From ea60224f28cf702053d8fd06ef32cc683ed4aff1 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 29 Jan 2013 18:48:09 +0100 Subject: //services test.py -> test-server.py --- services/Makefile | 2 +- services/test-server.py | 108 ++++++++++++++++++++++++++++++++++++++++++++++++ services/test.py | 108 ------------------------------------------------ 3 files changed, 109 insertions(+), 109 deletions(-) create mode 100755 services/test-server.py delete mode 100644 services/test.py (limited to 'services') diff --git a/services/Makefile b/services/Makefile index 3ef670a3..61e0f529 100644 --- a/services/Makefile +++ b/services/Makefile @@ -32,7 +32,7 @@ test-client: ssh localhost -p 1337 2>/dev/null test-server: - python test.py + ./test-server.py $(host_key_file): ssh-keygen -t rsa -P '' -f $@ diff --git a/services/test-server.py b/services/test-server.py new file mode 100755 index 00000000..ce8fbaa4 --- /dev/null +++ b/services/test-server.py @@ -0,0 +1,108 @@ +#! /usr/bin/env python2 + +from os import environ as env + +authorized_keys_file = env.get('authorized_keys_file', '/dev/null') +services_file = env.get('services_file', '/dev/null') +host_key_file = env.get('host_key_file', '/dev/null') +host_key_pub_file = host_key_file + '.pub' + + +from checkers import PublicKeyChecker +from twisted.conch.avatar import ConchUser +from twisted.conch.ssh.connection import SSHConnection +from twisted.conch.ssh.factory import SSHFactory +from twisted.conch.ssh.keys import Key +from twisted.conch.ssh.session import SSHSession, ISession, wrapProtocol +from twisted.conch.ssh.userauth import SSHUserAuthServer +from twisted.cred.error import UnauthorizedLogin +from twisted.cred.portal import IRealm, Portal +from twisted.internet.protocol import Protocol +from twisted.internet.reactor import listenTCP, run +from twisted.python.components import registerAdapter +from zope.interface import implements + +from twisted.python.log import startLogging +from sys import stderr +startLogging(stderr) + + +class MyRealm: + implements(IRealm) + + def requestAvatar(self, avatarId, mind, *interfaces): + return interfaces[0], MyUser(), lambda: None + + +class MyUser(ConchUser): + def __init__(self): + ConchUser.__init__(self) + self.channelLookup.update({ 'session': SSHSession }) + + +class MySession: + + def __init__(self, avatar): + pass + + def getPty(self, term, windowSize, attrs): + pass + + def execCommand(self, proto, cmd): + raise Exception("no executing commands") + + def openShell(self, trans): + ep = MyProtocol() + ep.makeConnection(trans) + trans.makeConnection(wrapProtocol(ep)) + + def eofReceived(self): + pass + + def closed(self): + pass + + +registerAdapter(MySession, MyUser, ISession) + + +def slurpTextfile(filename): + file = open(filename, 'r') + try: + return file.read() + finally: + file.close() + +class MyProtocol(Protocol): + def connectionMade(self): + data = slurpTextfile(services_file).replace('\n', '\r\n') + self.transport.write(data) + self.transport.loseConnection() + + #def dataReceived(self, data): + # if data == '\r': + # data = '\r\n' + # elif data == '\x03': #^C + # self.transport.loseConnection() + # return + # self.transport.write(data) + + +class MyFactory(SSHFactory): + privateKeys = { + 'ssh-rsa': Key.fromFile(filename=host_key_file) + } + publicKeys = { + 'ssh-rsa': Key.fromFile(filename=host_key_pub_file) + } + services = { + 'ssh-userauth': SSHUserAuthServer, + 'ssh-connection': SSHConnection + } + +if __name__ == '__main__': + portal = Portal(MyRealm()) + portal.registerChecker(PublicKeyChecker(authorized_keys_file)) + MyFactory.portal = portal + listenTCP(1337, MyFactory()) + run() diff --git a/services/test.py b/services/test.py deleted file mode 100644 index 06340a54..00000000 --- a/services/test.py +++ /dev/null @@ -1,108 +0,0 @@ -#! /usr/bin/env python - -from os import environ as env - -authorized_keys_file = env.get('authorized_keys_file', '/dev/null') -services_file = env.get('services_file', '/dev/null') -host_key_file = env.get('host_key_file', '/dev/null') -host_key_pub_file = host_key_file + '.pub' - - -from checkers import PublicKeyChecker -from twisted.conch.avatar import ConchUser -from twisted.conch.ssh.connection import SSHConnection -from twisted.conch.ssh.factory import SSHFactory -from twisted.conch.ssh.keys import Key -from twisted.conch.ssh.session import SSHSession, ISession, wrapProtocol -from twisted.conch.ssh.userauth import SSHUserAuthServer -from twisted.cred.error import UnauthorizedLogin -from twisted.cred.portal import IRealm, Portal -from twisted.internet.protocol import Protocol -from twisted.internet.reactor import listenTCP, run -from twisted.python.components import registerAdapter -from zope.interface import implements - -from twisted.python.log import startLogging -from sys import stderr -startLogging(stderr) - - -class MyRealm: - implements(IRealm) - - def requestAvatar(self, avatarId, mind, *interfaces): - return interfaces[0], MyUser(), lambda: None - - -class MyUser(ConchUser): - def __init__(self): - ConchUser.__init__(self) - self.channelLookup.update({ 'session': SSHSession }) - - -class MySession: - - def __init__(self, avatar): - pass - - def getPty(self, term, windowSize, attrs): - pass - - def execCommand(self, proto, cmd): - raise Exception("no executing commands") - - def openShell(self, trans): - ep = MyProtocol() - ep.makeConnection(trans) - trans.makeConnection(wrapProtocol(ep)) - - def eofReceived(self): - pass - - def closed(self): - pass - - -registerAdapter(MySession, MyUser, ISession) - - -def slurpTextfile(filename): - file = open(filename, 'r') - try: - return file.read() - finally: - file.close() - -class MyProtocol(Protocol): - def connectionMade(self): - data = slurpTextfile(services_file).replace('\n', '\r\n') - self.transport.write(data) - self.transport.loseConnection() - - #def dataReceived(self, data): - # if data == '\r': - # data = '\r\n' - # elif data == '\x03': #^C - # self.transport.loseConnection() - # return - # self.transport.write(data) - - -class MyFactory(SSHFactory): - privateKeys = { - 'ssh-rsa': Key.fromFile(filename=host_key_file) - } - publicKeys = { - 'ssh-rsa': Key.fromFile(filename=host_key_pub_file) - } - services = { - 'ssh-userauth': SSHUserAuthServer, - 'ssh-connection': SSHConnection - } - -if __name__ == '__main__': - portal = Portal(MyRealm()) - portal.registerChecker(PublicKeyChecker(authorized_keys_file)) - MyFactory.portal = portal - listenTCP(1337, MyFactory()) - run() -- cgit v1.2.3 From 96d04da93bcbd42e8d1b419fea659e5eb8764437 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 29 Jan 2013 18:49:05 +0100 Subject: //services test-server: add systemd configuration --- services/etc/conf.d/krebs-services-test-server | 3 +++ .../etc/systemd/system/krebs-services-test-server.service | 14 ++++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 services/etc/conf.d/krebs-services-test-server create mode 100644 services/etc/systemd/system/krebs-services-test-server.service (limited to 'services') diff --git a/services/etc/conf.d/krebs-services-test-server b/services/etc/conf.d/krebs-services-test-server new file mode 100644 index 00000000..243054f4 --- /dev/null +++ b/services/etc/conf.d/krebs-services-test-server @@ -0,0 +1,3 @@ +authorized_keys_file=/krebs/services/authorized_keys +services_file=/opt/services/services.txt +host_key_file=/opt/services/test.key diff --git a/services/etc/systemd/system/krebs-services-test-server.service b/services/etc/systemd/system/krebs-services-test-server.service new file mode 100644 index 00000000..99578cce --- /dev/null +++ b/services/etc/systemd/system/krebs-services-test-server.service @@ -0,0 +1,14 @@ +[Unit] +Description=services: provider +After=network.target + +[Service] +EnvironmentFile=/etc/conf.d/krebs-services-test-server +ExecStart=/krebs/services/test-server.py +KillMode=process +User=services +Group=services +Restart=no + +[Install] +WantedBy=multi-user.target -- cgit v1.2.3 From c17d13380945c0909adeddd2375c1c9c8aa26782 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 29 Jan 2013 18:57:49 +0100 Subject: //services test-server: log only if debug_log == 'true' --- services/Makefile | 1 + services/test-server.py | 8 +++++--- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'services') diff --git a/services/Makefile b/services/Makefile index 61e0f529..37931f47 100644 --- a/services/Makefile +++ b/services/Makefile @@ -1,5 +1,6 @@ help:;@cat Makefile export authorized_keys_file := authorized_keys +export debug_log := true export services_file := services.txt export host_key_file := test.key export services_home := /opt/services diff --git a/services/test-server.py b/services/test-server.py index ce8fbaa4..7838e0af 100755 --- a/services/test-server.py +++ b/services/test-server.py @@ -3,6 +3,7 @@ from os import environ as env authorized_keys_file = env.get('authorized_keys_file', '/dev/null') +debug_log = env.get('debug_log', 'false') services_file = env.get('services_file', '/dev/null') host_key_file = env.get('host_key_file', '/dev/null') host_key_pub_file = host_key_file + '.pub' @@ -22,9 +23,10 @@ from twisted.internet.reactor import listenTCP, run from twisted.python.components import registerAdapter from zope.interface import implements -from twisted.python.log import startLogging -from sys import stderr -startLogging(stderr) +if debug_log == 'true': + from twisted.python.log import startLogging + from sys import stderr + startLogging(stderr) class MyRealm: -- cgit v1.2.3 From 0c37512813f26c098e2c1d34c42e6b843009e9b2 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 30 Jan 2013 01:12:06 +0100 Subject: //service README: install test-server.py as systemd service on arch --- services/README.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 services/README.md (limited to 'services') diff --git a/services/README.md b/services/README.md new file mode 100644 index 00000000..eff94113 --- /dev/null +++ b/services/README.md @@ -0,0 +1,28 @@ +# //services + +## install and run test-server.py as systemd service + +### install dependencies + + pacman -S python2-pyasn1 twisted + +### install systemd service and configuration + + cp /krebs/services/etc/systemd/system/krebs-services-test-server.service \ + /etc/systemd/system/ + + cp /krebs/services/etc/conf.d/krebs-services-test-server \ + /etc/conf.d/ + +### create services user + + useradd -m -r -l -f -1 -d /opt/services -k /var/empty services + +### configure test-server.py + + $EDITOR /opt/services/services.txt + +### run + + systemctl enable krebs-services-test-server + systemctl start krebs-services-test-server -- cgit v1.2.3 From 9577db8e98c94e0b8e36fed70cfd246f98f0344a Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 30 Jan 2013 01:16:39 +0100 Subject: //services README: generate test.key --- services/README.md | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) (limited to 'services') diff --git a/services/README.md b/services/README.md index eff94113..e0769bce 100644 --- a/services/README.md +++ b/services/README.md @@ -10,19 +10,16 @@ cp /krebs/services/etc/systemd/system/krebs-services-test-server.service \ /etc/systemd/system/ - cp /krebs/services/etc/conf.d/krebs-services-test-server \ /etc/conf.d/ -### create services user +### create services user and populate it's home useradd -m -r -l -f -1 -d /opt/services -k /var/empty services - -### configure test-server.py - + sudo -u services ssh-keygen -t rsa -P '' -f /opt/services/test.key $EDITOR /opt/services/services.txt -### run +### run now and every reboot - systemctl enable krebs-services-test-server systemctl start krebs-services-test-server + systemctl enable krebs-services-test-server -- cgit v1.2.3 From 46ba0880900d5696024a615ac393d485f9adfaba Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 30 Jan 2013 01:48:27 +0100 Subject: //services/bin/services: ControlMaster=no --- services/bin/services | 2 ++ 1 file changed, 2 insertions(+) (limited to 'services') diff --git a/services/bin/services b/services/bin/services index c142a363..957d197a 100755 --- a/services/bin/services +++ b/services/bin/services @@ -8,6 +8,8 @@ user=services hostname=${1-localhost} port=1337 +options="${options+$options }-o ControlMaster=no" + if test -n "${services_identity_file-}"; then options="${options+$options }-i $services_identity_file" fi -- cgit v1.2.3 From e282afbe09cc5d44b1b3329a9bc199a780be7300 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 30 Jan 2013 02:10:39 +0100 Subject: //services/bin/services: filter boring stderr --- services/bin/services | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'services') diff --git a/services/bin/services b/services/bin/services index 957d197a..113480ee 100755 --- a/services/bin/services +++ b/services/bin/services @@ -23,4 +23,11 @@ if echo $hostname | grep -q :; then hostname=`echo $hostname | cut -d: -f1` fi +exec 3>&1 +{ ssh $options $user@$hostname -p $port +} 2>&1 1>&3 | sed ' + /^Connection to '$hostname' closed/d + /^Shared connection to '$hostname' closed/d +' +exec 3>&- -- cgit v1.2.3 From 6da636908a84d1703932a5806f03301b4043a258 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 30 Jan 2013 02:13:50 +0100 Subject: //services/bin/services: fix indentation --- services/bin/services | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'services') diff --git a/services/bin/services b/services/bin/services index 113480ee..e854cbcb 100755 --- a/services/bin/services +++ b/services/bin/services @@ -25,7 +25,7 @@ fi exec 3>&1 { -ssh $options $user@$hostname -p $port + ssh $options $user@$hostname -p $port } 2>&1 1>&3 | sed ' /^Connection to '$hostname' closed/d /^Shared connection to '$hostname' closed/d -- cgit v1.2.3 From 61efc03040a5f6df520bdc7608f2035d958d16a1 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 30 Jan 2013 15:16:37 +0100 Subject: //services etc bootstrap: initial commit --- services/etc/services/bootstrap | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 services/etc/services/bootstrap (limited to 'services') diff --git a/services/etc/services/bootstrap b/services/etc/services/bootstrap new file mode 100644 index 00000000..124e77d1 --- /dev/null +++ b/services/etc/services/bootstrap @@ -0,0 +1,2 @@ +services://destroy +services://ire -- cgit v1.2.3 From ed52b2a311e2ed2a61f382de217c2fee95a51fc5 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 30 Jan 2013 14:36:07 +0000 Subject: update bootstrap uris,services.txt --- services/etc/services/bootstrap | 7 +++++++ services/services.txt | 4 ++-- 2 files changed, 9 insertions(+), 2 deletions(-) (limited to 'services') diff --git a/services/etc/services/bootstrap b/services/etc/services/bootstrap index 124e77d1..8c848146 100644 --- a/services/etc/services/bootstrap +++ b/services/etc/services/bootstrap @@ -1,2 +1,9 @@ services://destroy services://ire +services://darth_serious:22 +services://pigstarter:22 +services://incept:22 +services://rage:22 +services://devstar:22 +services://heidi:22 +services://geisha:22 diff --git a/services/services.txt b/services/services.txt index dc88cbac..265e6d1c 100644 --- a/services/services.txt +++ b/services/services.txt @@ -3,5 +3,5 @@ type: mail: expires: location: -services://{{hostname}}:22/ -tinc://{{hostname}}/ +services://{{hostname}}:22 +tinc://{{hostname}} -- cgit v1.2.3