net-ssh hackery to disable agent support, disable private key support,
and add a callbackunstable
HD Moore
parent
eec70706d0
commit
9c827abcb7
|
|
@ -71,7 +71,7 @@ module Net
|
|||
:rekey_limit, :rekey_packet_limit, :timeout, :verbose,
|
||||
:global_known_hosts_file, :user_known_hosts_file, :host_key_alias,
|
||||
:host_name, :user, :properties, :passphrase, :msframework, :msfmodule,
|
||||
:record_auth_info
|
||||
:record_auth_info, :skip_private_keys, :accepted_key_callback, :disable_agent
|
||||
]
|
||||
|
||||
# The standard means of starting a new SSH connection. When used with a
|
||||
|
|
@ -196,7 +196,7 @@ module Net
|
|||
# Tell MSF not to auto-close this socket anymore...
|
||||
# This allows the transport socket to surive with the session.
|
||||
if options[:msfmodule]
|
||||
options[:msfmodule].remove_socket(transport.socket)
|
||||
options[:msfmodule].remove_socket(transport.socket)
|
||||
end
|
||||
|
||||
if block_given?
|
||||
|
|
@ -206,7 +206,7 @@ module Net
|
|||
return connection
|
||||
end
|
||||
else
|
||||
transport.close
|
||||
transport.close
|
||||
raise AuthenticationFailed, user
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -121,10 +121,16 @@ module Net
|
|||
end
|
||||
|
||||
key_data.each do |data|
|
||||
private_key = KeyFactory.load_data_private_key(data)
|
||||
key = private_key.send(:public_key)
|
||||
known_identities[key] = { :from => :key_data, :data => data, :key => private_key }
|
||||
yield key
|
||||
if @options[:skip_private_keys]
|
||||
key = KeyFactory.load_data_public_key(data)
|
||||
known_identities[key] = { :from => :key_data, :data => data }
|
||||
yield key
|
||||
else
|
||||
private_key = KeyFactory.load_data_private_key(data)
|
||||
key = private_key.send(:public_key)
|
||||
known_identities[key] = { :from => :key_data, :data => data, :key => private_key }
|
||||
yield key
|
||||
end
|
||||
end
|
||||
|
||||
self
|
||||
|
|
@ -165,6 +171,7 @@ module Net
|
|||
|
||||
# Identifies whether the ssh-agent will be used or not.
|
||||
def use_agent?
|
||||
return false if @options[:disable_agent]
|
||||
@use_agent
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -54,6 +54,15 @@ module Net
|
|||
|
||||
case message.type
|
||||
when USERAUTH_PK_OK
|
||||
debug { "publickey will be accepted (#{identity.fingerprint})" }
|
||||
|
||||
# The key is accepted by the server, trigger a callback if set
|
||||
if session.accepted_key_callback
|
||||
session.accepted_key_callback.call({ :user => username, :fingerprint => identity.fingerprint, :key => identity.dup })
|
||||
end
|
||||
|
||||
return false if session.skip_private_keys
|
||||
|
||||
buffer = build_request(identity, username, next_service, true)
|
||||
sig_data = Net::SSH::Buffer.new
|
||||
sig_data.write_string(session_id)
|
||||
|
|
|
|||
|
|
@ -33,6 +33,12 @@ module Net; module SSH; module Authentication
|
|||
|
||||
# when a successful auth is made, note the auth info if session.options[:record_auth_info]
|
||||
attr_accessor :auth_info
|
||||
|
||||
# when a public key is accepted (even if not used), trigger a callback
|
||||
attr_accessor :accepted_key_callback
|
||||
|
||||
# when we only want to test a key and not login
|
||||
attr_accessor :skip_private_keys
|
||||
|
||||
# Instantiates a new Authentication::Session object over the given
|
||||
# transport layer abstraction.
|
||||
|
|
@ -43,8 +49,10 @@ module Net; module SSH; module Authentication
|
|||
@auth_methods = options[:auth_methods] || %w(publickey hostbased password keyboard-interactive)
|
||||
@options = options
|
||||
|
||||
@allowed_auth_methods = @auth_methods
|
||||
@auth_info = {}
|
||||
@allowed_auth_methods = @auth_methods
|
||||
@skip_private_keys = options[:skip_private_keys] || false
|
||||
@accepted_key_callback = options[:accepted_key_callback]
|
||||
@auth_info = {}
|
||||
end
|
||||
|
||||
# Attempts to authenticate the given user, in preparation for the next
|
||||
|
|
|
|||
Loading…
Reference in New Issue