Makes it so we don't ever use local config files for Net::SSH

Also makes sure that the :config =>false option keeps
Net:SSH from meddling with knowns_hosts too
unstable
David Maloney 2012-05-18 11:38:45 -05:00
parent c386e1ce31
commit 17943c7a48
5 changed files with 16 additions and 7 deletions

View File

@ -206,7 +206,7 @@ module Net; module SSH; module Transport
algorithms[:compression_client] = algorithms[:compression_server] = algorithms[:compression]
algorithms[:language_client ] = algorithms[:language_server ] = algorithms[:language]
if !options.key?(:host_key)
if !options.key?(:host_key) and options[:config]
# make sure the host keys are specified in preference order, where any
# existing known key for the host has preference.

View File

@ -13,8 +13,9 @@ module Net; module SSH; module Verifiers
def verify(arguments)
options = arguments[:session].options
host = options[:host_key_alias] || arguments[:session].host_as_string
if options[:config]
matches = Net::SSH::KnownHosts.search_for(host, arguments[:session].options)
end
# we've never seen this host before, so just automatically add the key.
# not the most secure option (since the first hit might be the one that
# is hacked), but since almost nobody actually compares the key
@ -22,7 +23,9 @@ module Net; module SSH; module Verifiers
# security.
if matches.empty?
ip = arguments[:session].peer[:ip]
if options[:config]
Net::SSH::KnownHosts.add(host, arguments[:key], arguments[:session].options)
end
return true
end
@ -43,9 +46,11 @@ module Net; module SSH; module Verifiers
def process_cache_miss(host, args)
exception = HostKeyMismatch.new("fingerprint #{args[:fingerprint]} does not match for #{host.inspect}")
exception.data = args
if options[:config]
exception.callback = Proc.new do
Net::SSH::KnownHosts.add(host, args[:key], args[:session].options)
end
end
raise exception
end
end

View File

@ -201,6 +201,7 @@ class Metasploit3 < Msf::Auxiliary
:disable_agent => true,
:record_auth_info => true,
:skip_private_keys => true,
:config =>false,
:accepted_key_callback => Proc.new {|key| accepted << key }
}

View File

@ -62,13 +62,15 @@ class Metasploit3 < Msf::Auxiliary
end
def do_login(ip,user,pass,port)
print_status "Home: #{ENV['HOME']}"
opt_hash = {
:auth_methods => ['password','keyboard-interactive'],
:msframework => framework,
:msfmodule => self,
:port => port,
:disable_agent => true,
:password => pass
:password => pass,
:config => false,
}
opt_hash.merge!(:verbose => :debug) if datastore['SSH_DEBUG']

View File

@ -177,6 +177,7 @@ class Metasploit3 < Msf::Auxiliary
:port => port,
:key_data => key_data,
:disable_agent => true,
:config => false,
:record_auth_info => true
}
opt_hash.merge!(:verbose => :debug) if datastore['SSH_DEBUG']