ssh

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 17, 2015 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	KEX_CURVE_25519_SHA256_OPENSSH = "curve25519-sha256@libssh.org"
	KEX_ECDH_SHA2_NISTP256         = "ecdh-sha2-nistp256"
	KEX_ECDH_SHA2_NISTP384         = "ecdh-sha2-nistp384"
	KEX_ECDH_SHA2_NISTP521         = "ecdh-sha2-nistp521"
	KEX_DH_SHA256                  = "diffie-hellman-group-exchange-sha256"
	KEX_DH_SHA1                    = "diffie-hellman-group-exchange-sha1"
	KEX_DH_GROUP14_SHA1            = "diffie-hellman-group14-sha1"
	KEX_DH_GROUP1_SHA1             = "diffie-hellman-group1-sha1"
)

SSH key exchange types

View Source 
const (
	HOST_KEY_ECDSA_SHA2_NISTP256_CERT_V01_OPENSSH = "ecdsa-sha2-nistp256-cert-v01@openssh.com"
	HOST_KEY_ECDSA_SHA2_NISTP384_CERT_V01_OPENSSH = "ecdsa-sha2-nistp384-cert-v01@openssh.com"
	HOST_KEY_ECDSA_SHA2_NISTP521_CERT_V01_OPENSSH = "ecdsa-sha2-nistp521-cert-v01@openssh.com"
	HOST_KEY_ECDSA_SHA2_NISTP256                  = "ecdsa-sha2-nistp256"
	HOST_KEY_ECDSA_SHA2_NISTP384                  = "ecdsa-sha2-nistp384"
	HOST_KEY_ECDSA_SHA2_NISTP521                  = "ecdsa-sha2-nistp521"
	HOST_KEY_ED_25519_CERT_V01_OPENSSH            = "ssh-ed25519-cert-v01@openssh.com"
	HOST_KEY_RSA_CERT_V01                         = "ssh-rsa-cert-v01@openssh.com"
	HOST_KEY_DSS_CERT_V01                         = "ssh-dss-cert-v01@openssh.com"
	HOST_KEY_RSA_CERT_V00_OPENSSH                 = "ssh-rsa-cert-v00@openssh.com"
	HOST_KEY_DSS_CERT_V00_OPENSSH                 = "ssh-dss-cert-v00@openssh.com"
	HOST_KEY_ED_25519                             = "ssh-ed25519"
	HOST_KEY_RSA                                  = "ssh-rsa"
	HOST_KEY_DSS                                  = "ssh-dss"
)

Host key algorithms ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss

View Source 
const (
	ENCRYPTION_AES_128_CTR                 = "aes128-ctr"
	ENCRYPTION_AES_192_CTR                 = "aes192-ctr"
	ENCRYPTION_AES_256_CTR                 = "aes256-ctr"
	ENCRPTION_ARCFOUR_256                  = "arcfour256"
	ENCRYPTION_ARCFOUR_128                 = "arcfour128"
	ENCRYPTION_AES_128_GCM_OPENSSH         = "aes128-gcm@openssh.com"
	ENCRYPTION_AES_256_GCM_OPENSSH         = "aes256-gcm@openssh.com"
	ENCRYPTION_CHACHA_20_POLY_1305_OPENSSH = "chacha20-poly1305@openssh.com"
	ENCRYPTION_AES_128_CBC                 = "aes128-cbc"
	ENCRYPTION_3DES_CBC                    = "3des-cbc"
	ENCRYPTION_BLOWFISH_CBC                = "blowfish-cbc"
	ENCRYPTION_CAST_128_CBC                = "cast128-cbc"
	ENCRYPTION_AES_192_CBC                 = "aes192-cbc"
	ENCRYPTION_AES_256_CBC                 = "aes256-cbc"
	ENCRYPTION_ARCFOUR                     = "arcfour"
	ENCRYPTION_RIJNDAEL_CBC_LYSATOR        = "rijndael-cbc@lysator.liu.se"
)

Encryption types

View Source 
const (
	MAC_HMAC_MD5_ETM_OPENSSH        = "hmac-md5-etm@openssh.com"
	MAC_HMAC_SHA1_ETM_OPENSSH       = "hmac-sha1-etm@openssh.com"
	MAC_UMAC_64_ETM_OPENSSH         = "umac-64-etm@openssh.com"
	MAC_UMAC_128_ETM_OPENSSH        = "umac-128-etm@openssh.com"
	MAC_HMAC_SHA2_256_ETM_OPENSSH   = "hmac-sha2-256-etm@openssh.com"
	MAC_HMAC_SHA2_512_ETM_OPENSSH   = "hmac-sha2-512-etm@openssh.com"
	MAC_HMAC_RIPEMD_160_ETM_OPENSSH = "hmac-ripemd160-etm@openssh.com"
	MAC_HMAC_SHA1_96_ETM_OPENSSH    = "hmac-sha1-96-etm@openssh.com"
	MAC_HMAC_MD5_96_ETM             = "hmac-md5-96-etm@openssh.com"
	MAC_HMAC_MD5                    = "hmac-md5"
	MAC_HMAC_SHA1                   = "hmac-sha1"
	MAC_UMAC_64_OPENSSH             = "umac-64@openssh.com"
	MAC_UMAC_128_OPENSSH            = "umac-128@openssh.com"
	MAC_HMAC_SHA2_256               = "hmac-sha2-256"
	MAC_HMAC_SHA2_512               = "hmac-sha2-512"
	MAC_HMAC_RIPEMD_160             = "hmac-ripemd160"
	MAC_HMAC_RIPEMD_160_OPENSSH     = "hmac-ripemd160@openssh.com"
	MAC_HMAC_SHA1_96                = "hmac-sha1-96"
	MAC_HMAC_MD5_96                 = "hmac-md5-96"
)

MAC types

View Source 
const (
	COMPRESSION_NONE         = "none"
	COMPRESSION_ZLIB_OPENSSH = "zlib@openssh.com"
	COMPRESSION_ZLIB         = "zlib"
)

Compression types

View Source 
const (
	SSH_MSG_KEXINIT                byte = 20
	SSH_MSG_KEXDH_INIT             byte = 30
	SSH_MSG_KEXDH_REPLY            byte = 31
	SSH_MSG_KEX_DH_GEX_REQUEST_OLD byte = 30
	SSH_MSG_KEY_DH_GEX_REQUEST     byte = 34
	SSH_MSG_KEX_DH_GEX_GROUP       byte = 31
	SSH_MSG_KEX_DH_GEX_INIT        byte = 32
	SSH_MSG_KEX_DH_GEX_REPLY       byte = 33
)

Variables

View Source 
var KnownCompressionAlgorithmNames = []string{
	COMPRESSION_NONE,
	COMPRESSION_ZLIB_OPENSSH,
	COMPRESSION_ZLIB,
}
View Source 
var KnownEncryptionAlgorithmNames = []string{
	ENCRYPTION_AES_128_CTR,
	ENCRYPTION_AES_192_CTR,
	ENCRYPTION_AES_256_CTR,
	ENCRPTION_ARCFOUR_256,
	ENCRYPTION_ARCFOUR_128,
	ENCRYPTION_AES_128_GCM_OPENSSH,
	ENCRYPTION_AES_256_GCM_OPENSSH,
	ENCRYPTION_CHACHA_20_POLY_1305_OPENSSH,
	ENCRYPTION_AES_128_CBC,
	ENCRYPTION_3DES_CBC,
	ENCRYPTION_BLOWFISH_CBC,
	ENCRYPTION_CAST_128_CBC,
	ENCRYPTION_AES_192_CBC,
	ENCRYPTION_AES_256_CBC,
	ENCRYPTION_ARCFOUR,
	ENCRYPTION_RIJNDAEL_CBC_LYSATOR,
}
View Source 
var KnownHostKeyAlgorithmNames = []string{
	HOST_KEY_ECDSA_SHA2_NISTP256_CERT_V01_OPENSSH,
	HOST_KEY_ECDSA_SHA2_NISTP384_CERT_V01_OPENSSH,
	HOST_KEY_ECDSA_SHA2_NISTP521_CERT_V01_OPENSSH,
	HOST_KEY_ECDSA_SHA2_NISTP256,
	HOST_KEY_ECDSA_SHA2_NISTP384,
	HOST_KEY_ECDSA_SHA2_NISTP521,
	HOST_KEY_ED_25519_CERT_V01_OPENSSH,
	HOST_KEY_RSA_CERT_V01,
	HOST_KEY_DSS_CERT_V01,
	HOST_KEY_RSA_CERT_V00_OPENSSH,
	HOST_KEY_DSS_CERT_V00_OPENSSH,
	HOST_KEY_ED_25519,
	HOST_KEY_RSA,
	HOST_KEY_DSS,
}
View Source 
var KnownKexAlgorithmNames = []string{
	KEX_CURVE_25519_SHA256_OPENSSH,
	KEX_ECDH_SHA2_NISTP256,
	KEX_ECDH_SHA2_NISTP384,
	KEX_ECDH_SHA2_NISTP521,
	KEX_DH_SHA256,
	KEX_DH_SHA1,
	KEX_DH_GROUP14_SHA1,
	KEX_DH_GROUP1_SHA1,
}

KnownKexAlgorithmNames is an array of all key exchange methods known to this package. All key exchange methods are not necessarily implemented.

View Source 
var KnownMACAlgorithmNames = []string{
	MAC_HMAC_MD5_ETM_OPENSSH,
	MAC_HMAC_SHA1_ETM_OPENSSH,
	MAC_UMAC_64_ETM_OPENSSH,
	MAC_UMAC_128_ETM_OPENSSH,
	MAC_HMAC_SHA2_256_ETM_OPENSSH,
	MAC_HMAC_SHA2_512_ETM_OPENSSH,
	MAC_HMAC_RIPEMD_160_ETM_OPENSSH,
	MAC_HMAC_SHA1_96_ETM_OPENSSH,
	MAC_HMAC_MD5_96_ETM,
	MAC_HMAC_MD5,
	MAC_HMAC_SHA1,
	MAC_UMAC_64_OPENSSH,
	MAC_UMAC_128_OPENSSH,
	MAC_HMAC_SHA2_256,
	MAC_HMAC_SHA2_512,
	MAC_HMAC_RIPEMD_160,
	MAC_HMAC_RIPEMD_160_OPENSSH,
	MAC_HMAC_SHA1_96,
	MAC_HMAC_MD5_96,
}
View Source 
var OpenSSH_6_6p1 = ClientImplementation{
	// contains filtered or unexported fields
}

Functions

This section is empty.

Types

type AlgorithmSelection 

type AlgorithmSelection struct {
	KexAlgorithm     string `json:"kex_algorithm,omitempty"`
	HostKeyAlgorithm string `json:"host_key_algorithm,omitempty"`
}

type ClientImplementation 

type ClientImplementation struct {
	// contains filtered or unexported fields
}

func ClientImplementationByName 

func ClientImplementationByName(name string) (c *ClientImplementation, ok bool)

func (*ClientImplementation) HostKeyAlgorithms 

func (c *ClientImplementation) HostKeyAlgorithms() NameList

func (*ClientImplementation) KexAlgorithms 

func (c *ClientImplementation) KexAlgorithms() NameList

type Config 

type Config struct {
	KexAlgorithms             NameList
	HostKeyAlgorithms         NameList
	EncryptionClientToServer  NameList
	EncryptionServerToClient  NameList
	MACClientToServer         NameList
	MACServerToclient         NameList
	CompressionClientToServer NameList
	CompressionServerToClient NameList
	Random                    io.Reader
}

type Conn 

type Conn struct {
	// contains filtered or unexported fields
}

func Client 

func Client(c net.Conn, config *Config) *Conn

Client wraps a network connection with an SSH client connection

func (*Conn) ClientHandshake 

func (c *Conn) ClientHandshake() error

func (*Conn) HandshakeLog 

func (c *Conn) HandshakeLog() *HandshakeLog
type Cookie [16]byte

The Cookie type represents the random cookie sent during the server key exchange.

func (*Cookie) MarshalJSON 

func (c *Cookie) MarshalJSON() ([]byte, error)

MarshalJSON encodes a Cookie to JSON as a base64-encoded byte array.

func (*Cookie) UnmarshalJSON 

func (c *Cookie) UnmarshalJSON(b []byte) error

UnmarshalJSON unmarshal a byte-array encoded in base64 to a cookie. The byte array must be either null, empty array, or exactly 16 bytes long.

type DHParams 

type DHParams struct {
	Prime     *big.Int
	Generator *big.Int
	// contains filtered or unexported fields
}

func (*DHParams) MarshalJSON 

func (p *DHParams) MarshalJSON() ([]byte, error)

func (*DHParams) UnmarshalJSON 

func (p *DHParams) UnmarshalJSON(b []byte) error

type HandshakeLog 

type HandshakeLog struct {
	ClientProtocol        *ProtocolAgreement            `json:"client_protocol,omitempty"`
	ServerProtocol        *ProtocolAgreement            `json:"server_protocol,omitempty"`
	ClientKexExchangeInit *KeyExchangeInit              `json:"client_key_exchange_init,omitempty"`
	ServerKeyExchangeInit *KeyExchangeInit              `json:"server_key_exchange_init,omitempty"`
	Algorithms            *AlgorithmSelection           `json:"algorithms,omitempty"`
	KexDHGroupRequest     *KeyExchangeDHGroupRequest    `json:"key_exchange_dh_group_request,omitempty"`
	KexDHGroupParams      *KeyExchangeDHGroupParameters `json:"key_exchange_dh_group_params,omitempty"`
	KexDHGroupInit        *KeyExchangeDHGroupInit       `json:"key_excahnge_dh_group_init,omitempty"`
	KexDHGroupReply       *KeyExchangeDHGroupReply      `json:"key_exchange_dh_group_reply,omitempty"`
	DHInit                *KeyExchangeDHInit            `json:"key_exchange_dh_init,omitempty"`
	DHReply               *KeyExchangeDHInitReply       `json:"key_exchange_dh_reply,omitempty"`
}

HandshakeLog contains detailed information about each step of the SSH handshake, and can be encoded to JSON.

type KeyExchangeDHGroupInit 

type KeyExchangeDHGroupInit struct {
	KeyExchangeDHInit
}

func (*KeyExchangeDHGroupInit) MsgType 

func (gex *KeyExchangeDHGroupInit) MsgType() byte

type KeyExchangeDHGroupParameters 

type KeyExchangeDHGroupParameters struct {
	Prime     mpint `json:"prime"`
	Generator mpint `json:"generator"`
}

func (*KeyExchangeDHGroupParameters) Marshal 

func (gex *KeyExchangeDHGroupParameters) Marshal() ([]byte, error)

func (*KeyExchangeDHGroupParameters) MsgType 

func (gex *KeyExchangeDHGroupParameters) MsgType() byte

func (*KeyExchangeDHGroupParameters) Unmarshal 

func (gex *KeyExchangeDHGroupParameters) Unmarshal(raw []byte) (ok bool)

type KeyExchangeDHGroupReply 

type KeyExchangeDHGroupReply struct {
	KeyExchangeDHInitReply
}

func (*KeyExchangeDHGroupReply) MsgType 

func (gex *KeyExchangeDHGroupReply) MsgType() byte

type KeyExchangeDHGroupRequest 

type KeyExchangeDHGroupRequest struct {
	Min       uint32 `json:"min"`
	Preferred uint32 `json:"preferred"`
	Max       uint32 `json:"max"`
}

byte SSH_MSG_KEY_DH_GEX_REQUEST uint32 min, minimal size in bits of an acceptable group uint32 n, preferred size in bits of the group the server will send uint32 max, maximal size in bits of an acceptable group

func (*KeyExchangeDHGroupRequest) Marshal 

func (gex *KeyExchangeDHGroupRequest) Marshal() ([]byte, error)

func (*KeyExchangeDHGroupRequest) MsgType 

func (gex *KeyExchangeDHGroupRequest) MsgType() byte

func (*KeyExchangeDHGroupRequest) Unmarshal 

func (gex *KeyExchangeDHGroupRequest) Unmarshal([]byte) bool

type KeyExchangeDHInit 

type KeyExchangeDHInit struct {
	E mpint
	// contains filtered or unexported fields
}

KeyExchangeDHInit represent the SSH_MSG_KEXDH_INIT message for transferring Diffie-Hellman public values. E = G^X mod P, where G is the generator and P is the prime. E is the public DHE value. See RFC 4253 Section 8.

func (*KeyExchangeDHInit) Marshal 

func (dhi *KeyExchangeDHInit) Marshal() ([]byte, error)

Marshal encodes a KeyExchangeDHInit message payload

func (*KeyExchangeDHInit) MsgType 

func (dhi *KeyExchangeDHInit) MsgType() byte

MsgType returns the SSH_MSG_KEXDH_INIT message type

func (*KeyExchangeDHInit) Unmarshal 

func (dhi *KeyExchangeDHInit) Unmarshal(raw []byte) bool

type KeyExchangeDHInitReply 

type KeyExchangeDHInitReply struct {
	K_S       []byte `json:"k_s"`
	F         mpint  `json:"f"`
	Signature []byte `json:"signature"`
	// contains filtered or unexported fields
}

func (*KeyExchangeDHInitReply) Marshal 

func (dhr *KeyExchangeDHInitReply) Marshal() ([]byte, error)

func (*KeyExchangeDHInitReply) MsgType 

func (dhr *KeyExchangeDHInitReply) MsgType() byte

func (*KeyExchangeDHInitReply) Unmarshal 

func (dhr *KeyExchangeDHInitReply) Unmarshal(raw []byte) bool

type KeyExchangeInit 

type KeyExchangeInit struct {
	Cookie                    Cookie   `json:"cookie"`
	KexAlgorithms             NameList `json:"key_exchange_algorithms"`
	HostKeyAlgorithms         NameList `json:"host_key_algorithms"`
	EncryptionClientToServer  NameList `json:"encryption_client_to_server"`
	EncryptionServerToClient  NameList `json:"encryption_server_to_client"`
	MACClientToServer         NameList `json:"mac_client_to_server"`
	MACServerToClient         NameList `json:"mac_server_to_client"`
	CompressionClientToServer NameList `json:"compression_client_to_server"`
	CompressionServerToClient NameList `json:"compression_server_to_client"`
	LanguageClientToServer    NameList `json:"language_client_to_server"`
	LanguageServerToClient    NameList `json:"language_server_to_client"`
	FirstKexPacketFollows     bool     `json:"first_kex_packet_follows"`
	Zero                      uint32   `json:"zero"`
	// contains filtered or unexported fields
}

func GenerateKeyExchangeInit 

func GenerateKeyExchangeInit(c *Config) (*KeyExchangeInit, error)

GenerateKeyExchangeInit generates a KeyExchangeInit message sutiable for transmission over the wire based on the configuration passed.

func (*KeyExchangeInit) Marshal 

func (kxi *KeyExchangeInit) Marshal() ([]byte, error)

func (*KeyExchangeInit) MsgType 

func (kxi *KeyExchangeInit) MsgType() byte

func (*KeyExchangeInit) Unmarshal 

func (kxi *KeyExchangeInit) Unmarshal(raw []byte) bool

Unmarshal a byte array into a KeyExchangeInit struct. The byte array should be the entire KeyExchangeInit message payload starting after the SSH_MSG_KEXINIT byte.

type NameList 

type NameList []string

NameList represents the name-list structure described in RFC 4251. See https://tools.ietf.org/html/rfc4251 for details.

func (*NameList) MarshalInto 

func (n *NameList) MarshalInto(dest []byte) ([]byte, error)

func (*NameList) MarshaledLength 

func (n *NameList) MarshaledLength() int

func (*NameList) Unmarshal 

func (n *NameList) Unmarshal(raw []byte) ([]byte, bool)

Unmarshal a NameList from a byte slice of the form [length:body:extra] where extra is optional. Returns [extra], true when successful, and raw, false when unsuccessful.

type ProtocolAgreement 

type ProtocolAgreement struct {
	RawBanner       string `json:"raw_banner,omitempty"`
	ProtocolVersion string `json:"protocol_version,omitempty"`
	SoftwareVersion string `json:"software_version,omitempty"`
	Comments        string `json:"comments,omitempty"`
}

ProtocolAgreement represents the client and server protocol banners

RFC specifies the format for the banner as specified in RFC 4523 Section 4.2 

SSH-protoversion-softwareversion SP comments CR LF

The server MAY send other lines of data before sending the version. The lines are terminated by CR LF, and SHOULD be encoded as UTF-8

See http://tools.ietf.org/html/rfc4253 for details

func MakeZGrabProtocolAgreement 

func MakeZGrabProtocolAgreement() *ProtocolAgreement

MakeZGrabProtocolAgreement returns the default client ProtocolAgreement message for ZGrab.

This sets protocol version to "2.0", software version to "ZGrab", and comments to "ZGrab SSH Survey"

func (*ProtocolAgreement) Marshal 

func (h *ProtocolAgreement) Marshal() []byte

Marshal returns a byte array suitable for a call to write

func (*ProtocolAgreement) ParseRawBanner 

func (h *ProtocolAgreement) ParseRawBanner()

ParseRawBanner populates a ProtocolAgreement struct based on the contents of the RawBanner field.

type ProtocolVersion 

type ProtocolVersion string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.