Created
November 30, 2011 16:14
-
-
Save iffy/1409648 to your computer and use it in GitHub Desktop.
sftp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[matt] ~ $ sftp -oPort=8022 [email protected]:/somefile /tmp/somefile | |
Connecting to 10.1.15.5... | |
[email protected]'s password: | |
Fetching /somefile to /tmp/somefile | |
Cannot download non-regular file: /somefile |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ python fakessh.py | |
2011-11-30 09:12:11-0700 [-] Log opened. | |
2011-11-30 09:12:11-0700 [-] twisted.conch.ssh.factory.SSHFactory starting on 8022 | |
2011-11-30 09:12:11-0700 [-] Starting factory <twisted.conch.ssh.factory.SSHFactory instance at 0x12c0a08> | |
2011-11-30 09:13:34-0700 [twisted.conch.ssh.factory.SSHFactory] disabling diffie-hellman-group-exchange because we cannot find moduli file | |
2011-11-30 09:13:34-0700 [SSHServerTransport,0,10.1.15.5] kex alg, key alg: diffie-hellman-group1-sha1 ssh-rsa | |
2011-11-30 09:13:34-0700 [SSHServerTransport,0,10.1.15.5] outgoing: aes128-ctr hmac-md5 none | |
2011-11-30 09:13:34-0700 [SSHServerTransport,0,10.1.15.5] incoming: aes128-ctr hmac-md5 none | |
2011-11-30 09:13:34-0700 [SSHServerTransport,0,10.1.15.5] NEW KEYS | |
2011-11-30 09:13:34-0700 [SSHServerTransport,0,10.1.15.5] starting service ssh-userauth | |
2011-11-30 09:13:34-0700 [SSHService ssh-userauth on SSHServerTransport,0,10.1.15.5] foo trying auth none | |
2011-11-30 09:13:36-0700 [SSHService ssh-userauth on SSHServerTransport,0,10.1.15.5] foo trying auth password | |
2011-11-30 09:13:36-0700 [SSHService ssh-userauth on SSHServerTransport,0,10.1.15.5] foo authenticated with password | |
2011-11-30 09:13:36-0700 [SSHService ssh-userauth on SSHServerTransport,0,10.1.15.5] starting service ssh-connection | |
2011-11-30 09:13:36-0700 [SSHService ssh-connection on SSHServerTransport,0,10.1.15.5] got channel session request | |
2011-11-30 09:13:36-0700 [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,10.1.15.5] channel open | |
2011-11-30 09:13:36-0700 [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,10.1.15.5] asking for subsystem "sftp" | |
2011-11-30 09:13:36-0700 [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,10.1.15.5] {'sftp': <class __main__.MyFileTransferServer at 0x12bcfc0>} | |
2011-11-30 09:13:36-0700 [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,10.1.15.5] packet INIT | |
2011-11-30 09:13:36-0700 [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,10.1.15.5] gotVersion 3 {} | |
2011-11-30 09:13:36-0700 [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,10.1.15.5] packet REALPATH | |
2011-11-30 09:13:36-0700 [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,10.1.15.5] realPath . | |
2011-11-30 09:13:36-0700 [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,10.1.15.5] packet STAT | |
2011-11-30 09:13:36-0700 [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,10.1.15.5] getAttrs /somefile 1 | |
2011-11-30 09:13:36-0700 [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,10.1.15.5] packet LSTAT | |
2011-11-30 09:13:36-0700 [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,10.1.15.5] getAttrs /somefile 0 | |
2011-11-30 09:13:36-0700 [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,10.1.15.5] packet STAT | |
2011-11-30 09:13:36-0700 [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,10.1.15.5] getAttrs /somefile 1 | |
2011-11-30 09:13:36-0700 [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,10.1.15.5] sending close 0 | |
2011-11-30 09:13:36-0700 [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,10.1.15.5] remote close | |
2011-11-30 09:13:36-0700 [SSHServerTransport,0,10.1.15.5] connection lost |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# ckeygen -t rsa -f id_rsa | |
# | |
# ssh-passwords | |
# bob:password | |
# foo:foo | |
from zope.interface import implements | |
from twisted.python import components | |
from twisted.internet.protocol import Protocol | |
from twisted.python import log | |
from twisted.cred.portal import Portal | |
from twisted.cred.checkers import FilePasswordDB | |
from twisted.conch.ssh.factory import SSHFactory | |
from twisted.internet import reactor | |
from twisted.conch.ssh.keys import Key | |
from twisted.conch.interfaces import IConchUser | |
from twisted.conch.avatar import ConchUser | |
from twisted.conch.unix import UnixConchUser | |
from twisted.conch.ssh import filetransfer | |
from twisted.conch.ssh.session import ( | |
SSHSession, SSHSessionProcessProtocol, wrapProtocol) | |
class EchoProtocol(Protocol): | |
def connectionMade(self): | |
self.transport.write("Echo protocol connected\r\n") | |
def dataReceived(self, bytes): | |
self.transport.write("echo: " + repr(bytes) + "\r\n") | |
def connectionLost(self, reason): | |
print 'Connection lost', reason | |
def eofReceived(self): | |
print 'eofReceived' | |
def closed(self): | |
print 'closed' | |
def closedReceived(self): | |
print 'closeReceived' | |
class SCPProtocol(Protocol): | |
def connectionMade(self): | |
print 'connection made' | |
self.transport.write('some data') | |
self.transport.loseConnection() | |
def dataReceived(self, bytes): | |
print 'dataReceived: %r' % bytes | |
def connectionLost(self, reason): | |
print 'connectionLost', reason | |
def nothing(): | |
pass | |
class SimpleSession(SSHSession): | |
name = 'session' | |
def request_pty_req(self, data): | |
return True | |
def request_shell(self, data): | |
protocol = EchoProtocol() | |
transport = SSHSessionProcessProtocol(self) | |
protocol.makeConnection(transport) | |
transport.makeConnection(wrapProtocol(protocol)) | |
self.client = transport | |
return True | |
def request_exec(self, data): | |
print 'request_exec', data | |
protocol = SCPProtocol() | |
transport = SSHSessionProcessProtocol(self) | |
protocol.makeConnection(transport) | |
transport.makeConnection(wrapProtocol(protocol)) | |
self.client = transport | |
return True | |
class MySFTPAdapter: | |
implements(filetransfer.ISFTPServer) | |
def __init__(self, avatar): | |
self.avatar = avatar | |
def gotVersion(self, otherVersion, extData): | |
""" | |
Called when the client sends their version info. | |
otherVersion is an integer representing the version of the SFTP | |
protocol they are claiming. | |
extData is a dictionary of extended_name : extended_data items. | |
These items are sent by the client to indicate additional features. | |
This method should return a dictionary of extended_name : extended_data | |
items. These items are the additional features (if any) supported | |
by the server. | |
""" | |
print 'gotVersion', otherVersion, extData | |
return {} | |
def openFile(self, filename, flags, attrs): | |
""" | |
Called when the clients asks to open a file. | |
@param filename: a string representing the file to open. | |
@param flags: an integer of the flags to open the file with, ORed together. | |
The flags and their values are listed at the bottom of this file. | |
@param attrs: a list of attributes to open the file with. It is a | |
dictionary, consisting of 0 or more keys. The possible keys are:: | |
size: the size of the file in bytes | |
uid: the user ID of the file as an integer | |
gid: the group ID of the file as an integer | |
permissions: the permissions of the file with as an integer. | |
the bit representation of this field is defined by POSIX. | |
atime: the access time of the file as seconds since the epoch. | |
mtime: the modification time of the file as seconds since the epoch. | |
ext_*: extended attributes. The server is not required to | |
understand this, but it may. | |
NOTE: there is no way to indicate text or binary files. it is up | |
to the SFTP client to deal with this. | |
This method returns an object that meets the ISFTPFile interface. | |
Alternatively, it can return a L{Deferred} that will be called back | |
with the object. | |
""" | |
print 'openFile', filename, flags, attrs | |
def removeFile(self, filename): | |
""" | |
Remove the given file. | |
This method returns when the remove succeeds, or a Deferred that is | |
called back when it succeeds. | |
@param filename: the name of the file as a string. | |
""" | |
print 'removeFile', filename | |
def renameFile(self, oldpath, newpath): | |
""" | |
Rename the given file. | |
This method returns when the rename succeeds, or a L{Deferred} that is | |
called back when it succeeds. If the rename fails, C{renameFile} will | |
raise an implementation-dependent exception. | |
@param oldpath: the current location of the file. | |
@param newpath: the new file name. | |
""" | |
print 'renameFile', oldpath, newpath | |
def makeDirectory(self, path, attrs): | |
""" | |
Make a directory. | |
This method returns when the directory is created, or a Deferred that | |
is called back when it is created. | |
@param path: the name of the directory to create as a string. | |
@param attrs: a dictionary of attributes to create the directory with. | |
Its meaning is the same as the attrs in the L{openFile} method. | |
""" | |
print 'makeDirectory', path, attrs | |
def removeDirectory(self, path): | |
""" | |
Remove a directory (non-recursively) | |
It is an error to remove a directory that has files or directories in | |
it. | |
This method returns when the directory is removed, or a Deferred that | |
is called back when it is removed. | |
@param path: the directory to remove. | |
""" | |
print 'removeDirectory', path | |
def openDirectory(self, path): | |
""" | |
Open a directory for scanning. | |
This method returns an iterable object that has a close() method, | |
or a Deferred that is called back with same. | |
The close() method is called when the client is finished reading | |
from the directory. At this point, the iterable will no longer | |
be used. | |
The iterable should return triples of the form (filename, | |
longname, attrs) or Deferreds that return the same. The | |
sequence must support __getitem__, but otherwise may be any | |
'sequence-like' object. | |
filename is the name of the file relative to the directory. | |
logname is an expanded format of the filename. The recommended format | |
is: | |
-rwxr-xr-x 1 mjos staff 348911 Mar 25 14:29 t-filexfer | |
1234567890 123 12345678 12345678 12345678 123456789012 | |
The first line is sample output, the second is the length of the field. | |
The fields are: permissions, link count, user owner, group owner, | |
size in bytes, modification time. | |
attrs is a dictionary in the format of the attrs argument to openFile. | |
@param path: the directory to open. | |
""" | |
print 'openDirectory', path | |
def getAttrs(self, path, followLinks): | |
""" | |
Return the attributes for the given path. | |
This method returns a dictionary in the same format as the attrs | |
argument to openFile or a Deferred that is called back with same. | |
@param path: the path to return attributes for as a string. | |
@param followLinks: a boolean. If it is True, follow symbolic links | |
and return attributes for the real path at the base. If it is False, | |
return attributes for the specified path. | |
""" | |
print 'getAttrs', path, followLinks | |
return { | |
'size': 10, | |
'uid': 1000, | |
'gid': 2000, | |
'permissions': 0777, | |
'atime': 10, | |
'mtime': 10, | |
} | |
def setAttrs(self, path, attrs): | |
""" | |
Set the attributes for the path. | |
This method returns when the attributes are set or a Deferred that is | |
called back when they are. | |
@param path: the path to set attributes for as a string. | |
@param attrs: a dictionary in the same format as the attrs argument to | |
L{openFile}. | |
""" | |
print 'setAttrs', path, attrs | |
def readLink(self, path): | |
""" | |
Find the root of a set of symbolic links. | |
This method returns the target of the link, or a Deferred that | |
returns the same. | |
@param path: the path of the symlink to read. | |
""" | |
print 'readLink', path | |
def makeLink(self, linkPath, targetPath): | |
""" | |
Create a symbolic link. | |
This method returns when the link is made, or a Deferred that | |
returns the same. | |
@param linkPath: the pathname of the symlink as a string. | |
@param targetPath: the path of the target of the link as a string. | |
""" | |
print 'makeLink', linkPath, targetPath | |
def realPath(self, path): | |
""" | |
Convert any path to an absolute path. | |
This method returns the absolute path as a string, or a Deferred | |
that returns the same. | |
@param path: the path to convert as a string. | |
""" | |
print 'realPath', path | |
return path | |
def extendedRequest(self, extendedName, extendedData): | |
""" | |
This is the extension mechanism for SFTP. The other side can send us | |
arbitrary requests. | |
If we don't implement the request given by extendedName, raise | |
NotImplementedError. | |
The return value is a string, or a Deferred that will be called | |
back with a string. | |
@param extendedName: the name of the request as a string. | |
@param extendedData: the data the other side sent with the request, | |
as a string. | |
""" | |
print 'extendedRequest', extendedName, extendedDate | |
import struct | |
class MyFileTransferServer(filetransfer.FileTransferServer): | |
def dataReceived(self, data): | |
self.buf += data | |
while len(self.buf) > 5: | |
length, kind = struct.unpack('!LB', self.buf[:5]) | |
if len(self.buf) < 4 + length: | |
return | |
data, self.buf = self.buf[5:4+length], self.buf[4+length:] | |
packetType = self.packetTypes.get(kind, None) | |
if not packetType: | |
log.msg('no packet type for', kind) | |
continue | |
f = getattr(self, 'packet_%s' % packetType, None) | |
log.msg(' packet %s' % packetType) | |
if not f: | |
log.msg('not implemented: %s' % packetType) | |
log.msg(repr(data[4:])) | |
reqId, = struct.unpack('!L', data[:4]) | |
self._sendStatus(reqId, FX_OP_UNSUPPORTED, | |
"don't understand %s" % packetType) | |
#XXX not implemented | |
continue | |
try: | |
f(data) | |
except: | |
log.err() | |
continue | |
reqId ,= struct.unpack('!L', data[:4]) | |
self._ebStatus(failure.Failure(e), reqId) | |
class SimpleRealm(object): | |
def requestAvatar(self, avatarId, mind, *interfaces): | |
user = ConchUser() | |
user.channelLookup['session'] = SimpleSession | |
user.subsystemLookup.update( | |
{'sftp': MyFileTransferServer}) | |
return IConchUser, user, nothing | |
components.registerAdapter(MySFTPAdapter, ConchUser, filetransfer.ISFTPServer) | |
if __name__ == '__main__': | |
import sys | |
log.startLogging(sys.stdout) | |
with open('id_rsa') as privateBlobFile: | |
privateBlob = privateBlobFile.read() | |
privateKey = Key.fromString(data=privateBlob) | |
with open('id_rsa.pub') as publicBlobFile: | |
publicBlob = publicBlobFile.read() | |
publicKey = Key.fromString(data=publicBlob) | |
factory = SSHFactory() | |
factory.privateKeys = {'ssh-rsa': privateKey} | |
factory.publicKeys = {'ssh-rsa': publicKey} | |
factory.portal = Portal(SimpleRealm()) | |
factory.portal.registerChecker(FilePasswordDB("ssh-passwords")) | |
reactor.listenTCP(8022, factory) | |
reactor.run() | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment