Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: python sshnpd direct ssh #445

Merged
merged 20 commits into from
Nov 23, 2023
Merged

feat: python sshnpd direct ssh #445

merged 20 commits into from
Nov 23, 2023

Conversation

Xlin123
Copy link
Member

@Xlin123 Xlin123 commented Sep 11, 2023
edited
Loading

- What I did
Added Direct SSH
Fixed : #399, #400 #404
- How I did it
Direct SSH implemented
--> Added socket_connector and sshrv
Created more proper threading for several ssh connections
Added -s flag to sshnpd

- How to verify it
Tested Reverse tunnel with client version 3.4.2
Tested direct ssh with latest client release on windows (4.0.0-rc.8)

- Description for the changelog
feat: python sshnpd direct ssh

@Xlin123 Xlin123 self-assigned this Sep 11, 2023
@Xlin123 Xlin123 marked this pull request as draft September 11, 2023 04:26
This was referenced Oct 6, 2023
Closed
Closed
@Xlin123
Copy link
Member Author

Xlin123 commented Oct 10, 2023

My forward ssh is still failing with sshnp failed: with sshnpd acknowledgement errors on refactor/noports_core

{"payload": 
  {"status": "connected", 
  "sessionId": "fab1aff1-6473-4b85-a92e-ee5f31541a87", 
 "ephemeralPrivateKey": "-----BEGIN OPENSSH PRIVATE KEY-----
  gibberish
  ----END OPENSSH PRIVATE KEY-----\n"
  }, 
"signature": "Qq9c6j5k7sht02v+TI+TxDWhi+luS64j8IaIIkbmGYSDplkpPe1g5g/jCHw2IinnAPLO19by3Kfh7eu6DZfcY+mw+v1mo099hr2yJLxfWgWaw+RY+beoSTxOfLOXBXh2EoSstPcT03R8QRhj2Zk31jBiQRLYWgIIFdFX8tfy0WZD7UQc1voR2cGGHnYuKprrSGoiTjMTBxh5QcVL8089Bcd07wnPObiHiaa4zO+gGUOF0iaUqS1RBvbJwLPwn0JmIv6B7gFZHmcPj+qf0r0Z6wHLr2PqTj9LNKtBlWfT/iXktWOH0/0wW9+R/8IEMrYo2PP1iiSbRfV1NX7MyhgY5w==", 
"signingAlgo": "rsa2048", 
"hashingAlgo": "sha256"
}

@XavierChanth Is my payload wrong? Should I be encrypting the ssh pkey?
@cpswan This PR should fix whatever issues you're running into right now. If you want to merge is ASAP I can fix whatever is wrong with forward ssh later.

@Xlin123 Xlin123 marked this pull request as ready for review October 10, 2023 17:56
@XavierChanth
Copy link
Member

XavierChanth commented Oct 10, 2023
edited
Loading

@XavierChanth Is my payload wrong? Should I be encrypting the ssh pkey?

e.g.

{"payload":
   {"status":"connected",
   "sessionId":"e0bd9e24-8e5c-4c9d-b8ef-bf06185edcfa",
   "ephemeralPrivateKey":"-----BEGIN OPENSSH PRIVATE KEY-----\n
    ...
    -----END OPENSSH PRIVATE KEY-----\n"
   },
"signature":"IRIKMR4V+LUpyXJO6kScz74BcpZ7PZ9jQeMHBh1MwRl1U9rP44E0Hv78mMvI9ip9Qv8s3e+xsj9S6CKbC7DfNbZf3U2xnl+pWY2tm7m3skxZ3QCMK1w57EYRg8DSN8jd9AQ0G0+8tO00FCUMdT1AJYeNe50gMeG+z0uMsMqt9SyzN3+ICFyL0MeJFPJOP2PV6RFwFHvZpX7MIWACYVfHuXbJmI2oMluKA6g2zgm4XXj203TldvbMWnjQexpNaQqvEMX01bPrZwWB7J0u2KaKB1DbUoT73631sZfjeUOEAXGWebJskQYLRIUh1PWzJj/DnqwubNt0au9PDwiH+z0aoQ==",
"hashingAlgo":"sha256",
"signingAlgo":"rsa2048"}

Payload looks fine, what client version are you using?

@Xlin123
Copy link
Member Author

Xlin123 commented Oct 11, 2023

@XavierChanth Is my payload wrong? Should I be encrypting the ssh pkey?

e.g.

{"payload":
   {"status":"connected",
   "sessionId":"e0bd9e24-8e5c-4c9d-b8ef-bf06185edcfa",
   "ephemeralPrivateKey":"-----BEGIN OPENSSH PRIVATE KEY-----\n
    ...
    -----END OPENSSH PRIVATE KEY-----\n"
   },
"signature":"IRIKMR4V+LUpyXJO6kScz74BcpZ7PZ9jQeMHBh1MwRl1U9rP44E0Hv78mMvI9ip9Qv8s3e+xsj9S6CKbC7DfNbZf3U2xnl+pWY2tm7m3skxZ3QCMK1w57EYRg8DSN8jd9AQ0G0+8tO00FCUMdT1AJYeNe50gMeG+z0uMsMqt9SyzN3+ICFyL0MeJFPJOP2PV6RFwFHvZpX7MIWACYVfHuXbJmI2oMluKA6g2zgm4XXj203TldvbMWnjQexpNaQqvEMX01bPrZwWB7J0u2KaKB1DbUoT73631sZfjeUOEAXGWebJskQYLRIUh1PWzJj/DnqwubNt0au9PDwiH+z0aoQ==",
"hashingAlgo":"sha256",
"signingAlgo":"rsa2048"}

Payload looks fine, what client version are you using?

I'm dart compiling the binary on refactor/noports_core.

@XavierChanth
Copy link
Member

@XavierChanth Is my payload wrong? Should I be encrypting the ssh pkey?

e.g.

{"payload":
   {"status":"connected",
   "sessionId":"e0bd9e24-8e5c-4c9d-b8ef-bf06185edcfa",
   "ephemeralPrivateKey":"-----BEGIN OPENSSH PRIVATE KEY-----\n
    ...
    -----END OPENSSH PRIVATE KEY-----\n"
   },
"signature":"IRIKMR4V+LUpyXJO6kScz74BcpZ7PZ9jQeMHBh1MwRl1U9rP44E0Hv78mMvI9ip9Qv8s3e+xsj9S6CKbC7DfNbZf3U2xnl+pWY2tm7m3skxZ3QCMK1w57EYRg8DSN8jd9AQ0G0+8tO00FCUMdT1AJYeNe50gMeG+z0uMsMqt9SyzN3+ICFyL0MeJFPJOP2PV6RFwFHvZpX7MIWACYVfHuXbJmI2oMluKA6g2zgm4XXj203TldvbMWnjQexpNaQqvEMX01bPrZwWB7J0u2KaKB1DbUoT73631sZfjeUOEAXGWebJskQYLRIUh1PWzJj/DnqwubNt0au9PDwiH+z0aoQ==",
"hashingAlgo":"sha256",
"signingAlgo":"rsa2048"}

Payload looks fine, what client version are you using?

I'm dart compiling the binary on refactor/noports_core.

That's a little outdated, try from trunk

github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 11, 2023
View reviewed changes
packages/sshnpdpy/lib/sshnpdclient.py Dismissed Show dismissed Hide dismissed
@XavierChanth
Copy link
Member

I just published 4.0.0-rc.7, give that a try

@cpswan cpswan mentioned this pull request Oct 13, 2023
Closed
@Xlin123
Copy link
Member Author

Xlin123 commented Oct 16, 2023
edited
Loading

I'll dig into the code a bit today, I might need to update or change how I'm signing the data.

INFO|2023-10-16 10:24:59.455026| sshnp |Signing Verification Result: ResultType: bool, Result: false, SigningMetadata: {HashingAlgo: sha256, SigningAlgo: rsa2048, SignatureTimestamp: 2023-10-16 14:24:59.454482Z} 
INFO|2023-10-16 10:24:59.455128| sshnp |svr.result is a bool 
INFO|2023-10-16 10:24:59.455159| sshnp |svr.result is false 
SHOUT|2023-10-16 10:24:59.455227| sshnp |Failed to verify signature of msg from @chess69 
SHOUT|2023-10-16 10:24:59.455261| sshnp |Exception: Exception: signature verification returned false using cached public key for @chess69 <privateKey>
SHOUT|2023-10-16 10:24:59.455298| sshnp |Notification value: {"payload": {"status": "connected", "sessionId": "2fae5f9f-658f-498e-a3c5-5469fc60446b", "ephemeralPrivateKey": "-----BEGIN OPENSSH PRIVATE KEY-----
.....
n-----END OPENSSH PRIVATE KEY-----\n"}, "signature": "SZq9Fzr/s5JYxZ/Z04WuUWUNkBgDSshZF24b6VsHdafLQ+rMOfdvwA37J2KDOwGb9qt4OLGLD0K1CSaf3JdVvv8xzJZLEAZ52A8cq3N/tSs3ja9/bXv4RY3o73z34JJXwtUQA0qyGim01LlUtX8ZPjIX0CodoYOEjglFEew38MlUWZoJ3J9U8LjEMhyJ53JjYDZqxojKbPrCbXMa87/WxB5ICKYE1BZNgMrun4nuiG06+FJoTe/N1GF0sY9R1bLJqSozZgC4N8NYAUao2+oXIyjFBVWhSigeopp2Ew69d79aQ4spmL1ZaxEQ4i/hrxG96D8cQKy1yvB5IqVWoV5n8w==", "signingAlgo": "rsa2048", "hashingAlgo": "sha256"} 
sshnp failed: with sshnpd acknowledgement errors

Stack Trace: #0      SSHNPForward.requestSocketTunnelFromDaemon (package:noports_core/src/sshnp/forward_direction/sshnp_forward.dart:60)
<asynchronous suspension>
#1      SSHNPForwardExecImpl.run (package:noports_core/src/sshnp/forward_direction/sshnp_forward_exec_impl.dart:40)
<asynchronous suspension>
#2      main.<anonymous closure> (file:///home/xavier/sshnoports/packages/sshnoports/bin/sshnp.dart:83)
<asynchronous suspension>
#3      main (file:///home/xavier/sshnoports/packages/sshnoports/bin/sshnp.dart:37)
<asynchronous suspension>

@cpswan
Copy link
Member

cpswan commented Oct 25, 2023

@Xlin123 is this ready for review again?

@Xlin123 Xlin123 marked this pull request as draft November 7, 2023 01:04
@Xlin123 Xlin123 marked this pull request as ready for review November 23, 2023 05:56
@Xlin123
Copy link
Member Author

Xlin123 commented Nov 23, 2023
edited
Loading

@cpswan @XavierChanth Sorry for the long wait. Ready for review now.

The below at_python PR needs approving before this one.

@Xlin123 Xlin123 mentioned this pull request Nov 23, 2023
Merged
@Xlin123 Xlin123 merged commit 7147e3c into trunk Nov 23, 2023
11 checks passed
@Xlin123 Xlin123 deleted the xlin-sshnoports-400 branch November 23, 2023 15:10
@XavierChanth
Copy link
Member

XavierChanth commented Nov 23, 2023
edited
Loading

Following this PR, I'm going to open a discussion item to address how we want to handle releases for the python daemon

It would be nice for it to match the cadence of the dart daemon, but that's not realistic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cpswan cpswan cpswan approved these changes

@XavierChanth XavierChanth Awaiting requested review from XavierChanth

Assignees

@Xlin123 Xlin123

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Python SSHNPD: Handling SSH Public and Private Keys
3 participants
@Xlin123 @XavierChanth @cpswan