Exception when ssh executed with command
When ssh is executed with command (eg. ssh honeypot uname -a
), the honeypot fails with following exception:
[SSHChannel session (0) on SSHService b'ssh-connection' on SSHServerTransport,0,185.47.222.168] Unhandled Error
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/twisted/python/log.py", line 86, in callWithContext
return context.call({ILogContext: newCtx}, func, *args, **kw)
File "/usr/lib/python3/dist-packages/twisted/python/context.py", line 122, in callWithContext
return self.currentContext().callWithContext(ctx, func, *args, **kw)
File "/usr/lib/python3/dist-packages/twisted/python/context.py", line 85, in callWithContext
return func(*args,**kw)
File "/usr/lib/python3/dist-packages/twisted/conch/ssh/channel.py", line 162, in requestReceived
return f(data)
--- <exception caught here> ---
File "/usr/lib/python3/dist-packages/twisted/conch/ssh/session.py", line 73, in request_exec
self.session.execCommand(pp, f)
File "/usr/lib/python3/dist-packages/twisted/conch/unix.py", line 242, in execCommand
uid, gid = self.avatar.getUserGroupId()
builtins.AttributeError: 'ProxySSHUser' object has no attribute 'getUserGroupId'
There is typo in method name (it's called getUserGroupID in the code, however I think that implementing this is not desired - this code path is used to execute commands on the system and the honeypot is not supposed to do this.
Instead the ProxySSHSession
should have implemented execCommand
method to override behavior in this case.
I think something like this should do it:
def execCommand(self, proto, cmd):
"""
Custom implementation of exec - proxy to real SSH to honeypot.
"""
# pylint: disable=no-member
self.pty = reactor.spawnProcess(
proto,
executable='/usr/bin/sshpass',
args=self.honeypot_ssh_arguments + [cmd],
env=self.environ,
path='/',
uid=None,
gid=None,
usePTY=self.ptyTuple,
)
It seems to work (in sense that it contacts the honeypot server), but I did not do any more testing.