From bd557ade1263a835519ef9c490c1e8410cef87b9 Mon Sep 17 00:00:00 2001 From: Michel Oosterhof Date: Tue, 4 Nov 2014 14:16:35 +0000 Subject: [PATCH] better logging direct-tcp, shuffle imports. --- kippo/core/ssh.py | 44 ++++++++++++++++++++++++++++++++------------ 1 file changed, 32 insertions(+), 12 deletions(-) diff --git a/kippo/core/ssh.py b/kippo/core/ssh.py index 155e9a7..233e679 100644 --- a/kippo/core/ssh.py +++ b/kippo/core/ssh.py @@ -1,6 +1,13 @@ # Copyright (c) 2009-2014 Upi Tamminen # See the COPYRIGHT file for more information +import os +import copy +import time +import uuid + +from zope.interface import implementer + import twisted from twisted.cred import portal from twisted.conch import avatar, interfaces as conchinterfaces @@ -8,13 +15,8 @@ from twisted.conch.ssh import factory, userauth, connection, keys, session, tran from twisted.conch.ssh.filetransfer import FXF_READ, FXF_WRITE, FXF_APPEND, FXF_CREAT, FXF_TRUNC, FXF_EXCL import twisted.conch.ls from twisted.python import log, components -from zope.interface import implementer - from twisted.conch.openssh_compat import primes -import os -import copy -import time import ConfigParser from kippo.core import ttylog, utils, fs @@ -26,6 +28,7 @@ import kippo.core.protocol from kippo import core from twisted.conch.ssh.common import NS, getNS + class HoneyPotSSHUserAuthServer(userauth.SSHUserAuthServer): def serviceStarted(self): userauth.SSHUserAuthServer.serviceStarted(self) @@ -138,17 +141,32 @@ class HoneyPotRealm: raise Exception, "No supported interfaces found." class HoneyPotTransport(transport.SSHServerTransport): + """ + @ivar logintime: time of login - hadVersion = False + @ivar interactors: interactors + + @ivar ttylog_open: whether log is open + + @ivar uuid: unique UUID of this transport + + @ivar _hadVersion: used so we only send key exchange after receive version info + """ + + _hadVersion = False + ttylog_open = False + interactors = [] + transportId = '' def connectionMade(self): + self.logintime = time.time() + self.transportId = uuid.uuid4().hex + log.msg( 'New connection: %s:%s (%s:%s) [session: %d]' % \ (self.transport.getPeer().host, self.transport.getPeer().port, self.transport.getHost().host, self.transport.getHost().port, self.transport.sessionno) ) - self.interactors = [] - self.logintime = time.time() - self.ttylog_open = False + transport.SSHServerTransport.connectionMade(self) def sendKexInit(self): @@ -161,9 +179,9 @@ class HoneyPotTransport(transport.SSHServerTransport): transport.SSHServerTransport.dataReceived(self, data) # later versions seem to call sendKexInit again on their own if twisted.version.major < 11 and \ - not self.hadVersion and self.gotVersion: + not self._hadVersion and self.gotVersion: self.sendKexInit() - self.hadVersion = True + self._hadVersion = True def ssh_KEXINIT(self, packet): log.msg( 'Remote SSH version: %s' % self.otherVersionString,) @@ -214,6 +232,8 @@ class HoneyPotSSHSession(session.SSHSession): def request_env(self, data): log.msg( 'request_env: %s' % (repr(data)) ) + +# FIXME: recent twisted conch avatar.py uses IConchuser here @implementer(conchinterfaces.ISession) class HoneyPotAvatar(avatar.ConchUser): @@ -496,7 +516,7 @@ components.registerAdapter( KippoSFTPServer, HoneyPotAvatar, conchinterfaces.ISF def KippoOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avatar): remoteHP, origHP = twisted.conch.ssh.forwarding.unpackOpen_direct_tcpip(data) - log.msg( "connection attempt to %s:%i" % remoteHP ) + log.msg( "direct-tcp connection attempt to %s:%i" % remoteHP ) return None # vim: set et sw=4 et: