Commit adf5a4c6 authored by Daniel Stan's avatar Daniel Stan

app d'affichage des ssh_fpr

Merci à Mickachu pour l'icône :)
parent 0acc91dd
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
id="svg8148"
sodipodi:docname="keyring2.svg"
viewBox="0 0 377.42 596.17"
version="1.1"
inkscape:version="0.92.2 (5c3e80d, 2017-08-06)">
<defs
id="defs11" />
<sodipodi:namedview
id="base"
bordercolor="#666666"
inkscape:pageshadow="2"
inkscape:window-y="0"
fit-margin-left="0"
pagecolor="#ffffff"
fit-margin-top="0"
inkscape:window-maximized="1"
inkscape:zoom="1.4"
inkscape:window-x="0"
inkscape:window-height="1051"
showgrid="false"
borderopacity="1.0"
inkscape:current-layer="g844"
inkscape:cx="106.38563"
inkscape:cy="282.7153"
fit-margin-right="0"
fit-margin-bottom="0"
inkscape:window-width="1920"
inkscape:pageopacity="0.0"
inkscape:document-units="px"
showguides="false"
inkscape:pagecheckerboard="true">
<inkscape:grid
type="xygrid"
id="grid889" />
</sodipodi:namedview>
<g
id="layer1"
inkscape:label="Layer 1"
inkscape:groupmode="layer"
transform="translate(-22.716 -188.56)">
<path
id="path8075"
style="color:#000000;fill:#ffffff;fill-opacity:1"
inkscape:connector-curvature="0"
d="m 185.32219,416.99599 c -28.43879,4.46019 -47.38783,31.10368 -42.9273,59.54342 3.69913,23.58526 22.46638,40.84751 44.94562,43.58292 l 25.16968,160.47447 -54.19904,8.50111 1.83525,11.68936 32.41292,-5.08353 1.66535,10.62808 -27.09965,4.25018 1.91723,12.22108 27.09955,-4.25047 1.58327,10.09642 -32.41288,5.08362 1.91732,12.22104 32.41282,-5.08382 1.74743,11.15976 -32.41383,5.08397 1.66536,10.62808 54.19903,-8.50111 19.12922,-3.00017 9.0338,-1.41619 -37.50221,-239.11249 c 20.58842,-9.54982 33.13379,-31.7296 29.44516,-55.25061 -4.46056,-28.43866 -31.18774,-47.9188 -59.62653,-43.45861 z m 4.33395,27.63071 c 13.28055,-2.08328 26.10954,6.79693 28.19207,20.07775 2.08329,13.28054 -7.41228,25.66168 -20.69181,27.74482 -13.28055,2.08329 -25.57824,-6.88004 -27.66171,-20.16052 -2.08329,-13.28054 6.88004,-25.57823 20.16145,-27.66205 z" />
<path
id="path8103"
style="color:#000000;fill:#ffffff;fill-opacity:1"
inkscape:connector-curvature="0"
d="m185.1 188.56c-83.247 0-150.6 67.354-150.6 150.6 0 83.247 67.354 151.14 150.6 151.14 83.247 0 151.14-67.892 151.14-151.14 0-83.247-67.892-150.6-151.14-150.6zm0 28.506c67.447 0 122.09 54.647 122.09 122.09 0 67.447-54.647 122.09-122.09 122.09-67.447 0-122.09-54.647-122.09-122.09 0-67.448 54.647-122.09 122.09-122.09z" />
<g
id="g844"
transform="rotate(105.44131,-162.429,579.42819)"
style="fill:#ffffff;fill-opacity:1">
<text
id="text820"
y="-328.74829"
x="57.391384"
style="font-style:normal;font-weight:normal;font-size:50.26663589px;line-height:1.25;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:1.25666583"
xml:space="preserve"
transform="scale(-1)"><tspan
style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-family:'TeX Gyre Cursor';-inkscape-font-specification:'TeX Gyre Cursor Bold';fill:#ffffff;fill-opacity:1;stroke-width:1.25666583"
y="-328.74829"
x="57.391384"
id="tspan818"
sodipodi:role="line">SSH</tspan></text>
<path
sodipodi:nodetypes="cccccccccccccccc"
d="m -404.12455,317.69127 c 0.0351,28.78641 23.44873,51.60623 52.23612,51.57093 23.87356,-0.0293 43.8158,-15.91959 49.97455,-37.71107 l 162.43622,-0.19985 79.604373,-0.0931 -0.02366,-19.36304 -0.01054,-9.14413 -242.035343,0.29631 c -6.27112,-21.81182 -26.25857,-37.61786 -50.06704,-37.5891 -28.78633,0.0355 -52.1438,23.45016 -52.10868,52.23657 z m 27.96852,-0.0346 c -0.0168,-13.44294 10.73009,-24.75422 24.17318,-24.77026 13.44294,-0.0168 24.21709,11.26928 24.23393,24.7112 0.0168,13.44294 -10.73053,24.21646 -24.17343,24.23348 -13.44295,0.0168 -24.21646,-10.73053 -24.23368,-24.17442 z"
inkscape:connector-curvature="0"
style="color:#000000;fill:#ffffff;fill-opacity:1"
id="path8075-3" />
</g>
<g
id="g844-6"
transform="rotate(68.68171,-156.20694,825.80174)"
style="fill:#ffffff;fill-opacity:1">
<text
id="text820-7"
y="358.65771"
x="-149.63231"
style="font-style:normal;font-weight:normal;font-size:50.26663589px;line-height:1.25;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:1.25666583"
xml:space="preserve"><tspan
style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-family:'TeX Gyre Cursor';-inkscape-font-specification:'TeX Gyre Cursor Bold';stroke-width:1.25666583;fill:#ffffff;fill-opacity:1"
y="358.65771"
x="-149.63231"
id="tspan818-5"
sodipodi:role="line">GPG</tspan></text>
<path
sodipodi:nodetypes="cccccccccccccccc"
d="m -404.12455,317.69127 c 0.0351,28.78641 23.44873,51.60623 52.23612,51.57093 23.87356,-0.0293 43.8158,-15.91959 49.97455,-37.71107 l 162.43622,-0.19985 79.604373,-0.0931 -0.02366,-19.36304 -0.01054,-9.14413 -242.035343,0.29631 c -6.27112,-21.81182 -26.25857,-37.61786 -50.06704,-37.5891 -28.78633,0.0355 -52.1438,23.45016 -52.10868,52.23657 z m 27.96852,-0.0346 c -0.0168,-13.44294 10.73009,-24.75422 24.17318,-24.77026 13.44294,-0.0168 24.21709,11.26928 24.23393,24.7112 0.0168,13.44294 -10.73053,24.21646 -24.17343,24.23348 -13.44295,0.0168 -24.21646,-10.73053 -24.23368,-24.17442 z"
inkscape:connector-curvature="0"
style="color:#000000;fill:#ffffff;fill-opacity:1"
id="path8075-3-3" />
</g>
</g>
<metadata
id="metadata8">
<rdf:RDF>
<cc:Work>
<dc:format>image/svg+xml</dc:format>
<dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
<cc:license
rdf:resource="http://creativecommons.org/publicdomain/zero/1.0/" />
<dc:publisher>
<cc:Agent
rdf:about="http://openclipart.org/">
<dc:title>Openclipart</dc:title>
</cc:Agent>
</dc:publisher>
<dc:title></dc:title>
<dc:date>2011-07-04T09:59:40</dc:date>
<dc:description>Simple keys on simple ring :)</dc:description>
<dc:source>https://openclipart.org/detail/148213/keys-on-ring-by-boobaloo</dc:source>
<dc:creator>
<cc:Agent>
<dc:title>boobaloo</dc:title>
</cc:Agent>
</dc:creator>
<dc:subject>
<rdf:Bag>
<rdf:li>key</rdf:li>
<rdf:li>keys</rdf:li>
<rdf:li>lock</rdf:li>
<rdf:li>ring</rdf:li>
</rdf:Bag>
</dc:subject>
</cc:Work>
<cc:License
rdf:about="http://creativecommons.org/publicdomain/zero/1.0/">
<cc:permits
rdf:resource="http://creativecommons.org/ns#Reproduction" />
<cc:permits
rdf:resource="http://creativecommons.org/ns#Distribution" />
<cc:permits
rdf:resource="http://creativecommons.org/ns#DerivativeWorks" />
</cc:License>
</rdf:RDF>
</metadata>
</svg>
{% extends "template.html" %}
{% load i18n %}
{% load static from staticfiles %}
{% block title %}{% trans "Affichage des empreintes SSH" %}{% endblock %}
{% block h1 %} {% trans "Affichage des empreintes SSH" %}{% endblock %}
{% block content %}
<p>
{% blocktrans %}
Cette page permet de vérifier l'empreinte de clé ssh (<em>fingerprint</em>)
telle qu'affichée lors d'une
première connexion vers un serveur crans. Lorsque vous utilisez cette page
web, vérifiez que vous êtes bien sur le site du crans avec une connexion
https valide ("cadenas vert" de votre navigateur).
{% endblocktrans %}
</p>
<form method="get">
<label for="host">{% trans "Nom de la machine" %}</label>
<input type="text" id="host" name="host"/>
<input type="submit" value="OK"/>
</form>
<h2>{% blocktrans %}
Affichage des empreintes pour <em>{{ host }}</em>
{% endblocktrans %}
</h2>
<ul>
{% for fpr in fpr_list %}
<li>
The fingerprint for the {{fpr.type}} key sent by the remote host is {{fpr.hash}}
</li>
{% empty %}
<li>
{% blocktrans %}
Aucune empreinte disponible. Les clés ssh n'ont peut-être pas été renseignées,
ou la machine en question n'existe pas.
{% endblocktrans %}
</li>
{% endfor %}
</ul>
{% endblock content %}
# -*- coding: utf-8 -*-
from django.conf.urls import url
import views
urlpatterns = [
url('^$', views.index, name='index'),
]
# -*- coding: utf-8 -*
from django.shortcuts import render
from lc_ldap import shortcuts
from lc_ldap.crans_utils import escape
import base64
import hashlib
# Use case 1 (ssh vers zamok):
# "ECDSA key fingerprint is SHA256:EJib/9V3VjjkUX6w8bk2zt8BKxmG0JK6D+PDEyLtNb0."
#
# Use case 2 (ssh vers zamok, known as hex format for md5):
# "The fingerprint for the ECDSA key sent by the remote host is
# 61:0d:57:e1:c8:58:93:c5:2d:75:a2:b5:b4:67:97:e2."
# Or: "ECDSA key fingerprint is 61:0d:57:e1:c8:58:93:c5:2d:75:a2:b5:b4:67:97:e2."
#
# Use case 3 (ce qui est dans ldap, aka la clé publique, la partie du milieu se
# hash bien sha256 ou md5):
# sshFingerprint: ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFBDTqRbMcXkQ+VMf
# Nx4Ph269zPQdOEsbvxbrOBjQrMMIM3ouOP+PxxCrKbM3dAVBDDnrSX10QaEf/1xCjM2xdw= root@zamokv5
#
# Use case 4 (ce qui est dans le dns):
# $ host -t sshfp zamok.crans.org
# zamok.crans.org has SSHFP record 3 2 10989BFFD5775638E4517EB0F1B936CEDF012B1986D092BA0FE3C313 22ED35BD
# zamok.crans.org has SSHFP record 1 1 8CFD4660595B1090BCF1D9E8B3660F70CBB89B38
# zamok.crans.org has SSHFP record 3 1 D322279C95D9E8FD0A2DE90F258C900C1716D8F3
# zamok.crans.org has SSHFP record 1 2 5E7BB20A70AD4DB823E4FC63233BC2E138527410ABB4620273A63A43 E74A221E
# La première ligne correspond à ecdsa (3) en sha256 (2)
conn = shortcuts.lc_ldap_readonly()
def index(request):
host = request.GET.get('host', u'') or u'zamok.crans.org'
host = host[:50]
if not host.endswith('.crans.org'):
host += '.crans.org'
machines = conn.search(u'(|(host=%(h)s)(hostAlias=%(h)s))' % {'h': escape(host)})
fpr_list = list()
for machine in machines:
for fpr in machine['sshFingerprint']:
fpr_list.append({
'type': nice_type(fpr['type']),
'hash': sha256_format(fpr['key']),
})
fpr_list.append({
'type': nice_type(fpr['type']),
'hash': md5_format(fpr['key']),
})
return render(request, 'fpr/index.html', {
'fpr_list': fpr_list,
'host': host,
})
def md5_format(pub_key):
"""Return md5 fingerprint, as shown by ssh"""
fpr = hashlib.md5(pub_key).hexdigest()
return ':'.join(fpr[2*i] + fpr[2*i+1] for i in range(len(fpr)/2))
def sha256_format(pub_key):
"""Return sha256 fingerprint, as shown by ssh"""
fpr = base64.encodestring(hashlib.sha256(pub_key).digest())
# some clean up
fpr = fpr.replace('=','').strip()
return "SHA256:" + fpr
def nice_type(t):
"""C'est un chic type lui.
Renvoie le nom commun affiché par ssh au sujet d'un type de clé, vous allez
voir, c'est très con."""
if 'rsa' in t:
return "RSA"
if 'ed25519' in t:
return "ED25519"
if 'ecdsa' in t:
return 'ECDSA'
return t
......@@ -335,6 +335,13 @@ INTRANET_APPS = (
'title' : _(u'Réglages des préférences'),
'test': lambda u: True,
},
{
'name': 'fpr',
'label': _(u'Empreintes SSH'),
'category' :'Services',
'title' : _(u'Affichage des empreintes SSH des serveurs'),
'test': lambda u: True,
},
{
'name': 'password_reset',
'label': _(u'password_reset'),
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment