Class: SSH_Utils

Inherits:

Object

• Object
• SSH_Utils

Defined in:

lib/audit/lib/ssh_utils.rb

Overview

require ssh-keygen command line program

Instance Method Summary

• #convert_to_ssh(openssh_key) ⇒ Object

  Get the SSH key in standard SSH format from the OpenSSH format.

• #enable_root_login(host, username, ssh_options, public_key) ⇒ Object
• #find_root_method(host, username, ssh_options) ⇒ Object
• #get_public_key(private_key, key_name = "") ⇒ Object
• #get_root_prefix(host, username, ssh_options) ⇒ Object
• #guess_username(host, ssh_options, possible_usernames, timeout = 5) ⇒ Object
• #initialize(options) ⇒ SSH_Utils constructor

  A new instance of SSH_Utils.

• #parse_nmap_ssh_keydata(keydata) ⇒ Object
• #start_tunnel(host, private_key_file, local_tun_num = 0, remote_tun_num = 0, local_ip = "172.16.0.1", remote_ip = "172.16.0.2", ssh_options = {}) ⇒ Object
• #stop_tunnel(tunnel_hash) ⇒ Object
• #wait_for_server(host, port = 22, interval = 20, max_retries = 5) ⇒ Object

  Wait for a server to be online.

Constructor Details

#initialize(options) ⇒ SSH_Utils

Returns a new instance of SSH_Utils.

# File 'lib/audit/lib/ssh_utils.rb', line 9

def initialize(options)
  if options[:logger] then
    @logger = options[:logger]
  else
    @logger = Logger.new(STDOUT)
  end
end

Instance Method Details

#convert_to_ssh(openssh_key) ⇒ Object

Get the SSH key in standard SSH format from the OpenSSH format

Parameters:

• openssh_key —

  Key in OpenSSH format as string

Returns:

• Key in SSH (RFC) format as string

# File 'lib/audit/lib/ssh_utils.rb', line 132

def convert_to_ssh(openssh_key)
  tempfile = Tempfile.new('convert_')
  tempfile << openssh_key; tempfile.flush()
  
  ssh_key = `ssh-keygen -e -f #{tempfile.path()}`
  tempfile.close!()
  
  return ssh_key
end

#enable_root_login(host, username, ssh_options, public_key) ⇒ Object

# File 'lib/audit/lib/ssh_utils.rb', line 152

def enable_root_login(host, username, ssh_options, public_key)
  ssh_options = {:paranoid => false}.merge(ssh_options)
  root_prefix = get_root_prefix(host, username, ssh_options)
  return if root_prefix.nil?()
  
  Net::SSH.start(host, username, ssh_options) do|conn|
    conn.exec!(root_prefix + "sh -c 'grep -v PermitRootLogin /etc/ssh/sshd_config > /tmp/sshd_config; echo \"PermitRootLogin without-password\" >> /tmp/sshd_config; mv /tmp/sshd_config /etc/ssh/sshd_config'")
    conn.exec!(root_prefix + "kill -SIGHUP $( ps -A -o pid -o cmd | grep /usr/sbin/sshd | grep -v grep | awk '{print $1}')")
  end
  
  Net::SSH.start(host, username, ssh_options) do|conn|
    conn.exec!(root_prefix + "sh -c 'echo \"#{public_key}\" > ${HOME}/.ssh/authorized_keys'") 
  end
end

#find_root_method(host, username, ssh_options) ⇒ Object

# File 'lib/audit/lib/ssh_utils.rb', line 95

def find_root_method(host, username, ssh_options)
  ssh_options = {:paranoid => false}.merge(ssh_options)
  Net::SSH.start(host, username, ssh_options) do|conn|
    output = conn.exec!("id --user 2>/dev/null")
    return :ALREADY_ROOT if output.strip() == "0"
    
    output = conn.exec!("sudo -n id --user 2>/dev/null")
    return :SUDO if output && output.strip() == "0"
  end
  
  return :NONE
end

#get_public_key(private_key, key_name = "") ⇒ Object

# File 'lib/audit/lib/ssh_utils.rb', line 125

def get_public_key(private_key, key_name = "")
  return (`ssh-keygen -y -f #{private_key}`.strip() + " " + key_name).strip()
end

#get_root_prefix(host, username, ssh_options) ⇒ Object

# File 'lib/audit/lib/ssh_utils.rb', line 109

def get_root_prefix(host, username, ssh_options)
  root_method = find_root_method(host, username, ssh_options)
  
  case root_method
  when :NONE then return nil
  when :SUDO then return "sudo -H -n "
  when :ALREADY_ROOT then return ""
  else return nil
  end
end

#guess_username(host, ssh_options, possible_usernames, timeout = 5) ⇒ Object

# File 'lib/audit/lib/ssh_utils.rb', line 28

def guess_username(host, ssh_options, possible_usernames, timeout = 5)
  ssh_options = {:paranoid => false}.merge(ssh_options)
  possible_usernames.each do|username|
    begin
      timeout(timeout) do
        Net::SSH.start(host, username, ssh_options) do|conn|
          output = conn.exec!("id --user --name")
          if output.strip() == username then
            @logger.info {"Found user name '#{username}'\n"}
            return username
          else
            @logger.debug {"User name '#{username}' logs in but does not execute commands\n"} 
          end
        end
      end
    rescue Net::SSH::AuthenticationFailed => ex
      @logger.debug {"Authentication with user name '#{username}' failed\n"}
    rescue Timeout::Error => err
      @logger.debug {"Authentication with user name '#{username}' timed out\n"}
    end
  end
  
  return nil
end

#parse_nmap_ssh_keydata(keydata) ⇒ Object

# File 'lib/audit/lib/ssh_utils.rb', line 255

def parse_nmap_ssh_keydata(keydata)
  line_type = :fingerprint_line
  current_key = nil
  keys = []
  keydata.each_line do|line|
    if line_type == :fingerprint_line then
      match = /^([0-9]+) ([0-9a-f:]+) (\([A-Z0-9]+\))$/.match(line)
      if match && !current_key.nil?() then
        #something is desynchronized, skip the key
        puts "Unexpected input at ssh host key data: '#{keydata}'"
        break
      elsif match && current_key.nil?() then
        current_key = { :length => match[1], :fingerprint => match[2], :type => match[3] }
      else
        puts "Unexpected line at ssh host key data, expected fingerprint data: '#{keydata}'"
        break
      end
      line_type = :key_line
    else
      match = /^([a-z0-9_-]+) ([A-Za-z0-9+\/=]+)$/.match(line)
      if match && current_key.nil?() then
        puts "Unexpected line at ssh host key data, expected key data: '#{keydata}'"
        break
      elsif match && !current_key.nil?() then
        current_key[:ssh_type] = match[1]
        current_key[:key] = match[2]
        keys << current_key
        current_key = nil
      else
        puts "Unexpected input at ssh host key data, expected key data: '#{keydata}'"
        break
      end
      line_type = :fingerprint_line
    end
  end
  return keys
end

#start_tunnel(host, private_key_file, local_tun_num = 0, remote_tun_num = 0, local_ip = "172.16.0.1", remote_ip = "172.16.0.2", ssh_options = {}) ⇒ Object

# File 'lib/audit/lib/ssh_utils.rb', line 183

def start_tunnel(host, private_key_file, local_tun_num = 0, remote_tun_num = 0, local_ip = "172.16.0.1", remote_ip = "172.16.0.2", ssh_options = {})
  username = 'root' # tunneling only works with root user, so assume root here
  result = false
  ssh_tunnel_process = "bla" # just any value to initialize the variable and assign the scope
  
  # change ssh server configuration to permit tunneling
  Net::SSH.start(host, username, {:keys => [private_key_file], :paranoid => false}.merge(ssh_options)) do|conn|
    conn.exec!("grep -v PermitTunnel /etc/ssh/sshd_config > /tmp/sshd_config; echo \"PermitTunnel yes\" >> /tmp/sshd_config; mv /tmp/sshd_config /etc/ssh/sshd_config")
    conn.exec!("kill -SIGHUP $( ps -A -o pid -o cmd | grep /usr/sbin/sshd | grep -v grep | awk '{print $1}')")
  end
  
  @logger.debug {"Modified SSH server configuration for tunneling"}
  
  # open the tunnel and configure
  Net::SSH.start(host, username, {:keys => [private_key_file], :paranoid => false}.merge(ssh_options)) do|conn|
    
    ssh_tunnel_cmd = "ssh -NT -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o BatchMode=yes -o ConnectTimeout=30 -w #{local_tun_num}:#{remote_tun_num} -i #{private_key_file} #{username}@#{host}"
    @logger.debug {"LOCAL: Starting tunneling SSH process: '#{ssh_tunnel_cmd}'"}
    ssh_tunnel_process = IO.popen(ssh_tunnel_cmd)
    # configure tunneling interfaces
    sleep(3) #some delay because otherwise tun devices are not configured correctly
    remote_tun_conf_cmd = "ifconfig tun#{remote_tun_num} #{local_ip} #{remote_ip} netmask 255.255.255.0 2>/dev/null 1>/dev/null"
    @logger.debug {"REMOTE: configuring tun interface: '#{remote_tun_conf_cmd}'"}
    conn.exec!(remote_tun_conf_cmd)
    
    local_tun_conf_cmd = "ifconfig tun#{local_tun_num} #{remote_ip} #{local_ip} netmask 255.255.255.0 2>/dev/null 1>/dev/null"
    @logger.debug {"LOCAL: configuring tun interface: '#{local_tun_conf_cmd}'"}
    system(local_tun_conf_cmd)
    # check that the connection works
    ping_cmd = "ping -c1 #{remote_ip} 2>/dev/null 1>/dev/null"
    @logger.debug {"LOCAL: pinging remote interface: '#{ping_cmd}'"}
    result = system(ping_cmd)
  end
  
  return {:success => result, 
          :tunnel_server_pid => ssh_tunnel_process.pid(), 
          :remote_ip => remote_ip, 
          :local_ip => local_ip, 
          :remote_tun_interface => "tun#{remote_tun_num}",
          :local_tun_interface => "tun#{local_tun_num}"}
end

#stop_tunnel(tunnel_hash) ⇒ Object

# File 'lib/audit/lib/ssh_utils.rb', line 230

def stop_tunnel(tunnel_hash)
  # first try to end gently
  begin
    Process::kill('TERM', tunnel_hash[:tunnel_server_pid])
  rescue => err
  end
  #check if it really ended
  begin
    Process::kill('TERM', tunnel_hash[:tunnel_server_pid])
  rescue Errno::ESRCH => err
    return
  rescue => err
  end
  
  #if not, wait a second and then try the hard way
  sleep(1)
  begin
    Process::kill('KILL', tunnel_hash[:tunnel_server_pid])
  rescue Errno::ESRCH => err
    return
  rescue => err
  end
end

#wait_for_server(host, port = 22, interval = 20, max_retries = 5) ⇒ Object

Wait for a server to be online.

Parameters:

• host —

  The host name to poll for a service.

• port (defaults to: 22) —

  The service port to poll.

• interval (defaults to: 20) —

  The wait time between two connection tries in seconds

• max_retries (defaults to: 5) —

  The maximum number of connection retries

Returns:

• :OK if server is reachable, :CONNECTION_REFUSED if the maximum number of retries was reached and the connection was refused, or :TIMED_OUT if either the overall timeout was reached or the maximum number of retries was reached and the connection timed out. May also return :UNKNOWN_ERROR on unknown error.

# File 'lib/audit/lib/ssh_utils.rb', line 61

def wait_for_server(host, port = 22, interval = 20, max_retries = 5)
  for tries in 0 ... max_retries
    begin
      sock = TCPSocket.new(host, port)
      return :OK
    rescue Errno::ECONNREFUSED => ex
      return :CONNECTION_REFUSED if tries >= max_retries - 1
      @logger.debug {"Connection timed out, apparently server has not finished booting yet ... waiting #{interval}s\n"}
      sleep interval
    rescue Errno::ETIMEDOUT => ex
      return :TIMED_OUT if tries >= max_retries - 1
      @logger.debug {"Connection timed out, apparently server has not finished booting yet ... waiting #{interval}s\n"}
      sleep interval
    rescue Errno::EHOSTUNREACH => err
      return :TIMED_OUT if tries >= max_retries - 1
      @logger.debug {"No route to host, routes have not yet been set up ... waiting #{interval}s\n"}
      sleep interval
    end
  end
  
  return :UNKNOWN_ERROR
end