip('\r\n')
172. chan.send('\r\nI don\'t like you, ' + username + '.\r\n')
173. chan.close()
174.  
175. except Exception as e:
176. print('*** Caught exception: ' + str(e.__class__) + ': ' + str(e))
177. traceback.print_exc()
178. try:
179. t.close()
180. except:
181. pass
182. sys.exit(1)