Skip to content

Instantly share code, notes, and snippets.

@iffy
Created November 30, 2011 16:14
Show Gist options
  • Save iffy/1409648 to your computer and use it in GitHub Desktop.
Save iffy/1409648 to your computer and use it in GitHub Desktop.
sftp
[matt] ~ $ sftp -oPort=8022 [email protected]:/somefile /tmp/somefile
Connecting to 10.1.15.5...
[email protected]'s password:
Fetching /somefile to /tmp/somefile
Cannot download non-regular file: /somefile
$ python fakessh.py
2011-11-30 09:12:11-0700 [-] Log opened.
2011-11-30 09:12:11-0700 [-] twisted.conch.ssh.factory.SSHFactory starting on 8022
2011-11-30 09:12:11-0700 [-] Starting factory <twisted.conch.ssh.factory.SSHFactory instance at 0x12c0a08>
2011-11-30 09:13:34-0700 [twisted.conch.ssh.factory.SSHFactory] disabling diffie-hellman-group-exchange because we cannot find moduli file
2011-11-30 09:13:34-0700 [SSHServerTransport,0,10.1.15.5] kex alg, key alg: diffie-hellman-group1-sha1 ssh-rsa
2011-11-30 09:13:34-0700 [SSHServerTransport,0,10.1.15.5] outgoing: aes128-ctr hmac-md5 none
2011-11-30 09:13:34-0700 [SSHServerTransport,0,10.1.15.5] incoming: aes128-ctr hmac-md5 none
2011-11-30 09:13:34-0700 [SSHServerTransport,0,10.1.15.5] NEW KEYS
2011-11-30 09:13:34-0700 [SSHServerTransport,0,10.1.15.5] starting service ssh-userauth
2011-11-30 09:13:34-0700 [SSHService ssh-userauth on SSHServerTransport,0,10.1.15.5] foo trying auth none
2011-11-30 09:13:36-0700 [SSHService ssh-userauth on SSHServerTransport,0,10.1.15.5] foo trying auth password
2011-11-30 09:13:36-0700 [SSHService ssh-userauth on SSHServerTransport,0,10.1.15.5] foo authenticated with password
2011-11-30 09:13:36-0700 [SSHService ssh-userauth on SSHServerTransport,0,10.1.15.5] starting service ssh-connection
2011-11-30 09:13:36-0700 [SSHService ssh-connection on SSHServerTransport,0,10.1.15.5] got channel session request
2011-11-30 09:13:36-0700 [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,10.1.15.5] channel open
2011-11-30 09:13:36-0700 [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,10.1.15.5] asking for subsystem "sftp"
2011-11-30 09:13:36-0700 [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,10.1.15.5] {'sftp': <class __main__.MyFileTransferServer at 0x12bcfc0>}
2011-11-30 09:13:36-0700 [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,10.1.15.5] packet INIT
2011-11-30 09:13:36-0700 [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,10.1.15.5] gotVersion 3 {}
2011-11-30 09:13:36-0700 [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,10.1.15.5] packet REALPATH
2011-11-30 09:13:36-0700 [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,10.1.15.5] realPath .
2011-11-30 09:13:36-0700 [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,10.1.15.5] packet STAT
2011-11-30 09:13:36-0700 [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,10.1.15.5] getAttrs /somefile 1
2011-11-30 09:13:36-0700 [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,10.1.15.5] packet LSTAT
2011-11-30 09:13:36-0700 [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,10.1.15.5] getAttrs /somefile 0
2011-11-30 09:13:36-0700 [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,10.1.15.5] packet STAT
2011-11-30 09:13:36-0700 [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,10.1.15.5] getAttrs /somefile 1
2011-11-30 09:13:36-0700 [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,10.1.15.5] sending close 0
2011-11-30 09:13:36-0700 [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,10.1.15.5] remote close
2011-11-30 09:13:36-0700 [SSHServerTransport,0,10.1.15.5] connection lost
# ckeygen -t rsa -f id_rsa
#
# ssh-passwords
# bob:password
# foo:foo
from zope.interface import implements
from twisted.python import components
from twisted.internet.protocol import Protocol
from twisted.python import log
from twisted.cred.portal import Portal
from twisted.cred.checkers import FilePasswordDB
from twisted.conch.ssh.factory import SSHFactory
from twisted.internet import reactor
from twisted.conch.ssh.keys import Key
from twisted.conch.interfaces import IConchUser
from twisted.conch.avatar import ConchUser
from twisted.conch.unix import UnixConchUser
from twisted.conch.ssh import filetransfer
from twisted.conch.ssh.session import (
SSHSession, SSHSessionProcessProtocol, wrapProtocol)
class EchoProtocol(Protocol):
def connectionMade(self):
self.transport.write("Echo protocol connected\r\n")
def dataReceived(self, bytes):
self.transport.write("echo: " + repr(bytes) + "\r\n")
def connectionLost(self, reason):
print 'Connection lost', reason
def eofReceived(self):
print 'eofReceived'
def closed(self):
print 'closed'
def closedReceived(self):
print 'closeReceived'
class SCPProtocol(Protocol):
def connectionMade(self):
print 'connection made'
self.transport.write('some data')
self.transport.loseConnection()
def dataReceived(self, bytes):
print 'dataReceived: %r' % bytes
def connectionLost(self, reason):
print 'connectionLost', reason
def nothing():
pass
class SimpleSession(SSHSession):
name = 'session'
def request_pty_req(self, data):
return True
def request_shell(self, data):
protocol = EchoProtocol()
transport = SSHSessionProcessProtocol(self)
protocol.makeConnection(transport)
transport.makeConnection(wrapProtocol(protocol))
self.client = transport
return True
def request_exec(self, data):
print 'request_exec', data
protocol = SCPProtocol()
transport = SSHSessionProcessProtocol(self)
protocol.makeConnection(transport)
transport.makeConnection(wrapProtocol(protocol))
self.client = transport
return True
class MySFTPAdapter:
implements(filetransfer.ISFTPServer)
def __init__(self, avatar):
self.avatar = avatar
def gotVersion(self, otherVersion, extData):
"""
Called when the client sends their version info.
otherVersion is an integer representing the version of the SFTP
protocol they are claiming.
extData is a dictionary of extended_name : extended_data items.
These items are sent by the client to indicate additional features.
This method should return a dictionary of extended_name : extended_data
items. These items are the additional features (if any) supported
by the server.
"""
print 'gotVersion', otherVersion, extData
return {}
def openFile(self, filename, flags, attrs):
"""
Called when the clients asks to open a file.
@param filename: a string representing the file to open.
@param flags: an integer of the flags to open the file with, ORed together.
The flags and their values are listed at the bottom of this file.
@param attrs: a list of attributes to open the file with. It is a
dictionary, consisting of 0 or more keys. The possible keys are::
size: the size of the file in bytes
uid: the user ID of the file as an integer
gid: the group ID of the file as an integer
permissions: the permissions of the file with as an integer.
the bit representation of this field is defined by POSIX.
atime: the access time of the file as seconds since the epoch.
mtime: the modification time of the file as seconds since the epoch.
ext_*: extended attributes. The server is not required to
understand this, but it may.
NOTE: there is no way to indicate text or binary files. it is up
to the SFTP client to deal with this.
This method returns an object that meets the ISFTPFile interface.
Alternatively, it can return a L{Deferred} that will be called back
with the object.
"""
print 'openFile', filename, flags, attrs
def removeFile(self, filename):
"""
Remove the given file.
This method returns when the remove succeeds, or a Deferred that is
called back when it succeeds.
@param filename: the name of the file as a string.
"""
print 'removeFile', filename
def renameFile(self, oldpath, newpath):
"""
Rename the given file.
This method returns when the rename succeeds, or a L{Deferred} that is
called back when it succeeds. If the rename fails, C{renameFile} will
raise an implementation-dependent exception.
@param oldpath: the current location of the file.
@param newpath: the new file name.
"""
print 'renameFile', oldpath, newpath
def makeDirectory(self, path, attrs):
"""
Make a directory.
This method returns when the directory is created, or a Deferred that
is called back when it is created.
@param path: the name of the directory to create as a string.
@param attrs: a dictionary of attributes to create the directory with.
Its meaning is the same as the attrs in the L{openFile} method.
"""
print 'makeDirectory', path, attrs
def removeDirectory(self, path):
"""
Remove a directory (non-recursively)
It is an error to remove a directory that has files or directories in
it.
This method returns when the directory is removed, or a Deferred that
is called back when it is removed.
@param path: the directory to remove.
"""
print 'removeDirectory', path
def openDirectory(self, path):
"""
Open a directory for scanning.
This method returns an iterable object that has a close() method,
or a Deferred that is called back with same.
The close() method is called when the client is finished reading
from the directory. At this point, the iterable will no longer
be used.
The iterable should return triples of the form (filename,
longname, attrs) or Deferreds that return the same. The
sequence must support __getitem__, but otherwise may be any
'sequence-like' object.
filename is the name of the file relative to the directory.
logname is an expanded format of the filename. The recommended format
is:
-rwxr-xr-x 1 mjos staff 348911 Mar 25 14:29 t-filexfer
1234567890 123 12345678 12345678 12345678 123456789012
The first line is sample output, the second is the length of the field.
The fields are: permissions, link count, user owner, group owner,
size in bytes, modification time.
attrs is a dictionary in the format of the attrs argument to openFile.
@param path: the directory to open.
"""
print 'openDirectory', path
def getAttrs(self, path, followLinks):
"""
Return the attributes for the given path.
This method returns a dictionary in the same format as the attrs
argument to openFile or a Deferred that is called back with same.
@param path: the path to return attributes for as a string.
@param followLinks: a boolean. If it is True, follow symbolic links
and return attributes for the real path at the base. If it is False,
return attributes for the specified path.
"""
print 'getAttrs', path, followLinks
return {
'size': 10,
'uid': 1000,
'gid': 2000,
'permissions': 0777,
'atime': 10,
'mtime': 10,
}
def setAttrs(self, path, attrs):
"""
Set the attributes for the path.
This method returns when the attributes are set or a Deferred that is
called back when they are.
@param path: the path to set attributes for as a string.
@param attrs: a dictionary in the same format as the attrs argument to
L{openFile}.
"""
print 'setAttrs', path, attrs
def readLink(self, path):
"""
Find the root of a set of symbolic links.
This method returns the target of the link, or a Deferred that
returns the same.
@param path: the path of the symlink to read.
"""
print 'readLink', path
def makeLink(self, linkPath, targetPath):
"""
Create a symbolic link.
This method returns when the link is made, or a Deferred that
returns the same.
@param linkPath: the pathname of the symlink as a string.
@param targetPath: the path of the target of the link as a string.
"""
print 'makeLink', linkPath, targetPath
def realPath(self, path):
"""
Convert any path to an absolute path.
This method returns the absolute path as a string, or a Deferred
that returns the same.
@param path: the path to convert as a string.
"""
print 'realPath', path
return path
def extendedRequest(self, extendedName, extendedData):
"""
This is the extension mechanism for SFTP. The other side can send us
arbitrary requests.
If we don't implement the request given by extendedName, raise
NotImplementedError.
The return value is a string, or a Deferred that will be called
back with a string.
@param extendedName: the name of the request as a string.
@param extendedData: the data the other side sent with the request,
as a string.
"""
print 'extendedRequest', extendedName, extendedDate
import struct
class MyFileTransferServer(filetransfer.FileTransferServer):
def dataReceived(self, data):
self.buf += data
while len(self.buf) > 5:
length, kind = struct.unpack('!LB', self.buf[:5])
if len(self.buf) < 4 + length:
return
data, self.buf = self.buf[5:4+length], self.buf[4+length:]
packetType = self.packetTypes.get(kind, None)
if not packetType:
log.msg('no packet type for', kind)
continue
f = getattr(self, 'packet_%s' % packetType, None)
log.msg(' packet %s' % packetType)
if not f:
log.msg('not implemented: %s' % packetType)
log.msg(repr(data[4:]))
reqId, = struct.unpack('!L', data[:4])
self._sendStatus(reqId, FX_OP_UNSUPPORTED,
"don't understand %s" % packetType)
#XXX not implemented
continue
try:
f(data)
except:
log.err()
continue
reqId ,= struct.unpack('!L', data[:4])
self._ebStatus(failure.Failure(e), reqId)
class SimpleRealm(object):
def requestAvatar(self, avatarId, mind, *interfaces):
user = ConchUser()
user.channelLookup['session'] = SimpleSession
user.subsystemLookup.update(
{'sftp': MyFileTransferServer})
return IConchUser, user, nothing
components.registerAdapter(MySFTPAdapter, ConchUser, filetransfer.ISFTPServer)
if __name__ == '__main__':
import sys
log.startLogging(sys.stdout)
with open('id_rsa') as privateBlobFile:
privateBlob = privateBlobFile.read()
privateKey = Key.fromString(data=privateBlob)
with open('id_rsa.pub') as publicBlobFile:
publicBlob = publicBlobFile.read()
publicKey = Key.fromString(data=publicBlob)
factory = SSHFactory()
factory.privateKeys = {'ssh-rsa': privateKey}
factory.publicKeys = {'ssh-rsa': publicKey}
factory.portal = Portal(SimpleRealm())
factory.portal.registerChecker(FilePasswordDB("ssh-passwords"))
reactor.listenTCP(8022, factory)
reactor.run()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment