[Checkins] SVN: Sandbox/J1m/conch/ checking in initial experiement. See README.txt
Jim Fulton
jim at zope.com
Sat Jul 25 09:01:19 EDT 2009
Log message for revision 102295:
checking in initial experiement. See README.txt
Changed:
A Sandbox/J1m/conch/README.txt
A Sandbox/J1m/conch/buildout.cfg
A Sandbox/J1m/conch/echo_client.py
A Sandbox/J1m/conch/echo_server.py
A Sandbox/J1m/conch/skey
A Sandbox/J1m/conch/skey.pub
A Sandbox/J1m/conch/ukey
A Sandbox/J1m/conch/ukey.pub
-=-
Added: Sandbox/J1m/conch/README.txt
===================================================================
--- Sandbox/J1m/conch/README.txt (rev 0)
+++ Sandbox/J1m/conch/README.txt 2009-07-25 13:01:18 UTC (rev 102295)
@@ -0,0 +1,28 @@
+
+I really like the ssh architecture, especially from a usage point of
+view. You have ssh keys that you can use to authenticate against a
+variety of services. The SSH protocol provides both encrypted
+connections and authentcation. Conceptually, as a network
+infrastructure seems to be easy to implement than SSL which requires
+certificate authorities and requires additional authentication
+infrastructure.
+
+I've played with implementing custom ssh servers using paramiko in the
+past. Lately, I've been plating with twisted.conch. ZRS 2 uses
+twisted and it might be interesting to provide replication over ssh.
+In the future, I'd love to support ZEO over ssh for both
+authentication (and someday, authorization) and encryption.
+
+Wikipedia gives a nice high-level overview of the SSH architecture:
+
+ http://en.wikipedia.org/wiki/Secure_Shell
+
+I'd like to be able to implement application-specific network services
+(e.g. ZRS or ZEO) as custom ssh channels. (I think it's pretty cool
+that a server can provide multiple named services via channels. This
+is potentially an alternative to integer ports, which are difficult to
+manage.)
+
+My current experiment provides a simple echo server and client that
+communicate via a shell channel. The next iteration will use a custom
+channel.
Property changes on: Sandbox/J1m/conch/README.txt
___________________________________________________________________
Added: svn:eol-style
+ native
Added: Sandbox/J1m/conch/buildout.cfg
===================================================================
--- Sandbox/J1m/conch/buildout.cfg (rev 0)
+++ Sandbox/J1m/conch/buildout.cfg 2009-07-25 13:01:18 UTC (rev 102295)
@@ -0,0 +1,8 @@
+[buildout]
+parts = twisted
+
+[twisted]
+recipe = zc.recipe.egg
+eggs = twisted
+ pycrypto
+interpreter = py
Property changes on: Sandbox/J1m/conch/buildout.cfg
___________________________________________________________________
Added: svn:eol-style
+ native
Added: Sandbox/J1m/conch/echo_client.py
===================================================================
--- Sandbox/J1m/conch/echo_client.py (rev 0)
+++ Sandbox/J1m/conch/echo_client.py 2009-07-25 13:01:18 UTC (rev 102295)
@@ -0,0 +1,69 @@
+
+import twisted.conch.ssh.channel
+import twisted.conch.ssh.common
+import twisted.conch.ssh.connection
+import twisted.conch.ssh.keys
+import twisted.conch.ssh.transport
+import twisted.conch.ssh.userauth
+import twisted.internet.defer
+import twisted.internet.protocol
+import twisted.internet.reactor
+
+class Transport(twisted.conch.ssh.transport.SSHClientTransport):
+
+ def verifyHostKey(self, pubKey, fingerprint):
+ print 'host key fingerprint: %s' % fingerprint
+ return twisted.internet.defer.succeed(1)
+
+ def connectionSecure(self):
+ self.requestService(UserAuth('user', Connection()))
+
+class UserAuth(twisted.conch.ssh.userauth.SSHUserAuthClient):
+
+ def getPassword(self, prompt = None):
+ return # this says we won't do password authentication
+
+ def getPublicKey(self):
+ return twisted.conch.ssh.keys.Key.fromFile('ukey.pub').blob()
+
+ def getPrivateKey(self):
+ return twisted.internet.defer.succeed(
+ twisted.conch.ssh.keys.Key.fromFile('ukey').keyObject)
+
+class Connection(twisted.conch.ssh.connection.SSHConnection):
+
+ def serviceStarted(self):
+ self.openChannel(Channel(conn = self))
+
+class Channel(twisted.conch.ssh.channel.SSHChannel):
+
+ name = 'session'
+
+ def channelOpen(self, data):
+ d = self.conn.sendRequest(
+ self, 'shell', '',
+ wantReply = 1)
+ d.addCallback(self._cbSendRequest)
+ self.catData = ''
+
+ def _cbSendRequest(self, ignored):
+ self.write('This data will be echoed back to us by "cat."\r\n')
+ self.conn.sendEOF(self)
+ self.loseConnection()
+
+ def dataReceived(self, data):
+ self.catData += data
+
+ def closed(self):
+ print 'We got this from "cat":', self.catData
+ twisted.internet.reactor.stop()
+
+def main():
+ factory = twisted.internet.protocol.ClientFactory()
+ factory.protocol = Transport
+ twisted.internet.reactor.connectTCP('localhost', 5022, factory)
+ twisted.internet.reactor.run()
+
+if __name__ == "__main__":
+ main()
+
Property changes on: Sandbox/J1m/conch/echo_client.py
___________________________________________________________________
Added: svn:keywords
+ Id
Added: svn:eol-style
+ native
Added: Sandbox/J1m/conch/echo_server.py
===================================================================
--- Sandbox/J1m/conch/echo_server.py (rev 0)
+++ Sandbox/J1m/conch/echo_server.py 2009-07-25 13:01:18 UTC (rev 102295)
@@ -0,0 +1,104 @@
+#!/usr/bin/python
+import sys
+import twisted.cred.portal
+import twisted.conch.avatar
+import twisted.conch.checkers
+import twisted.conch.ssh.factory
+import twisted.conch.ssh.userauth
+import twisted.conch.ssh.connection
+import twisted.conch.ssh.keys
+import twisted.conch.ssh.session
+import twisted.internet.reactor
+import twisted.internet.protocol
+import twisted.python.components
+import twisted.python.log
+import zope.interface
+
+twisted.python.log.startLogging(sys.stderr)
+
+"""Example of running another protocol over an SSH channel.
+log in with username "user" and password "password".
+"""
+
+class ExampleAvatar(twisted.conch.avatar.ConchUser):
+
+ def __init__(self, username):
+ twisted.conch.avatar.ConchUser.__init__(self)
+ self.username = username
+ self.channelLookup.update(
+ {'session':twisted.conch.ssh.session.SSHSession}
+ )
+
+class ExampleRealm:
+ zope.interface.implements(twisted.cred.portal.IRealm)
+
+ def requestAvatar(self, avatarId, mind, *interfaces):
+ return interfaces[0], ExampleAvatar(avatarId), lambda: None
+
+class EchoProtocol(twisted.internet.protocol.Protocol):
+ """this is our example protocol that we will run over SSH
+ """
+ def dataReceived(self, data):
+ if data == '\r':
+ data = '\r\n'
+ elif data == '\x03': #^C
+ self.transport.loseConnection()
+ return
+ self.transport.write(data.upper())
+
+
+user_pubkey = twisted.conch.ssh.keys.Key.fromFile('ukey.pub')
+
+class InMemoryPublicKeyChecker(twisted.conch.checkers.SSHPublicKeyDatabase):
+
+ def checkKey(self, credentials):
+ return (credentials.username == 'user' and
+ user_pubkey.blob() == credentials.blob)
+
+class ExampleSession:
+
+ def __init__(self, avatar):
+ """
+ We don't use it, but the adapter is passed the avatar as its first
+ argument.
+ """
+
+ def getPty(self, term, windowSize, attrs):
+ pass
+
+ def execCommand(self, proto, cmd):
+ raise Exception("no executing commands")
+
+ def openShell(self, trans):
+ ep = EchoProtocol()
+ ep.makeConnection(trans)
+ trans.makeConnection(twisted.conch.ssh.session.wrapProtocol(ep))
+
+ def eofReceived(self):
+ pass
+
+ def closed(self):
+ pass
+
+twisted.python.components.registerAdapter(
+ ExampleSession, ExampleAvatar, twisted.conch.ssh.session.ISession)
+
+class ExampleFactory(twisted.conch.ssh.factory.SSHFactory):
+ publicKeys = {
+ 'ssh-rsa': twisted.conch.ssh.keys.Key.fromFile('skey.pub')
+ }
+ privateKeys = {
+ 'ssh-rsa': twisted.conch.ssh.keys.Key.fromFile('skey')
+ }
+ services = {
+ 'ssh-userauth': twisted.conch.ssh.userauth.SSHUserAuthServer,
+ 'ssh-connection': twisted.conch.ssh.connection.SSHConnection
+ }
+
+portal = twisted.cred.portal.Portal(ExampleRealm())
+portal.registerChecker(InMemoryPublicKeyChecker())
+ExampleFactory.portal = portal
+
+if __name__ == '__main__':
+ twisted.internet.reactor.listenTCP(5022, ExampleFactory())
+ twisted.internet.reactor.run()
Property changes on: Sandbox/J1m/conch/echo_server.py
___________________________________________________________________
Added: svn:executable
+ *
Added: svn:keywords
+ Id
Added: svn:eol-style
+ native
Added: Sandbox/J1m/conch/skey
===================================================================
--- Sandbox/J1m/conch/skey (rev 0)
+++ Sandbox/J1m/conch/skey 2009-07-25 13:01:18 UTC (rev 102295)
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAo2le2nUGQ04dpDobmTL0ZDs/E1CzgKNJq2ljxi7j6LTmU0mE
+wSZ1YYVhJvS6Nd+6iwD3IN+zEutfxoXo1JJYjkLplHDQ7Z9Cy2W/n4eepbo0sBAi
+nx/knNLcDjy4ZEfYuYyTKmNpzYTF+XXSm1EzxZ9b8rL7K52FDc9obQi/QrcQ79vJ
+ubN0Zhvescg/BpdRQzMCKDEVtO++othhAojRc61uHr7slp3fsfop5PR/KlDyMqpJ
+Am1iXXvV4y7w/91nrQUSLNZfLwy7k9lmIjOo2fc02WWD9wtiFTwtvOilnV+Kl0D+
+D9SpRvT2kixxTBR+5UJlkBPIBkKV6rLRlI5qpQIBIwKCAQEAkLxp9LDLCGnCe4Ps
+jwE+3G79WkAp9ZfwywWS4rvRLTKC3A3qnHKFOR5dXQSk7eNqtaHE8TsplGoTAEq4
+Rz/KxyVSispSppRfu3dglJyxFnG5o0F9wCOP+J2BE+yjUYF20DquO3yfiiUkYJuO
+ptLktlnyWp6GsZolZADY1ZoIfOnfL1JYiREZvemc1nSDf4vfPD4lNuoVwGQptRiC
+2hYkHOGBOAHxjwb4oLJ3WcONfaRD9XQL9aYEz+T0YlWQPPbudAKYpqq/DCQ5B+2/
+JJf1yhD5Gnxa/BdqtH9mThkPREg+7ggDIG7C/uNQhUmlOLMjtz+vrv2RTWyfrTLs
+pYmsSwKBgQDOgl9BchgcIuCZb6cJO8C1VTvznY/yYrA9VeZ2Q5+ReeUauKzRO4mW
+oPA8L2nRGlsrg6BChPc9tJXoa0NzBIZZ+cEZ35ZkRxJI2FUfKywi7aL1b8BsVW5u
+JZR71lHcszhEDjKgyPxHyCSZQcTW8QpA8jFEIa3Alvl27ZWXYoNetQKBgQDKkuXB
+OT23Efm1NzqQz3rA7AN5K5jZNve1Tu8EbdiCjto9YKSOwdrdxvYcosarN8izwzRs
+maovvi3AxtU1+JLXMElL9CyfFBOdspCgtPCZtZvsXEH7OqvOCxfbTFl1nQ+DnVfm
+IjpLiFPZHQPwVNSiAyQQwZpS3hCLvbIvA4hiMQKBgEbNnQB+47HgEn2/4X+CM3Ff
+DT2VG2kL5KdQpsl2RVZy73bgO0BsLyxUb5+bOjkQWcXGupp2uysZV/fqQwLc+t0F
+LENimfZ+xHC/MyChFnJgGp1K4uNQfaIbg12okRh39gi0aSEu92kRa6JCb1+jGXVa
+Wgi7FwAzwz6324RcSkxbAoGARXQxhBOgIYKBf/Wtrf3+M4Qecq/coj67VBsQHsaT
+X/Z2tfU/u+qxcJv8nBqNQgR/U5NibmCSHv9gJNZ0/I+9URfenbLNeF6no8gxli9o
+bzbzoX63iVXxwvx9NT6/lgn2sMg7ZNiJA/Q6AUvG1g50ydUw781Ze39WIUhaWUMK
+MEsCgYEAhfVGgBwwLk1fxx+tg1g/ey7ivC/ve70zSgmjBkogMumD5eZuX8HL5/83
+Iur8ZSRJctN0/+VM4BW0drt5vE+CgN0t2AJYDJeAQDjmpHrylIVC3TXSDms2Sslt
+1rV5Tivv+xE6xCInMkHw6SGJL86zg5GKawEacV0BHR9UNXpZRJc=
+-----END RSA PRIVATE KEY-----
Property changes on: Sandbox/J1m/conch/skey
___________________________________________________________________
Added: svn:eol-style
+ native
Added: Sandbox/J1m/conch/skey.pub
===================================================================
--- Sandbox/J1m/conch/skey.pub (rev 0)
+++ Sandbox/J1m/conch/skey.pub 2009-07-25 13:01:18 UTC (rev 102295)
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAo2le2nUGQ04dpDobmTL0ZDs/E1CzgKNJq2ljxi7j6LTmU0mEwSZ1YYVhJvS6Nd+6iwD3IN+zEutfxoXo1JJYjkLplHDQ7Z9Cy2W/n4eepbo0sBAinx/knNLcDjy4ZEfYuYyTKmNpzYTF+XXSm1EzxZ9b8rL7K52FDc9obQi/QrcQ79vJubN0Zhvescg/BpdRQzMCKDEVtO++othhAojRc61uHr7slp3fsfop5PR/KlDyMqpJAm1iXXvV4y7w/91nrQUSLNZfLwy7k9lmIjOo2fc02WWD9wtiFTwtvOilnV+Kl0D+D9SpRvT2kixxTBR+5UJlkBPIBkKV6rLRlI5qpQ== jim at Avalon.local
Property changes on: Sandbox/J1m/conch/skey.pub
___________________________________________________________________
Added: svn:eol-style
+ native
Added: Sandbox/J1m/conch/ukey
===================================================================
--- Sandbox/J1m/conch/ukey (rev 0)
+++ Sandbox/J1m/conch/ukey 2009-07-25 13:01:18 UTC (rev 102295)
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEoQIBAAKCAQEA2L2kgcTOzRbdxFGiQxYFrtqSGCKKVcaKCHWf95K8H+LineCf
+WJ23B+MGx8kMguFktUcup3TZlnVZvu/+iy+IzDb7s7LD+kB6gH5GZl1tii6dqR5g
+AvWfsA2AAq0Vbglyt4KAvndGi+VKQAG//R4W6p2ovg9KeQf/QcKMA+bui04iGtPk
+0GKs7fGj9ykFM4yKuVfBwp7oQ5HCPf20/BxzdfzYMXuDOrOVBnET0A14I/D/o/LY
+I+pD64CyBs2EOJsyzjtqh8fxgzXHINYRg4Ae3rBrtTfM0djhhtdR7viyUxqaDuTq
+gVwhmPQqWQv70kwFkoE09CuFr9yk5ohYBYTThwIBIwKCAQEAlJ9MO7onaA+uAvYm
+H1+O3ky780rig/Xa/nyK8uhGfEPOmCT/jTjyiRC0MTlnqjQnzMMYrVdwoa+N/0V7
+WCCYUYTJ2k6yRTOHM4nJ38sJSM+CDZEr5MWvVCaDqhBJNYLSUfMWc/oEfS+DXxck
+kE8lqDGYR8/4jYHTms6L5WsnOvJ8Fjz6v/h2niOKIGiHve29LOeWaKvONcam1u7+
+ff1es+uxLW3+zK4+zweYHU46TfdXLofzrNeDPylRwnUllvCLO2Nhb1a39EcMh0hD
+G705+foU8znVoWFzLagq1V54a63VIKaJmUR98da5gwzAlqPR73P0o5pR0zwHPZqi
+ISqaSwKBgQD4yOExOKS2sUlBbuzj+graVp0g8qje6oUVGOPTnRS4u48uFlDhgFw/
+uSXK9yVzxXcL1WFvOqFdaWSsLUSE84TD1SZs+BKwJ11/GeY+QCBsVZ+QOEAjqUpX
+1cAu4Nes3RbZYW289sm9R4dSCfPisR+0mXa/v2l/ycHhBgdIFvH3LQKBgQDfBtnF
+6nOelgnjw6OwmdxR1pOQIft8n/WkgP1Y50uQnrXyY5TjeoPkX2A1ritErMaUqrXQ
+N+Pxxf/D80jTHkz5QnlkzVbKbPCrFvvGuuu9/IQnmkNRnTXBuSyPQaHrLlDp3dmk
+4GPXUL5fGqWARX1pe9awcNZOkg3j+/+OKN9mAwKBgHjWmUPLDizZxH7eG0oo/fUF
+f4UIJiMhc9cMFuMgaSaG/GbXo6C6sHa5A7payQxYmOh9lbmuw2fiu96ZpPAeglB9
+eRBbPEbujH+QPKHkogi738m06/QQZfAl/kKnuTa0h3DmLfyyYfzZmX+ebyT28iSF
+DcrZUH/lp1AKPg0SdYavAoGAUtaoqJjpHaVxYzoJmV24O6d4oz/ScB4oCebEgBtl
+NbdK5QBqgGC0pUf/KeGbCuEWjv2T/OGPLep08QKXZFu2MLJKWKQKSy/HGvnofQOZ
+Y9LSABS56x0imGlZsY1oBuVRQOwAYc+wDiVOBhE2KFRTJy3/SNl0K8/ZRg0kaACN
+fakCgYBy7fYZPw9jEHL0szIAcXQONSw3hvxYKOLm183HjHy9aPJRCTNUkpT9oCCZ
+XfoxCxdDhh8gGunrnZfyOJXZOMO+xkeIdmJr62ipY7FgE3zklIfHd9w/oLTyYTH8
+VjvF/ZPREwIIZ5oMfR+L8FlapWcQcqvmhhZEDoFyyL0Dl4V8Fg==
+-----END RSA PRIVATE KEY-----
Property changes on: Sandbox/J1m/conch/ukey
___________________________________________________________________
Added: svn:eol-style
+ native
Added: Sandbox/J1m/conch/ukey.pub
===================================================================
--- Sandbox/J1m/conch/ukey.pub (rev 0)
+++ Sandbox/J1m/conch/ukey.pub 2009-07-25 13:01:18 UTC (rev 102295)
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2L2kgcTOzRbdxFGiQxYFrtqSGCKKVcaKCHWf95K8H+LineCfWJ23B+MGx8kMguFktUcup3TZlnVZvu/+iy+IzDb7s7LD+kB6gH5GZl1tii6dqR5gAvWfsA2AAq0Vbglyt4KAvndGi+VKQAG//R4W6p2ovg9KeQf/QcKMA+bui04iGtPk0GKs7fGj9ykFM4yKuVfBwp7oQ5HCPf20/BxzdfzYMXuDOrOVBnET0A14I/D/o/LYI+pD64CyBs2EOJsyzjtqh8fxgzXHINYRg4Ae3rBrtTfM0djhhtdR7viyUxqaDuTqgVwhmPQqWQv70kwFkoE09CuFr9yk5ohYBYTThw== jim at Avalon.local
Property changes on: Sandbox/J1m/conch/ukey.pub
___________________________________________________________________
Added: svn:eol-style
+ native
More information about the Checkins
mailing list