-
Notifications
You must be signed in to change notification settings - Fork 9
/
server.py
158 lines (132 loc) · 4.17 KB
/
server.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
#!/usr/bin/env python
import base64
from binascii import hexlify
import os
import socket
import sys
import threading
import traceback
import paramiko
import json
import time
import pwd
import grp
os.chdir(os.path.dirname(os.path.realpath(__file__)))
raw_config = open('data/config.json').read()
config = json.loads(raw_config)
host_key = paramiko.RSAKey(filename=config['key'])
# Set up logging
paramiko.util.log_to_file('data/error_log')
log_pipe = None
if (config['log'] is not False):
log_pipe = open(config['log'], "a")
def log_event(event_type, data = None):
if (log_pipe is not None):
try:
log_pipe.write(str(int(time.time())) + "\t" + event_type + "\t" + str(data) + "\n")
log_pipe.flush()
except:
pass
class Server(paramiko.ServerInterface):
def __init__(self):
self.event = threading.Event()
self.has_authenticated_before = False
def check_channel_request(self, kind, chanid):
if kind == 'session':
return paramiko.OPEN_SUCCEEDED
return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED
def check_auth_interactive(self, username, submethods):
if self.has_authenticated_before:
return paramiko.AUTH_FAILED
else:
log_event('a_inter')
self.has_authenticated_before = True
return paramiko.InteractiveQuery('', config['banner'])
def check_auth_password(self, username, password):
log_event('a_password')
log_event('username', username)
log_event('password', password)
time.sleep(3)
return paramiko.AUTH_FAILED
def check_auth_publickey(self, username, key):
log_event('a_pkey')
time.sleep(3)
return paramiko.AUTH_FAILED
def check_auth_interactive_response(self, responses):
return paramiko.AUTH_FAILED
def get_allowed_auths(self, username):
return 'keyboard-interactive,publickey,password'
def check_channel_shell_request(self, channel):
self.event.set()
return True
def check_channel_pty_request(self, channel, term, width, height, pixelwidth,
pixelheight, modes):
return True
def incoming_connection(client):
try:
t = paramiko.Transport(client)
t.local_version = 'SSH-2.0-OpenSSH_4.3'
# Try to load server moduli for gex
try:
t.load_server_moduli()
except:
print('Failed to load moduli -- gex will be unsupported.')
raise
# Start the server & negotiate with the client
server = Server()
t.add_server_key(host_key)
try:
t.start_server(server=server)
except paramiko.SSHException as x:
print('SSH negotiation failed.')
try:
t.close()
except:
pass
return
# Wait for auth
t.accept(60)
try:
t.close()
except:
pass
return
except Exception as e:
print('Caught exception: ' + str(e.__class__) + ': ' + str(e))
traceback.print_exc()
try:
t.close()
except:
pass
return
# Bind to the port
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
sock.bind(('', config['port']))
except Exception as e:
print('Could not bind to port: ' + str(e))
traceback.print_exc()
# Drop privileges
if os.getuid() == 0:
try:
os.setgroups([])
os.setgid(grp.getgrnam('nogroup').gr_gid)
os.setuid(pwd.getpwnam('nobody').pw_uid)
except:
print("CAUTION: could not drop root!")
# Start listening for connections
server_listening = True
while server_listening:
try:
sock.listen(100)
print('Waiting for connection.')
client, addr = sock.accept()
print('Client connected!')
threading.Thread(target=incoming_connection, args=[client]).start()
except Exception as e:
print("Couldn't wait for connection: " + str(e))
traceback.print_exc()
sock.close()
if (log_pipe is not None):
log_pipe.close()