new option [ssh] forwarding=false this will disable all ssh forwarding

2025-12-17 05:54:21 +01:00 · 2017-02-12 18:44:45 +04:00
parent 741710ac68
commit 3e87206fbe
2 changed files with 12 additions and 4 deletions
--- a/cowrie.cfg.dist
+++ b/cowrie.cfg.dist
@@ -238,6 +238,9 @@ forward_redirect_587 = 127.0.0.1:12525
 # Enable SSH support, enabled by default
 enabled = true

+# Enable SSH direct-tcpip forwarding, enabled by default
+forwarding = true
+
 # ============================================================================
 # Telnet Specific Options
 # ============================================================================
--- a/cowrie/core/avatar.py
+++ b/cowrie/core/avatar.py
@@ -7,7 +7,6 @@ This module contains ...

 from zope.interface import implementer

-import twisted
 from twisted.conch import avatar
 from twisted.conch.interfaces import IConchUser, ISession, ISFTPServer
 from twisted.conch.ssh import filetransfer as conchfiletransfer
@@ -30,9 +29,7 @@ class CowrieUser(avatar.ConchUser):
        self.server = server
        self.cfg = self.server.cfg

-        self.channelLookup.update(
-            {"session": session.HoneyPotSSHSession,
-             "direct-tcpip": forwarding.cowrieOpenConnectForwardingClient})
+        self.channelLookup['session'] = session.HoneyPotSSHSession

        try:
            pwentry = pwd.Passwd(self.cfg).getpwnam(self.username)
@@ -51,6 +48,14 @@ class CowrieUser(avatar.ConchUser):
        except ValueError as e:
            pass

+        # SSH forwarding disabled only when option is explicitly set
+        self.channelLookup['direct-tcpip'] = forwarding.cowrieOpenConnectForwardingClient
+        try:
+            if self.cfg.getboolean('ssh', 'forwarding') == False:
+                del self.channelLookup['direct-tcpip']
+        except:
+            pass
+

    def logout(self):
        """