Add support for checking host against global known host files.
This commit is contained in:
parent
4e49b32419
commit
a1854bb762
1 changed files with 37 additions and 26 deletions
|
@ -118,35 +118,46 @@ class Connection(object):
|
||||||
|
|
||||||
def not_in_host_file(self, host):
|
def not_in_host_file(self, host):
|
||||||
if 'USER' in os.environ:
|
if 'USER' in os.environ:
|
||||||
host_file = os.path.expandvars("~${USER}/.ssh/known_hosts")
|
user_host_file = os.path.expandvars("~${USER}/.ssh/known_hosts")
|
||||||
else:
|
else:
|
||||||
host_file = "~/.ssh/known_hosts"
|
user_host_file = "~/.ssh/known_hosts"
|
||||||
host_file = os.path.expanduser(host_file)
|
user_host_file = os.path.expanduser(user_host_file)
|
||||||
if not os.path.exists(host_file):
|
|
||||||
print "previous known host file not found"
|
host_file_list = []
|
||||||
return True
|
host_file_list.append(user_host_file)
|
||||||
host_fh = open(host_file)
|
host_file_list.append("/etc/ssh/ssh_known_hosts")
|
||||||
data = host_fh.read()
|
host_file_list.append("/etc/ssh/ssh_known_hosts2")
|
||||||
host_fh.close()
|
|
||||||
for line in data.split("\n"):
|
hfiles_not_found = 0
|
||||||
if line is None or line.find(" ") == -1:
|
for hf in host_file_list:
|
||||||
|
if not os.path.exists(hf):
|
||||||
|
hfiles_not_found += 1
|
||||||
continue
|
continue
|
||||||
tokens = line.split()
|
host_fh = open(hf)
|
||||||
if tokens[0].find(self.HASHED_KEY_MAGIC) == 0:
|
data = host_fh.read()
|
||||||
# this is a hashed known host entry
|
host_fh.close()
|
||||||
try:
|
for line in data.split("\n"):
|
||||||
(kn_salt,kn_host) = tokens[0][len(self.HASHED_KEY_MAGIC):].split("|",2)
|
if line is None or line.find(" ") == -1:
|
||||||
hash = hmac.new(kn_salt.decode('base64'), digestmod=sha1)
|
|
||||||
hash.update(host)
|
|
||||||
if hash.digest() == kn_host.decode('base64'):
|
|
||||||
return False
|
|
||||||
except:
|
|
||||||
# invalid hashed host key, skip it
|
|
||||||
continue
|
continue
|
||||||
else:
|
tokens = line.split()
|
||||||
# standard host file entry
|
if tokens[0].find(self.HASHED_KEY_MAGIC) == 0:
|
||||||
if host in tokens[0]:
|
# this is a hashed known host entry
|
||||||
return False
|
try:
|
||||||
|
(kn_salt,kn_host) = tokens[0][len(self.HASHED_KEY_MAGIC):].split("|",2)
|
||||||
|
hash = hmac.new(kn_salt.decode('base64'), digestmod=sha1)
|
||||||
|
hash.update(host)
|
||||||
|
if hash.digest() == kn_host.decode('base64'):
|
||||||
|
return False
|
||||||
|
except:
|
||||||
|
# invalid hashed host key, skip it
|
||||||
|
continue
|
||||||
|
else:
|
||||||
|
# standard host file entry
|
||||||
|
if host in tokens[0]:
|
||||||
|
return False
|
||||||
|
|
||||||
|
if (hfiles_not_found == len(host_file_list)):
|
||||||
|
print "previous known host file not found"
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def exec_command(self, cmd, tmp_path, sudo_user=None, sudoable=False, executable='/bin/sh', in_data=None, su_user=None, su=False):
|
def exec_command(self, cmd, tmp_path, sudo_user=None, sudoable=False, executable='/bin/sh', in_data=None, su_user=None, su=False):
|
||||||
|
|
Loading…
Reference in a new issue