SSH Fingerprint and Hostkey with Paramiko in Python

Following on from SSH and SFTP with Paramiko & Python, I recently had the need to gain a remote SSH server’s fingerprint and hostkey for verification purposes. This is achievable through setting up a socket, and then applying paramiko.Transport over our established socket. First, we include the various bits and pieces we’ll need: import socket import paramiko import hashlib import base64 Next, we establish a socket connection ‘mySocket’ to “localhost” on port 22 – our dummy SSH server. We then use paramiko.Transport to gain access to paramiko’s core SSH protocol options on the socket. mySocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) mySocket.connect(("localhost", 22)) myTransport = paramiko.Transport(mySocket) myTransport.start_client() To get the remote hostkey, we call myTransport.get_remote_server_key(): […]

By | November 24th, 2014|Python|0 Comments

SSH and SFTP with Paramiko & Python

Paramiko is a Python implementation of SSH with a whole range of supported features. To start, let’s look at the most simple example – connecting to a remote SSH server and gathering the output of ls /tmp/ import paramiko ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) try: ssh.connect(‘localhost’, username=’testuser’, password=’t3st@#test123′) except paramiko.SSHException: print "Connection Failed" quit() stdin,stdout,stderr = ssh.exec_command("ls /etc/") for line in stdout.readlines(): print line.strip() ssh.close() After importing paramiko, we create a new variable ‘ssh’ to hold our SSHClient. ssh.set_missing_host_key_policy automatically adds our server’s host key without prompting. For security, this is not a good idea in production, and host keys should be added manually. Should a host key change unexpectedly, it could indicate that the connection has been compromised and is being diverted elsewhere. Next, we create 3 variables, stdin, stdout and stderr allowing us to access the respective streams when calling ls /etc/ Finally, for each “\n” terminated line on stdout, we print the line, stripping the trailing “\n” (as print adds one). Finally we close the SSH connection. Let’s look at another example, where we communicate with stdin. […]

By | November 23rd, 2014|Python|6 Comments

Hardening your server

Hardening your server is perhaps the best way to prevent, or at least reduce, attacks on your server. What follows is a basic overview of what you should do to harden your server. If you are not completely comfortable doing this, you should retain the services of someone who is, to avoid data loss. The key service you want to secure is SSH, as that is perhaps the most vulnerable. If someone should have access through this protocol, they would have complete power over your server, and all the sites on it. […]

By | July 7th, 2010|Security Consultant|0 Comments

SSHing from a compromised machine

Often, when working with compromised machines, as a security consultant, I find a malicious SSH binary. The malicious SSH binary generally logs all usernames, passwords and hosts connected to from the compromised machine, and usually in /tmp/. The attacker can then log back into the machine and collect this file at a later date. […]

By | December 25th, 2009|Technology|0 Comments

Split access SSH problems

So far everything works flawlessly, all applications, protocols and service with the split access setup, but I have a strange bug with SSH, and it only affects SSH clients built on openssl, such as dropbear and openssh. After authentication, it just hangs, and running in verbose mode shows that it seems to fail upon attempting to resize the tcp window. Only fails occasionally, when it receives no acknowledgement from the server. After much digging, I only had minimal success getting to the bottom of the issue, but the following hack fixed the issue: […]

By | May 26th, 2008|Internetworking & Routing, Linux, Technology|1 Comment