Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ssh module refactoring separate auth/shell checks #331

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

ssh module refactoring separate auth/shell checks #331

wants to merge 2 commits into from

Conversation

nikaiw
Copy link
Contributor

@nikaiw nikaiw commented Jun 2, 2024
edited
Loading

This pull request aims to refactor the code to make it more readable but also to properly separate the code that can be linked to authentication from the code linked to the test concerning the shell obtained

@NeffIsBack NeffIsBack added enhancement New feature or request bug-fix This Pull Request fixes a bug labels Jun 11, 2024
@NeffIsBack NeffIsBack mentioned this pull request Jun 14, 2024
Closed
@nikaiw nikaiw force-pushed the main branch 2 times, most recently from deaabbb to d17522e Compare July 20, 2024 16:16
@NeffIsBack NeffIsBack self-assigned this Aug 28, 2024
NeffIsBack
NeffIsBack requested changes Sep 1, 2024
View reviewed changes
Copy link
Contributor

@NeffIsBack NeffIsBack left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, thanks for the PR!

Please describe briefly (in the PR description) what has been done and why, so we know what this PR aims to achieve without diving into past issues etc.
If possible please also provide example output screenshots

nxc/protocols/ssh.py
Comment on lines -228 to -234
except AuthenticationException:
self.logger.fail(f"{username}:{process_secret(password)}")
except SSHException as e:
if "Invalid key" in str(e):
self.logger.fail(f"{username}:{process_secret(password)} Could not decrypt private key, error: {e}")
if "Error reading SSH protocol banner" in str(e):
self.logger.error(f"Internal Paramiko error for {username}:{process_secret(password)}, {e}")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please preserve the current Exception handling, as with this we can catch some weird paramiko issues

Copy link
Contributor Author

@nikaiw nikaiw Sep 12, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Those exception are already handled in create_conn_obj() However, I could add the logger calls to keep the previous behavior.

Edit: actually, I didn't remembered well, there are 2 connections, a first one to check that the service is present with conn_obj() which as exception handling. A second one with plaintext_login() for which I added handle_connection_failure() to handle all kind of exception

nxc/protocols/ssh.py
shell_access = True
def connect_with_key(self, username, password, key_content):
self.logger.debug(f"Logging {self.host} with username: {self.username}, key: {self.args.key_file}")
pkey = paramiko.RSAKey.from_private_key(StringIO(key_content))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is with all the other key types? This should not be limited to RSA

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah good catch this is a last PR modification mistake, I'll fix that

@NeffIsBack NeffIsBack linked an issue Sep 1, 2024 that may be closed by this pull request
Exception with ssh if channel is closed during interaction #264
Open
@NeffIsBack
Copy link
Contributor

While we are at it we should probably also catch the timeout error in #358.

@NeffIsBack NeffIsBack added the reviewed code Label for when a static code review was done label Sep 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@NeffIsBack NeffIsBack NeffIsBack requested changes

@zblurx zblurx Awaiting requested review from zblurx zblurx is a code owner

@Marshall-Hallenbeck Marshall-Hallenbeck Awaiting requested review from Marshall-Hallenbeck Marshall-Hallenbeck is a code owner

@mpgn mpgn Awaiting requested review from mpgn mpgn is a code owner

Requested changes must be addressed to merge this pull request.

Assignees

@NeffIsBack NeffIsBack

Labels
bug-fix This Pull Request fixes a bug enhancement New feature or request reviewed code Label for when a static code review was done Waiting for response
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Exception with ssh if channel is closed during interaction
2 participants
@nikaiw @NeffIsBack