[root@python demos]# cat demo.py
#!/usr/bin/env python
# Copyright (C) 2003-2007 Robey Pointer <robeypointer@gmail.com>
#
# This file is part of paramiko.
#
# Paramiko is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free
# Software Foundation; either version 2.1 of the License, or (at your option)
# any later version.
#
# Paramiko is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
# details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with Paramiko; if not, write to the Free Software Foundation, Inc.,
# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
import base64
from binascii import hexlify
import getpass
import os
import select
import socket
import sys
import time
import traceback
from paramiko.py3compat import input
import paramiko
try:
import interactive
except ImportError:
from . import interactive
def agent_auth(transport, username):
"""
Attempt to authenticate to the given transport using any of the private
keys available from an SSH agent.
"""
agent = paramiko.Agent()
agent_keys = agent.get_keys()
if len(agent_keys) == 0:
return
for key in agent_keys:
print(\'Trying ssh-agent key %s\' % hexlify(key.get_fingerprint()))
try:
transport.auth_publickey(username, key)
print(\'... success!\')
return
except paramiko.SSHException:
print(\'... nope.\')
def manual_auth(username, hostname):
default_auth = \'p\'
auth = input(\'Auth by (p)assword, (r)sa key, or (d)ss key? [%s] \' % default_auth)
if len(auth) == 0:
auth = default_auth
if auth == \'r\':
default_path = os.path.join(os.environ[\'HOME\'], \'.ssh\', \'id_rsa\')
path = input(\'RSA key [%s]: \' % default_path)
if len(path) == 0:
path = default_path
try:
key = paramiko.RSAKey.from_private_key_file(path)
except paramiko.PasswordRequiredException:
password = getpass.getpass(\'RSA key password: \')
key = paramiko.RSAKey.from_private_key_file(path, password)
t.auth_publickey(username, key)
elif auth == \'d\':
default_path = os.path.join(os.environ[\'HOME\'], \'.ssh\', \'id_dsa\')
path = input(\'DSS key [%s]: \' % default_path)
if len(path) == 0:
path = default_path
try:
key = paramiko.DSSKey.from_private_key_file(path)
except paramiko.PasswordRequiredException:
password = getpass.getpass(\'DSS key password: \')
key = paramiko.DSSKey.from_private_key_file(path, password)
t.auth_publickey(username, key)
else:
pw = getpass.getpass(\'Password for %s@%s: \' % (username, hostname))
t.auth_password(username, pw)
# setup logging
paramiko.util.log_to_file(\'demo.log\')
username = \'\'
if len(sys.argv) > 1:
hostname = sys.argv[1]
if hostname.find(\'@\') >= 0:
username, hostname = hostname.split(\'@\')
else:
hostname = input(\'Hostname: \')
if len(hostname) == 0:
print(\'*** Hostname required.\')
sys.exit(1)
port = 22
if hostname.find(\':\') >= 0:
hostname, portstr = hostname.split(\':\')
port = int(portstr)
# now connect
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((hostname, port))
except Exception as e:
print(\'*** Connect failed: \' + str(e))
traceback.print_exc()
sys.exit(1)
try:
t = paramiko.Transport(sock)
try:
t.start_client()
except paramiko.SSHException:
print(\'*** SSH negotiation failed.\')
sys.exit(1)
try:
keys = paramiko.util.load_host_keys(os.path.expanduser(\'~/.ssh/known_hosts\'))
except IOError:
try:
keys = paramiko.util.load_host_keys(os.path.expanduser(\'~/ssh/known_hosts\'))
except IOError:
print(\'*** Unable to open host keys file\')
keys = {}
# check server\'s host key -- this is important.
key = t.get_remote_server_key()
if hostname not in keys:
print(\'*** WARNING: Unknown host key!\')
elif key.get_name() not in keys[hostname]:
print(\'*** WARNING: Unknown host key!\')
elif keys[hostname][key.get_name()] != key:
print(\'*** WARNING: Host key has changed!!!\')
sys.exit(1)
else:
print(\'*** Host key OK.\')
# get username
if username == \'\':
default_username = getpass.getuser()
username = input(\'Username [%s]: \' % default_username)
if len(username) == 0:
username = default_username
agent_auth(t, username)
if not t.is_authenticated():
manual_auth(username, hostname)
if not t.is_authenticated():
print(\'*** Authentication failed. :(\')
t.close()
sys.exit(1)
chan = t.open_session()
chan.get_pty()
chan.invoke_shell()
print(\'*** Here we go!\n\')
interactive.interactive_shell(chan,\'similarface\',\'localhost\')
chan.close()
t.close()
except Exception as e:
print(\'*** Caught exception: \' + str(e.__class__) + \': \' + str(e))
traceback.print_exc()
try:
t.close()
except:
pass
sys.exit(1)
import socket
import sys
import time
from paramiko.py3compat import u
# windows does not have termios...
try:
import termios
import tty
has_termios = True
except ImportError:
has_termios = False
def interactive_shell(chan,user,hostname):
if has_termios:
posix_shell(chan,user,hostname)
else:
windows_shell(chan)
def posix_shell(chan,user,hostname):
import select
f=open(\'/tmp/log.log\',\'a+\')
oldtty = termios.tcgetattr(sys.stdin)
try:
tty.setraw(sys.stdin.fileno())
tty.setcbreak(sys.stdin.fileno())
chan.settimeout(0.0)
record=[]
record_dic={}
day_time=time.strftime(\'%Y_%m_%d\')
f=open(\'/tmp/audit/logs/audit_%s_%s.log\'%(day_time,user),\'a\')
while True:
r, w, e = select.select([chan, sys.stdin], [], [])
if chan in r:
try:
x = chan.recv(1024)
if len(x) == 0:
sys.stdout.write(\'\r\n*** EOF\r\n\')
break
sys.stdout.write(x)
sys.stdout.flush()
except socket.timeout:
pass
if sys.stdin in r:
x = sys.stdin.read(1)
#f.write(x)
#f.flush()
if len(x) == 0:
break
record.append(x)
chan.send(x)
if x==\'\r\':
cmd=\'\'.join(record).split(\'\r\')[-2]
log="%s|%s|%s|%s\n"%(hostname,day_time,user,cmd)
f.write(log)
f.flush()
finally:
termios.tcsetattr(sys.stdin, termios.TCSADRAIN, oldtty)
f.close()
# thanks to Mike Looijmans for this code
def windows_shell(chan):
import threading
sys.stdout.write("Line-buffered terminal emulation. Press F6 or ^Z to send EOF.\r\n\r\n")
def writeall(sock):
while True:
data = sock.recv(256)
if not data:
sys.stdout.write(\'\r\n*** EOF ***\r\n\r\n\')
sys.stdout.flush()
break
sys.stdout.write(data)
sys.stdout.flush()
writer = threading.Thread(target=writeall, args=(chan,))
writer.start()
try:
while True:
d = sys.stdin.read(1)
if not d:
break
chan.send(d)
except EOFError:
# user hit ^Z or F6
pass
[root@python demos]# cat /home/similarface/.bashrc
# .bashrc
# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi
/bin/bash sh.sh
# User specific aliases and functions
[root@python demos]# cat /home/similarface/sh.sh
#!/usr/bin/env python
python /opt/paramiko-master/demos/menu.py
import os,sys
msg="""
\033[42;1mWelcome using similarface\'s auditing system!\033[0m
"""
print msg
host_dic={
\'similarface\':\'10.0.0.9\',
\'hadoop\':\'10.0.0.9\',
}
while True:
for hostname,ip in host_dic.items():
print hostname,ip
try:
host=raw_input(\'select:\').strip()
if host==\'quit\' or host==\'exit\' or host==\'q\':
print "See bye"
break
except Exception,e:
print e
if len(host)==0:continue
if not host_dic.has_key(host):continue
print(host)
print(host_dic[host])
#os.system(\'python demo.py %s\'%host_dic[host])
#os.system(\'python demo.py %s\'%host_dic[host])
[root@python demos]# cat /tmp/audit/logs/audit_2016_04_21_similarface.log
localhost|2016_04_21|similarface|ls
localhost|2016_04_21|similarface|pwd
localhost|2016_04_21|similarfacetop
localhost|2016_04_21|similarface|q
localhost|2016_04_21|similarface|ls
localhost|2016_04_21|similarface|cat /pr me
localhost|2016_04_21|similarface|
localhost|2016_04_21|similarface|
localhost|2016_04_21|similarface|
localhost|2016_04_21|similarface|
localhost|2016_04_21|similarface|
localhost|2016_04_21|similarface|
localhost|2016_04_21|similarface|quit
localhost|2016_04_21|similarface|logout