Add support for checking host against global known host files.

This commit is contained in:
Iordan Iordanov 2014-02-24 16:05:03 -05:00
parent 4e49b32419
commit a1854bb762

View file

@ -118,35 +118,46 @@ class Connection(object):
def not_in_host_file(self, host): def not_in_host_file(self, host):
if 'USER' in os.environ: if 'USER' in os.environ:
host_file = os.path.expandvars("~${USER}/.ssh/known_hosts") user_host_file = os.path.expandvars("~${USER}/.ssh/known_hosts")
else: else:
host_file = "~/.ssh/known_hosts" user_host_file = "~/.ssh/known_hosts"
host_file = os.path.expanduser(host_file) user_host_file = os.path.expanduser(user_host_file)
if not os.path.exists(host_file):
print "previous known host file not found" host_file_list = []
return True host_file_list.append(user_host_file)
host_fh = open(host_file) host_file_list.append("/etc/ssh/ssh_known_hosts")
data = host_fh.read() host_file_list.append("/etc/ssh/ssh_known_hosts2")
host_fh.close()
for line in data.split("\n"): hfiles_not_found = 0
if line is None or line.find(" ") == -1: for hf in host_file_list:
if not os.path.exists(hf):
hfiles_not_found += 1
continue continue
tokens = line.split() host_fh = open(hf)
if tokens[0].find(self.HASHED_KEY_MAGIC) == 0: data = host_fh.read()
# this is a hashed known host entry host_fh.close()
try: for line in data.split("\n"):
(kn_salt,kn_host) = tokens[0][len(self.HASHED_KEY_MAGIC):].split("|",2) if line is None or line.find(" ") == -1:
hash = hmac.new(kn_salt.decode('base64'), digestmod=sha1)
hash.update(host)
if hash.digest() == kn_host.decode('base64'):
return False
except:
# invalid hashed host key, skip it
continue continue
else: tokens = line.split()
# standard host file entry if tokens[0].find(self.HASHED_KEY_MAGIC) == 0:
if host in tokens[0]: # this is a hashed known host entry
return False try:
(kn_salt,kn_host) = tokens[0][len(self.HASHED_KEY_MAGIC):].split("|",2)
hash = hmac.new(kn_salt.decode('base64'), digestmod=sha1)
hash.update(host)
if hash.digest() == kn_host.decode('base64'):
return False
except:
# invalid hashed host key, skip it
continue
else:
# standard host file entry
if host in tokens[0]:
return False
if (hfiles_not_found == len(host_file_list)):
print "previous known host file not found"
return True return True
def exec_command(self, cmd, tmp_path, sudo_user=None, sudoable=False, executable='/bin/sh', in_data=None, su_user=None, su=False): def exec_command(self, cmd, tmp_path, sudo_user=None, sudoable=False, executable='/bin/sh', in_data=None, su_user=None, su=False):