Deporting ssh signature by tweaking paramiko source code

.gitignore

+./ssh-keys/*
\ No newline at end of file

auth.py

+import socket
+import sys
+import json
+import os
+import base64
+
+
+# ajouter le chemin vers le répertoire libs à PYTHONPATH
+libs_path = os.path.join(os.getcwd(), 'libs')
+if libs_path not in sys.path:
+    sys.path.append(libs_path)
+
+# maintenant, vous pouvez importer votre bibliothèque
+import paramiko
+
+
+def _get_key_type_and_bits_o(key):
+    print("_get_key_type_and_bits")
+    """
+    Given any key, return its type/algorithm & bits-to-sign.
+
+    Intended for input to or verification of, key signatures.
+    """
+    # Use certificate contents, if available, plain pubkey otherwise
+    if key.public_blob:
+        return key.public_blob.key_type, key.public_blob.key_blob
+    else:
+        return key.get_name(), key
+
+def _get_session_blob(key, service, username, algorithm, session_id, userauth_request):
+        print("_get_session_blob ********************************")
+        m = paramiko.Message()
+        m.add_string(session_id)
+        # problématique car comment avoir la session_id avant de s'authentifier ?
+        # print("session_id: ", self.transport.session_id)
+        m.add_byte(userauth_request)
+        # print("cMSG_USERAUTH_REQUEST", cMSG_USERAUTH_REQUEST)
+        m.add_string(username)
+        print("username: ", username)
+        m.add_string(service)
+        print("service: ", service)
+        m.add_string("publickey")
+        m.add_boolean(True)
+        _, bits = _get_key_type_and_bits_o(key)
+        m.add_string(algorithm)
+        m.add_string(bits)
+        print("*****************************")
+        return m.asbytes()
+
+# Variables pour le serveur de signature
+hostname = 'localhost'
+port = 12340
+
+# Variables pour la clé privée
+private_key_file = 'ssh-keys/test'
+password = None
+
+# Lire la clé privée au format OpenSSH
+privateKey = paramiko.RSAKey.from_private_key_file(private_key_file)
+
+# Démarrer le serveur de signatu
+signer_server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+signer_server.bind((hostname, port))
+signer_server.listen(1)
+
+while True:
+    print("En attente d'une connexion...")
+    # Attendre une connexion
+    client, address = signer_server.accept()
+    print("Connexion recue !")
+    # print("Adresse :", address)
+    # print("Client :", client)
+    # Lire le défi
+    data = client.recv(1024)
+
+    info_dict = json.loads(data.decode())
+
+    # Vous pouvez maintenant accéder aux informations dans info_dict
+    algorithm = info_dict['algorithm']
+    session_id = base64.b64decode(info_dict['session_id'])
+    userauth_request = base64.b64decode(info_dict['userauth_request'])
+    username = info_dict['username']
+
+    m = paramiko.Message()
+
+
+    print("algorithm: ", algorithm)
+    print("session_id: ", session_id)
+    print("userauth_request: ", userauth_request)
+    print("username: ", username)
+
+    m.add_byte(userauth_request)
+    m.add_string(username)
+    m.add_string("ssh-connection")
+    m.add_string("publickey")
+    m.add_boolean(True)
+    
+
+    sessionblob = _get_session_blob(privateKey, "ssh-connection", username, algorithm, session_id, userauth_request)
+
+    keyType, bits = _get_key_type_and_bits_o(privateKey)
+
+    m.add_string("rsa-sha2-512")
+    m.add_string(bits)
+
+    print("sessionblob: ", sessionblob)
+
+    sig = privateKey.sign_ssh_data(sessionblob, algorithm)
+    print("signature: ", sig)
+
+    m.add_string(sig)
+
+    # info_dict_retour = {
+    #     'signature': base64.b64encode(sig.asbytes()).decode(),
+    #     'key_type': keyType,
+    #     'algorithm': algorithm,
+    #     'bits': base64.b64encode(bits.asbytes()).decode(),
+    # }
+    # print("bits decode: ", base64.b64encode(bits).decode().encode())
+    # # print("Défi reçu :", challenge)
+
+    # if challenge != b'':
+    #     print("Défi reçu :", challenge)
+    # Signer le défi
+
+    # Envoyer la signature au client
+    # sig_bytes = sig.asbytes()
+    try:
+        # Convertir le message en bytes
+        message_bytes = m.asbytes()
+
+        # Envoyer le message
+        client.sendall(message_bytes)
+
+    finally:
+        # Fermer la connexion
+        client.close()
+        # print(json.dumps(info_dict_retour).encode())
+    # client.send(json.dumps(info_dict_retour).encode())
+
+    client.close()

client.py

+import socket
+from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.backends import default_backend
+
+import sys
+import os
+
+
+# ajouter le chemin vers le répertoire libs à PYTHONPATH
+libs_path = os.path.join(os.getcwd(), 'libs')
+if libs_path not in sys.path:
+    sys.path.append(libs_path)
+
+# maintenant, vous pouvez importer votre bibliothèque
+import paramiko
+from paramiko.auth_handler import AuthHandler
+import logging
+# 
+# logging.basicConfig(level=logging.DEBUG)
+# logging.basicConfig(level=logging.ERROR)
+
+
+
+
+
+algorithm = "rsa-sha2-512"
+
+
+
+# Variables pour la connexion SSH
+hostname = '172.20.10.4'
+username = 'parallels'
+port = 22
+
+# Variables pour la connexion au deuxième dispositif
+signer_hostname = 'localhost'
+signer_port = 12340
+
+# Variables pour la clé publique
+public_key_file = 'ssh-keys/test.pub'
+
+# Lire la clé publique au format OpenSSH
+with open(public_key_file, 'rb') as key_file:
+    public_key = serialization.load_ssh_public_key(key_file.read(), backend=default_backend())
+
+public_key_pem = public_key.public_bytes(
+    encoding=serialization.Encoding.OpenSSH,
+    format=serialization.PublicFormat.OpenSSH
+)
+
+print("Contenu de la clé publique :\n", public_key_pem.decode())
+print("Clé publique chargée :", public_key)
+
+# Créer une nouvelle instance de transport
+transport = paramiko.Transport((hostname, port))
+
+# Créer une nouvelle instance de client de signature
+clePriv = paramiko.RSAKey.from_private_key_file('ssh-keys/test')
+
+
+# Essayer d'ouvrir la session SSH
+def handler(title, instructions, prompt_list):
+    print("*" * 80)
+    print("Handeling interactive authentication")
+    print("*" * 80)
+    signer_client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    signer_client.connect((signer_hostname, signer_port))
+
+    resp = []
+    print("Prompt list :", prompt_list)
+    print("Instructions :", instructions)
+    print("Title :", title)
+    for pr in prompt_list:
+        print(pr)
+        if pr[0].startswith('Password'):
+
+            # Transmettre le défi au deuxième dispositif
+
+            print("Envoi du défi : ", pr[0].encode())
+
+            signer_client.sendall(pr[0].encode())
+
+            # Attendre la réponse du deuxième dispositif
+            signed_challenge = signer_client.recv(1024)
+
+            print("Défi signé :", signed_challenge)
+            # resp.append("Jdlm1209") 
+            resp.append(signed_challenge)
+        else:
+            resp.append('')
+    return resp
+
+
+print("Connexion au serveur SSH...")
+transport.connect()
+
+print("Connexion réussie !")
+print("Authentification for username {}...".format(username))
+
+# transport.auth_publickey(username, public_key, handler)
+
+try:
+    transport.auth_publickey(username, public_key)
+except paramiko.ssh_exception.AuthenticationException:
+    print("Échec de l'authentification")
+else:
+    print("Authentification réussie !")
+
+    

gen_keys.py

+from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.hazmat.backends import default_backend
+
+# Génération de la clé privée
+private_key = rsa.generate_private_key(
+    public_exponent=65537,
+    key_size=2048,
+    backend=default_backend()
+)
+
+# Sauvegarde de la clé privée au format PEM
+with open('private_key.pem', 'wb') as f:
+    f.write(private_key.private_bytes(
+        encoding=serialization.Encoding.PEM,
+        format=serialization.PrivateFormat.PKCS8,
+        encryption_algorithm=serialization.NoEncryption()
+    ))
+
+# Génération de la clé publique
+public_key = private_key.public_key()
+
+# Sauvegarde de la clé publique au format PEM
+with open('public_key.pem', 'wb') as f:
+    f.write(public_key.public_bytes(
+        encoding=serialization.Encoding.PEM,
+        format=serialization.PublicFormat.SubjectPublicKeyInfo
+    ))

paramiko/__init__.py

+# Copyright (C) 2003-2011  Robey Pointer <robeypointer@gmail.com>
+#
+# This file is part of paramiko.
+#
+# Paramiko is free software; you can redistribute it and/or modify it under the
+# terms of the GNU Lesser General Public License as published by the Free
+# Software Foundation; either version 2.1 of the License, or (at your option)
+# any later version.
+#
+# Paramiko is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+# A PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more
+# details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with Paramiko; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301 USA.
+
+# flake8: noqa
+import sys
+from paramiko._version import __version__, __version_info__
+from paramiko.transport import SecurityOptions, Transport
+from paramiko.client import (
+    SSHClient,
+    MissingHostKeyPolicy,
+    AutoAddPolicy,
+    RejectPolicy,
+    WarningPolicy,
+)
+from paramiko.auth_handler import AuthHandler
+from paramiko.ssh_gss import GSSAuth, GSS_AUTH_AVAILABLE, GSS_EXCEPTIONS
+from paramiko.channel import (
+    Channel,
+    ChannelFile,
+    ChannelStderrFile,
+    ChannelStdinFile,
+)
+from paramiko.ssh_exception import (
+    AuthenticationException,
+    BadAuthenticationType,
+    BadHostKeyException,
+    ChannelException,
+    ConfigParseError,
+    CouldNotCanonicalize,
+    IncompatiblePeer,
+    PasswordRequiredException,
+    ProxyCommandFailure,
+    SSHException,
+)
+from paramiko.server import ServerInterface, SubsystemHandler, InteractiveQuery
+from paramiko.rsakey import RSAKey
+from paramiko.dsskey import DSSKey
+from paramiko.ecdsakey import ECDSAKey
+from paramiko.ed25519key import Ed25519Key
+from paramiko.sftp import SFTPError, BaseSFTP
+from paramiko.sftp_client import SFTP, SFTPClient
+from paramiko.sftp_server import SFTPServer
+from paramiko.sftp_attr import SFTPAttributes
+from paramiko.sftp_handle import SFTPHandle
+from paramiko.sftp_si import SFTPServerInterface
+from paramiko.sftp_file import SFTPFile
+from paramiko.message import Message
+from paramiko.packet import Packetizer
+from paramiko.file import BufferedFile
+from paramiko.agent import Agent, AgentKey
+from paramiko.pkey import PKey, PublicBlob
+from paramiko.hostkeys import HostKeys
+from paramiko.config import SSHConfig, SSHConfigDict
+from paramiko.proxy import ProxyCommand
+
+from paramiko.common import (
+    AUTH_SUCCESSFUL,
+    AUTH_PARTIALLY_SUCCESSFUL,
+    AUTH_FAILED,
+    OPEN_SUCCEEDED,
+    OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED,
+    OPEN_FAILED_CONNECT_FAILED,
+    OPEN_FAILED_UNKNOWN_CHANNEL_TYPE,
+    OPEN_FAILED_RESOURCE_SHORTAGE,
+)
+
+from paramiko.sftp import (
+    SFTP_OK,
+    SFTP_EOF,
+    SFTP_NO_SUCH_FILE,
+    SFTP_PERMISSION_DENIED,
+    SFTP_FAILURE,
+    SFTP_BAD_MESSAGE,
+    SFTP_NO_CONNECTION,
+    SFTP_CONNECTION_LOST,
+    SFTP_OP_UNSUPPORTED,
+)
+
+from paramiko.common import io_sleep
+
+
+__author__ = "Jeff Forcier <jeff@bitprophet.org>"
+__license__ = "GNU Lesser General Public License (LGPL)"
+
+__all__ = [
+    "Agent",
+    "AgentKey",
+    "AuthenticationException",
+    "AutoAddPolicy",
+    "BadAuthenticationType",
+    "BadHostKeyException",
+    "BufferedFile",
+    "Channel",
+    "ChannelException",
+    "ConfigParseError",
+    "CouldNotCanonicalize",
+    "DSSKey",
+    "ECDSAKey",
+    "Ed25519Key",
+    "HostKeys",
+    "Message",
+    "MissingHostKeyPolicy",
+    "PKey",
+    "PasswordRequiredException",
+    "ProxyCommand",
+    "ProxyCommandFailure",
+    "RSAKey",
+    "RejectPolicy",
+    "SFTP",
+    "SFTPAttributes",
+    "SFTPClient",
+    "SFTPError",
+    "SFTPFile",
+    "SFTPHandle",
+    "SFTPServer",
+    "SFTPServerInterface",
+    "SSHClient",
+    "SSHConfig",
+    "SSHConfigDict",
+    "SSHException",
+    "SecurityOptions",
+    "ServerInterface",
+    "SubsystemHandler",
+    "Transport",
+    "WarningPolicy",
+    "io_sleep",
+    "util",
+]