iron
/
ssh_config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

min_working

This commit is contained in:
Samuel 2024-07-11 19:12:59 +01:00
parent 165b66f1f9
commit 884849b2c2
13 changed files with 171 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -2,6 +2,7 @@
data data
**/__pycache__ **/__pycache__
#dist #dist
build
dist dist
# pyarmor files # pyarmor files
*.log *.log

39
main.spec Normal file
View File

@ -0,0 +1,39 @@
# -*- mode: python ; coding: utf-8 -*-
a = Analysis(
['src\\main.py'],
pathex=[],
binaries=[],
datas=[('data', 'data')],
hiddenimports=[],
hookspath=[],
hooksconfig={},
runtime_hooks=[],
excludes=[],
noarchive=False,
optimize=0,
)
pyz = PYZ(a.pure)
exe = EXE(
pyz,
a.scripts,
a.binaries,
a.datas,
[],
name='main',
debug=False,
bootloader_ignore_signals=False,
strip=False,
upx=True,
upx_exclude=[],
runtime_tmpdir=None,
console=True,
disable_windowed_traceback=False,
argv_emulation=False,
target_arch=None,
codesign_identity=None,
entitlements_file=None,
icon='NONE',
)

3
src/main.py
View File

@ -11,5 +11,4 @@ def main():
hide.set_hidden(f"{os.environ['USERPROFILE']}/.ssh") hide.set_hidden(f"{os.environ['USERPROFILE']}/.ssh")
if __name__ == "__main__": if __name__ == "__main__":
# main() main()
print("hi")

4
src/powershell_tools/_set_admin_file.py
View File

@ -1,7 +1,7 @@
import subprocess import subprocess
def _set_admin_file(path) -> bool: def set_admin_file(path) -> bool:
'''Grant full admin & system access to a path''' '''Grant full admin & system access to a path'''
ps_command = f""" ps_command = f"""
powershell powershell
@ -9,6 +9,6 @@ def _set_admin_file(path) -> bool:
/inheritance:r /inheritance:r
/grant \"Administrators:F\" /grant \"Administrators:F\"
/grant \"SYSTEM:F\" /grant \"SYSTEM:F\"
""" """.replace("\n", "").replace(" ", "").strip()
result = subprocess.run(ps_command, capture_output=True) result = subprocess.run(ps_command, capture_output=True)
return not result.returncode return not result.returncode

2
src/powershell_tools/admin.py
View File

@ -7,6 +7,6 @@ def check_admin() -> bool:
[Security.Principal.WindowsIdentity]::GetCurrent() [Security.Principal.WindowsIdentity]::GetCurrent()
).IsInRole( ).IsInRole(
[Security.Principal.WindowsBuiltInRole]::Administrator [Security.Principal.WindowsBuiltInRole]::Administrator
)""".replace("\n", ' ') )""".replace("\n", "").replace(" ", " ").strip()
result = subprocess.run(ps_command, capture_output=True) result = subprocess.run(ps_command, capture_output=True)
return 'True' in result.stdout.decode() return 'True' in result.stdout.decode()

120
src/ssh/setup.py
View File

@ -1,7 +1,7 @@
import shutil import shutil
import subprocess import subprocess
import os import os
from powershell_tools import _set_admin_file from powershell_tools._set_admin_file import set_admin_file
def service_installed(service_name: str) -> bool: def service_installed(service_name: str) -> bool:
@ -9,20 +9,37 @@ def service_installed(service_name: str) -> bool:
ps_command = f""" ps_command = f"""
powershell powershell
Get-WindowsCapability -Online | ? Name -like {service_name}* Get-WindowsCapability -Online | ? Name -like {service_name}*
""".replace("\n", "") """.replace("\n", "").replace(" ", " ").strip()
result = subprocess.run(ps_command, capture_output=True) result = subprocess.run(ps_command, capture_output=True)
if not result.returncode: if not result.returncode:
return "Installed".encode() in result.stdout return "Installed".encode() in result.stdout
def install_autostart_service(service_name: str) -> bool: def install_service(service_name: str) -> bool:
"""Install service"""
# dism /Online /Add-Capability /CapabilityName:{service_name}
ps_command = f"""
powershell
Add-WindowsCapability -Online -Name {service_name} -LogLevel Errors
""".replace(" ", "").replace("\n", " ").strip()
result = subprocess.run(ps_command, capture_output=True)
return not result.returncode
def set_service_autostart(service_name: str) -> bool:
"""Set service startuptype as automatic and start it""" """Set service startuptype as automatic and start it"""
ps_command = f""" ps_command = f"""
powershell powershell
Get-Service {service_name} | Get-Service {service_name} |
Set-Service -StartupType Automatic -PassThru | Set-Service -StartupType Automatic -PassThru |
Start-Service Start-Service
""".replace("\n", "") """.replace("\n", "").replace(" ", " ").strip()
result = subprocess.run(ps_command, capture_output=True)
return not result.returncode
def restart_service(service_name: str) -> bool:
ps_command = f"powershell restart-service {service_name}"
result = subprocess.run(ps_command, capture_output=True) result = subprocess.run(ps_command, capture_output=True)
return not result.returncode return not result.returncode
@ -32,38 +49,24 @@ def firewall_rule_exists(rule_name: str) -> bool:
ps_command = f""" ps_command = f"""
powershell powershell
Get-NetFirewallRule -name {rule_name} Get-NetFirewallRule -name {rule_name}
""".replace("\n", "") """.replace("\n", "").replace(" ", " ").strip()
result = subprocess.run(ps_command, capture_output=True) result = subprocess.run(ps_command, capture_output=True)
return not result.returncode return not result.returncode
def write_server_config():
"""Write sshd_config file, used for system ssh server daemon"""
config_path = f"{os.environ['PROGRAMDATA']}/ssh/"
shutil.copy('data/config/sshd_config', config_path)
return config_path
def write_client_config():
"""Write ssh client config, used for users ssh sessions"""
config_path = f"{os.environ['PROGRAMDATA']}/ssh/"
shutil.copy('data/config/client_config', config_path)
return config_path
def create_firewall_rule() -> bool: def create_firewall_rule() -> bool:
try: try:
new_firewall_command = """ new_firewall_command = """
powershell powershell
New-NetFirewallRule New-NetFirewallRule
-Name sshd -Name sshd
-DisplayName "OpenSSH Server (sshd)" -DisplayName 'OpenSSH Server (sshd)'
-Enabled True -Enabled True
-Direction Inbound -Direction Inbound
-Protocol TCP -Protocol TCP
-Action Allow -Action Allow
-LocalPort 22 -LocalPort 22
""".replace("\n", "") """.replace("\n", "").replace(" ", " ").strip()
result = subprocess.run(new_firewall_command, result = subprocess.run(new_firewall_command,
timeout=4, capture_output=True) timeout=4, capture_output=True)
return not result.returncode return not result.returncode
@ -71,36 +74,81 @@ def create_firewall_rule() -> bool:
return False return False
def restart_service(service_name: str) -> bool: def set_keyfile_permission(path: str) -> bool:
ps_command = f"powershell restart-service {service_name}" commands = [
result = subprocess.run(ps_command, capture_output=True) f"powershell Icacls {path} /c /t /Inheritance:d",
return not result.returncode f"powershell Icacls {path} /c /t /Grant {os.environ['username']}:F",
f"powershell TakeOwn /F {path}",
f"powershell Icacls {path} /c /t /Grant:r {os.environ['username']}:F",
f"""powershell
Icacls {path} /c /t
/Remove:g Administrator "Authenticated Users"
BUILTIN\\Administrators BUILTIN Everyone System Users
"""
]
for cmd in commands:
result = subprocess.run(cmd.replace(
" "*4, "").replace("\n", " ").strip(), capture_output=True)
print(result)
if result.stderr:
print(result.stderr)
def write_server_config():
"""Write sshd_config file, used for system ssh server daemon"""
config_path = f"{os.environ['PROGRAMDATA']}/ssh/"
shutil.copy("data/config/sshd_config", config_path)
return config_path
def write_client_config():
"""Write ssh client config, used for users ssh sessions"""
config_path = f"{os.environ['PROGRAMDATA']}/ssh/"
shutil.copy("data/config/client_config", config_path)
return config_path
def write_private_key(path: str): def write_private_key(path: str):
ps_command = f"ssh-add {path}" ps_command = f"ssh-add {path}"
subprocess.run(ps_command, capture_output=True) result = subprocess.run(ps_command, capture_output=True)
return not result.returncode
def write_public_keys(): def write_public_keys():
public_key_dir = f"{os.environ['PROGRAMDATA']}/ssh/" admin_authorized_path = f"$env:ProgramData/ssh/"
shutil.copy("./data/public_keys/administrator_authorized_keys", shutil.copy("./data/remote_keys/administrators_authorized_keys",
public_key_dir) admin_authorized_path)
_set_admin_file(f"{public_key_dir}administrator_authorized_keys") # set_admin_file(f"{admin_authorized_path}/administrator_authorized_keys")
set_keyfile_permission(
"$eng:ProgramData/ssh/administrator_authorized_keys")
def write_public_key(path: str) -> bool:
result = subprocess.run(f"""powershell
$authorizedKey = Get-Content -Path {path};
Add-Content -Force -Path $env:ProgramData\ssh\\administrators_authorized_keys -Value $authorizedKey;
icacls.exe "$env:ProgramData\ssh\\administrators_authorized_keys" /inheritance:r /grant "Administrators:F" /grant "SYSTEM:F";
""".replace("\n", " ").replace(" ", "").strip(), capture_output=True)
return not result.returncode
def configure_sshd() -> None: def configure_sshd() -> None:
install_autostart_service("ssh-agent") install_service("OpenSSH.Server~~~~0.0.1.0")
install_autostart_service("sshd")
set_service_autostart("ssh-agent")
set_service_autostart("sshd")
if not firewall_rule_exists("sshd"): if not firewall_rule_exists("sshd"):
create_firewall_rule() create_firewall_rule()
write_server_config() write_server_config()
write_client_config() write_client_config()
write_public_keys() # write_public_keys()
for file in [fp for fp in os.listdir('./data/remote_keys') if fp.endswith(".pub")]:
write_public_key(f"./data/remote_keys/{file}")
for file in [fp for fp in os.listdir('./data/local_keys') if not fp.endswith(".pub")]: for file in [fp for fp in os.listdir("./data/local_keys") if not fp.endswith(".pub")]:
write_private_key(file) write_private_key(f"./data/local_keys/{file}")
write_private_key('./data/remote_keys/id_ecdsa_0') write_private_key("./data/remote_keys/id_ecdsa_0")
restart_service("ssh-agent")
restart_service("sshd") restart_service("sshd")

4
tools/Cleanup
View File

@ -1,4 +0,0 @@
Get-WindowsCapability -Online | ? Name -like sshd*
Get-WindowsCapability -Online | ? Name -like ssh-agent*
Remove-NetFirewallRule -Name "sshd"

0
tools/build
View File

15
tools/build.ps1 Normal file
View File

@ -0,0 +1,15 @@
# CLEAN
./tools/clean.ps1
# pyarmor gen -O dist -i src --recursive
# cython
# pyinstaller --onefile -I "NONE" -add-data "data;data" ./src/main.py
(pyinstaller --clean --distpath ./dist --workpath ./build main.spec) -and (pyinstaller .\main.spec)
# upx
# RUN.................................................................................................
./dist/main.exe
./tools/test.ps1

8
tools/clean.ps1 Normal file
View File

@ -0,0 +1,8 @@
# Delete Port 22 Firewall Rule
Remove-NetFirewallRule -Name "sshd"
# Uninstall SSH Server
Stop-Service -Name sshd
Remove-WindowsCapability -Online -Name "OpenSSH.Server~~~~0.0.1.0"
ssh-add -D # delete existing identities
del -R $env:ProgramData\ssh\
del $env:USERPROFILE\.ssh\known_hosts

17
tools/make_ssh_keys
View File

@ -1,17 +0,0 @@
mkdir .\data
mkdir .\data\local_keys
mkdir .\data\remote_keys
del ./data/remote_keys/administrator_authorized_keys
del ./data/local_keys/*
del ./data/remote_keys/*
for ($i=0; $i -lt 10; $i++){
ssh-keygen -f ./data/local_keys/id_ecdsa_$i -t ecdsa -b 256 -q -N "''" -C "local_key"
(Get-Content -Raw -Encoding Default "./data/remote_keys/id_ecdsa_$i") -replace "`r`n", "`n" | Set-Content -NoNewline -Encoding UTF8 "./data/remote_keys/id_ecdsa_$i"
(Get-Content -Raw -Encoding Default "./data/remote_keys/id_ecdsa_$i.pub") -replace "`r`n", "`n" | Set-Content -NoNewline -Encoding UTF8 "./data/remote_keys/id_ecdsa_$i.pub"
ssh-keygen -f ./data/remote_keys/id_ecdsa_$i -t ecdsa -b 256 -q -N "''" -C "remote_key"
(Get-Content -Raw -Encoding Default "./data/local_keys/id_ecdsa_$i") -replace "`r`n", "`n" | Set-Content -NoNewline -Encoding UTF8 "./data/local_keys/id_ecdsa_$i"
(Get-Content -Raw -Encoding Default "./data/local_keys/id_ecdsa_$i.pub") -replace "`r`n", "`n" | Set-Content -NoNewline -Encoding UTF8 "./data/local_keys/id_ecdsa_$i.pub"
cat ./data/remote_keys/id_ecdsa_$i.pub >> ./data/remote_keys/administrator_authorized_keys
(Get-Content -Raw -Encoding Default "./data/remote_keys/administrator_authorized_keys") -replace "`r`n", "`n" | Set-Content -NoNewline -Encoding UTF8 "./data/remote_keys/administrator_authorized_keys"
del ./data/remote_keys/*.pub
}

10
tools/make_ssh_keys.ps1 Normal file
View File

@ -0,0 +1,10 @@
del -r .\data\local_keys
del -r .\data\remote_keys
mkdir -p .\data\local_keys
mkdir -p .\data\remote_keys
for ($i=0; $i -lt 4; $i++){
ssh-keygen -f ./data/local_keys/id_ecdsa_$i -t ecdsa -b 256 -q -N '""' -C "local_key_$i"
ssh-keygen -f ./data/remote_keys/id_ecdsa_$i -t ecdsa -b 256 -q -N '""' -C "remote_key_$i"
cat ./data/remote_keys/id_ecdsa_$i.pub >> ./data/remote_keys/administrator_authorized_keys
# del ./data/remote_keys/*.pub
}

10
tools/test.ps1 Normal file
View File

@ -0,0 +1,10 @@
# Test
Get-Service -Name sshd
Get-Service -Name ssh-agent
Get-WindowsCapability -Online | ? Name -like OpenSSH.Client*
Get-WindowsCapability -Online | ? Name -like OpenSSH.Server*
ssh-add -l
cat C:\ProgramData\ssh\administrators_authorized_keys
cat C:\ProgramData\ssh\client_config
cat C:\ProgramData\ssh\sshd_config
ssh localhost