ncouture / mockssh Goto Github PK

View Code? Open in Web Editor NEW

122.0 6.0 22.0 82 KB

Mock an SSH server and define all commands it supports (Python, Twisted)

License: Other

Python 75.36% Hy 21.78% Makefile 2.86%

mock ssh ssh-server python hylang twisted dsl shell emulator

mockssh's Introduction

MockSSH

Mock an SSH server and all commands it supports.

Purpose

This project was developed to emulate operating systems behind SSH servers in order to test task automation without having access to the real servers.

There has been user interest in using MockSSH to perform end-to-end unit tests against SSH servers and as such a threaded version of MockSSH server is available as of version 1.4 (thanks to Claudio Mignanti).

Installation

MockSSH depends on libraries that do not support Python 3k.

mkvirtualenv -p `which python2` mocksshenv
pip install mockssh

MockSSH in Python

MockSSH aims to be as easy to use as possible.

Refer to the mock_cisco.py and mock_F5.py in the examples/ directory for an overview on how to use it.

MockSSH in LISP

Efforts were invested in simplifying the use of MockSSH with HyLang.

As a result a DSL is released with this project and resides in the mocksshy/ directory.

Using the DSL will allow you to use MockSSH by writing something that is closer to a configuration file than a program.

For comparison, here are two MockSSH servers implementations providing the same functionality:

Python

import MockSSH

def passwd_change_protocol_prompt(instance):
    instance.protocol.prompt = "hostname #"
    instance.protocol.password_input = False

def passwd_write_password_to_transport(instance):
    instance.writeln("MockSSH: password is %s" % instance.valid_password)

command_passwd = MockSSH.PromptingCommand(
    name='passwd',
    password='1234',
    prompt="Password: ",
    success_callbacks=[passwd_change_protocol_prompt],
    failure_callbacks=[passwd_write_password_to_transport])

users = {'admin': '1234'}

commands = [command_passwd]

MockSSH.runServer(commands,
                  prompt="hostname>",
                  interface='127.0.0.1',
                  port=2222,
                  **users)

HyLang

(import MockSSH)
(require mocksshy.language)


(mock-ssh :users {"testuser" "1234"}
          :host "127.0.0.1"
          :port 2222
          :prompt "hostname>"
          :commands [
  (command :name "passwd"
           :type "prompt"
           :output "Password: "
           :required-input "1234"
           :on-success ["prompt" "hostname#"]
           :on-failure ["write" "Pass is 1234..."]))

Unit Testing with MockSSH

As shown from the unit tests in the tests/ directory, it is possible to use a threaded MockSSH server to perform end-to-end unit tests against mocked SSH services.

Note that this may not be the right approach depending on your use case as only one Twisted reactor can run at the same time and reactors cannot be restarted.

Credits

MockSSH is derived from kippo, an SSH honeypot.

mockssh's People

Contributors

Stargazers

Watchers

mockssh's Issues

Rename ArgumentValidatingCommand as SSHCommand

All commands can and should be validating arguments. Commands requiring no argument should be considered "validly typed" if their arguments are None.

With this in mind and as ArgumentValidatingCommand is a subclass of SSHCommand and should be able to provide all of its superclass' functionality, it would simplify MockSSH from a usage perspective to consolidate these classes functionalities under the same one.

With this fix:

ArgumentValidatingCommand is renamed to SSHCommand
SSHCommand is renamed to _SSHCommand
ArgumentValidatingCommand is removed from all
Examples (examples/mock_cisco.py and examples/mock_F5.py) are updated to reflect this change
The hy DSL is updated to reflect this change

Python3 support

Hi,

The readme says that this requires libraries that are not supported in Python 3k. Is this true for Python 3.5 / currently? If so, what libraries?

thanks!

Python3 continued

While build with python 3 and execution of tests:

TypeError: Class advice impossible in Python3. Use the @implementer class decorator instead.

Also, I'll send a pull request to support python3 in all the print commands around in sources.

Add public key authentication for clients

How do I leverage the private.key that MockSSH generates to authenticate using key-exchange instead of password? There's probably something obvious that I'm misunderstanding, but so far I'm stumped.

I tried ssh -i private.key <user>@127.0.0.1 -p <port> but it still prompts for password. I've tried running with -vvv and it looks like it's loaded private.key as the identity file, but later on it ends up saying Authentications that can continue: password.

Thanks for making this tool! I'm excited to start using it in our test suite.

When importing MockSSH: ImportError: No module named conch

When I try to import MockSSh, I get this error:

In [1]: import MockSSH
---------------------------------------------------------------------------
ImportError                               Traceback (most recent call last)
<ipython-input-1-9079ddb1f989> in <module>()
----> 1 import MockSSH

/usr/local/lib/python2.7/dist-packages/MockSSH.py in <module>()
     18 from twisted.python import log
     19 from twisted.cred import portal, checkers
---> 20 from twisted.conch import (avatar, recvline, interfaces as conchinterfaces)
     21 from twisted.conch.ssh import (factory, keys, session, userauth, connection,
     22                                transport)

ImportError: No module named conch

I installed through pip, using: pip install https://pypi.python.org/packages/source/M/MockSSH/MockSSH-1.4.1.tar.gz

Python 2.7.6

Add optionnal banner while authenticating

The idea would be to get the possibility to specifiy a banner during SSH authentication.
The entry point would be to have an additional argument in the runServer() method to specify the banner.

This banner should cross all class until reaching SSHTransport class in the connectionMade() method where we can write the banner using self.transport.wrtite(banner)

Rename new functions

Renaming MockSSH functions.
* renamed threadedServer to startThreadedServer
* renamed threadedServerStop to stopThreadedServer
* renamed innerServer to getSSHFactory
* modified unit tests to reflect these changed

Question: How to run server that does not require password?

Hey, good stuff, but is there a way to run this mock server to emulate one that does not require a password? Where you can just do: ssh [email protected] -p and then you're in?

Rename PasswordPromptingCommand to PromptingCommand

The PasswordPromptingCommand class provides non-password-specific functionality.

In order to make this obvious we will be renaming PasswordPromptingCommand to PromptingCommand.

With this fix:

PasswordPromptingCommand is renamed to PromptingCommand
Examples (examples/mock_cisco.py and examples/mock_F5.py) are updated to reflect this change
The hy DSL is updated to reflect this change

add support for Diffie-Hellman prime groups as required by twisted.conch.ssh.factory

As raised in #12, MockSSH does not work with recent versions of Twisted due to the lack of support for Diffie-Hellman prime groups as required by twisted.conch.ssh.factory (getDHPrime).

With this fix primes are made available after parsing the moduli file (twisted.conch.openssh_compat.primes).

execCommand support

it would be great if you can add in the support for execCommand
below is the output from git diff

diff --git a/MockSSH.py b/MockSSH.py
index e5f5113..18af0bf 100755
--- a/MockSSH.py
+++ b/MockSSH.py
@@ -317,7 +317,27 @@ class SSHAvatar(avatar.ConchUser):
         return None
 
     def execCommand(self, protocol, cmd):
-        raise NotImplemented
+        if cmd:
+            self.client = TransportWrapper(protocol)
+
+            cmd_and_args = cmd.split()
+            cmd, args = cmd_and_args[0], cmd_and_args[1:]
+            func = self.get_exec_func(cmd)
+
+            if func:
+                try:
+                    func(*args)
+                except Exception as e:
+                    self.client.write("Error: {0}".format(e))
+            else:
+                self.client.write("No such command.")
+
+            self.client.loseConnection()
+            protocol.session.conn.transport.expectedLoseConnection = 1
+
+        #raise NotImplemented
+    def get_exec_func(self, cmd):
+        return getattr(self, 'exec_' + cmd, None)
 
     def closed(self):
         pass
@@ -511,6 +531,29 @@ def startThreadedServer(commands,
 def stopThreadedServer():
     reactor.callFromThread(reactor.stop)
 
+class TransportWrapper(object):
+
+    def __init__(self, p):
+        self.protocol = p
+        p.makeConnection(self)
+        self.closed = False
+
+    def write(self, data):
+        self.protocol.outReceived(data)
+        self.protocol.outReceived('\r\n')
+
+        # Mimic 'exit' for the shell test
+        if '\x00' in data:
+            self.loseConnection()
+
+    def loseConnection(self):
+        if self.closed:
+            return
+
+        self.closed = True
+        self.protocol.inConnectionLost()
+        self.protocol.outConnectionLost()
+        self.protocol.errConnectionLost()
 
 if __name__ == "__main__":
     users = {'root': 'x'}

Add instructions to generate primes and keys (and where to store them)

Add instructions to generate primes and keys (and where to store them). Running one the example out of the box, without any knowledge of how Twisted Conch works, results in an error, since primes are missing by default.

> python examples/mock_cisco.py
2016-05-31 11:59:38+0200 [-] Log opened.
2016-05-31 11:59:39+0200 [-] SSHFactory starting on 9999
2016-05-31 11:59:39+0200 [-] Starting factory <MockSSH.SSHFactory instance at 0x338dc68>
2016-05-31 12:00:01+0200 [-] New connection: 127.0.0.1:40963 (127.0.0.1:9999) [session: 0]
2016-05-31 12:00:01+0200 [-] Remote SSH version: SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u4
2016-05-31 12:00:01+0200 [SSHTransport,0,127.0.0.1] kex alg, key alg: diffie-hellman-group-exchange-sha256 ssh-rsa
2016-05-31 12:00:01+0200 [SSHTransport,0,127.0.0.1] outgoing: aes128-ctr hmac-md5 none
2016-05-31 12:00:01+0200 [SSHTransport,0,127.0.0.1] incoming: aes128-ctr hmac-md5 none
2016-05-31 12:00:01+0200 [SSHTransport,0,127.0.0.1] Unhandled Error
    Traceback (most recent call last):
      File "/tmp/mock_env/local/lib/python2.7/site-packages/Twisted-16.2.0-py2.7-linux-x86_64.egg/twisted/python/log.py", line 101, in callWithLogger
        return callWithContext({"system": lp}, func, *args, **kw)
      File "/tmp/mock_env/local/lib/python2.7/site-packages/Twisted-16.2.0-py2.7-linux-x86_64.egg/twisted/python/log.py", line 84, in callWithContext
        return context.call({ILogContext: newCtx}, func, *args, **kw)
      File "/tmp/mock_env/local/lib/python2.7/site-packages/Twisted-16.2.0-py2.7-linux-x86_64.egg/twisted/python/context.py", line 118, in callWithContext
        return self.currentContext().callWithContext(ctx, func, *args, **kw)
      File "/tmp/mock_env/local/lib/python2.7/site-packages/Twisted-16.2.0-py2.7-linux-x86_64.egg/twisted/python/context.py", line 81, in callWithContext
        return func(*args,**kw)
    --- <exception caught here> ---
      File "/tmp/mock_env/local/lib/python2.7/site-packages/Twisted-16.2.0-py2.7-linux-x86_64.egg/twisted/internet/posixbase.py", line 597, in _doReadOrWrite
        why = selectable.doRead()
      File "/tmp/mock_env/local/lib/python2.7/site-packages/Twisted-16.2.0-py2.7-linux-x86_64.egg/twisted/internet/tcp.py", line 209, in doRead
        return self._dataReceived(data)
      File "/tmp/mock_env/local/lib/python2.7/site-packages/Twisted-16.2.0-py2.7-linux-x86_64.egg/twisted/internet/tcp.py", line 215, in _dataReceived
        rval = self.protocol.dataReceived(data)
      File "build/bdist.linux-x86_64/egg/MockSSH.py", line 377, in dataReceived

      File "/tmp/mock_env/local/lib/python2.7/site-packages/Twisted-16.2.0-py2.7-linux-x86_64.egg/twisted/conch/ssh/transport.py", line 724, in dataReceived
        self.dispatchMessage(messageNum, packet[1:])
      File "/tmp/mock_env/local/lib/python2.7/site-packages/Twisted-16.2.0-py2.7-linux-x86_64.egg/twisted/conch/ssh/transport.py", line 742, in dispatchMessage
        f(payload)
      File "/tmp/mock_env/local/lib/python2.7/site-packages/Twisted-16.2.0-py2.7-linux-x86_64.egg/twisted/conch/ssh/transport.py", line 1329, in ssh_KEX_DH_GEX_REQUEST
        self.g, self.p = self.factory.getDHPrime(ideal)
      File "/tmp/mock_env/local/lib/python2.7/site-packages/Twisted-16.2.0-py2.7-linux-x86_64.egg/twisted/conch/ssh/factory.py", line 106, in getDHPrime
        primesKeys = self.primes.keys()
    exceptions.AttributeError: 'NoneType' object has no attribute 'keys'

2016-05-31 12:00:01+0200 [SSHTransport,0,127.0.0.1] connection lost

Packaging for PyPi

Hi.

Love the idea, could you please package it for pypi?

If you want an easy way, this tool could help:

https://github.com/Infinidat/infi.projector

support commands with PIPE

is that possible to support PIPE command in ArgumentValidatingCommand ?

for example "ls -l | grep abc"

diff --git a/MockSSH.py b/MockSSH.py
index 18af0bf..1eb4c47 100755
--- a/MockSSH.py
+++ b/MockSSH.py
@@ -118,7 +118,10 @@ class ArgumentValidatingCommand(SSHCommand):
         self.name = name
         self.success_callbacks = success_callbacks
         self.failure_callbacks = failure_callbacks
-        self.required_arguments = [name] + list(args)
+        if isinstance(args[0], list):
+            self.required_arguments = [[name] + list(x) for x in args]
+        else:
+            self.required_arguments = [name] + list(args)
         self.protocol = None  # set in __call__
 
     def __call__(self, protocol, *args):
@@ -126,7 +129,7 @@ class ArgumentValidatingCommand(SSHCommand):
         return self
 
     def start(self):
-        if not tuple(self.args) == tuple(self.required_arguments):
+        if not list(self.args) == self.required_arguments:
             [func(self) for func in self.failure_callbacks]
         else:
             [func(self) for func in self.success_callbacks]

mocksshy and command validation

I'm trying to build a hy-based test fixture, but I'm hitting a wall when it comes to command validation... this is my script:

#!/usr/bin/env hy

; A mocked-up Cisco Router to test SSH connections

(import MockSSH)
(require mocksshy.language)

(def *crlf* "\r\n")
(def *MockHostname* "MockRouter")
(def *MockPrompt1* (+ *MockHostname* ">"))
(def *MockPrompt15* (+ *MockHostname* "#"))
(def *MockConfPrompt* (+ *MockHostname* "(config)" "#"))
(def *MockConfIntfPrompt* (+ *MockHostname* "(config-if)" "#"))
(def *SyntaxError* (+ "           ^" *crlf* "% Invalid input detected at '^' marker." *crlf*))
(def *AccessDenied* (+ "% Access denied" *crlf*))
(def *ConfigMessage* (+ "Enter configuration commands, one per line.  End with CNTL/Z." *crlf*))

(mock-ssh :users {"admin" "cisco"}
          :host "127.0.0.1"
          :port 2222
          :prompt *MockPrompt1*
          :commands [
  (command :name "enable"
           :type "prompt"
           :output "Password: "
           :required-input "cisco123"
           :on-success ["prompt" *MockPrompt15*]
           :on-failure ["write" *AccessDenied*])
  (command :name "term"
           :type "output"
           :args ["len 0"]
           :on-success ["prompt" *MockPrompt15*]
           :on-failure ["write" *SyntaxError*])])

The problem is no matter what I type for term ..., the session gladly accepts it. Using the example above...

(py27_test)[mpenning@tsunami src]$ ssh -p 2222 admin@localhost
admin@localhost's password:
MockRouter>term len guacamole
MockRouter>term
MockRouter>t
MockSSH: t: command not found
MockRouter>

I wanted the script to require a literal term len 0; however, it takes anything. Is this expected behavior? Is there a way to fix the mocksshy script above?

Version info (all on Debian linux 7.1, Python 2.7.3, kernel 3.2.0)...

(py27_sshmock)[mpenning@tsunami ~]$ pip freeze
MockSSH==1.4.1
Twisted==15.0.0
argparse==1.2.1
astor==0.4.1
ecdsa==0.13
graphite-web==0.9.10
hy==0.10.1
paramiko==1.15.2
pyasn1==0.1.7
pycrypto==2.6.1
rply==0.7.3
wsgiref==0.1.2
zope.interface==4.1.2
(py27_sshmock)[mpenning@tsunami ~]$

Implement unit tests

We need unit tests.

For starters here are a some unit tests that are also using SSH:

Getting OSError: [Errno 9] Bad file descriptor in tests

I occasionally get:

Exception in thread Thread-9:
Traceback (most recent call last):
  File "/usr/lib/python3.7/threading.py", line 926, in _bootstrap_inner
    self.run()
  File "/usr/lib/python3.7/threading.py", line 870, in run
    self._target(*self._args, **self._kwargs)
  File "/home/suor/.virtualenvs/dvc/lib/python3.7/site-packages/mockssh/server.py", line 126, in _run
    conn, addr = sock.accept()
  File "/usr/lib/python3.7/socket.py", line 212, in accept
    fd, addr = self._accept()
OSError: [Errno 9] Bad file descriptor

which doesn't break anything, only annoys us.

Here is how we use it in our pytest suite:

here = os.path.abspath(os.path.dirname(__file__))

user = "user"
key_path = os.path.join(here, "{0}.key".format(user))


@pytest.fixture
def ssh_server():
    users = {user: key_path}
    with mockssh.Server(users) as s:
        s.test_creds = {
            "host": s.host,
            "port": s.port,
            "username": user,
            "key_filename": key_path,
        }
        yield s


@pytest.fixture
def ssh(ssh_server):
    # This is our class encapsulating paramiko.SSHClient
    yield SSHConnection(**ssh_server.test_creds)