You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

4 年之前
4 年之前
4 年之前
4 年之前
4 年之前
4 年之前
4 年之前
4 年之前
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120
  1. require 'socket'
  2. module CryptCheck
  3. module Ssh
  4. class SshNotSupportedServer
  5. attr_reader :hostname, :port
  6. def initialize(hostname, port)
  7. @hostname, @port = hostname, port
  8. end
  9. end
  10. class Server
  11. TCP_TIMEOUT = 10
  12. class SshNotAvailableException < Exception
  13. end
  14. attr_reader :hostname, :port, :kex, :encryption, :hmac, :compression, :key
  15. KEX = {
  16. 'curve25519-sha256@libssh.org' => :green,
  17. 'ecdh-sha2-nistp521' => nil, # NIST
  18. 'ecdh-sha2-nistp384' => nil, # NIST
  19. 'ecdh-sha2-nistp256' => nil, # NIST
  20. 'diffie-hellman-group-exchange-sha256' => :green, # DLP (PFS)
  21. 'diffie-hellman-group-exchange-sha1' => :yellow, # DLP (PFS)
  22. 'diffie-hellman-group14-sha1' => :yellow, # 2048 bits < 3072 bits
  23. 'diffie-hellman-group1-sha1' => :red # 768 bits < 1024 bits
  24. }
  25. ENCRYPTION = {
  26. 'chacha20-poly1305@openssh.com' => :green,
  27. 'aes256-gcm@openssh.com' => :green,
  28. 'aes128-gcm@openssh.com' => :green,
  29. 'aes256-ctr' => nil, # CTR < GCM
  30. 'aes192-ctr' => nil, # CTR < GCM
  31. 'aes128-ctr' => nil, # CTR < GCM
  32. 'aes256-cbc' => :yellow, # CBC
  33. 'aes192-cbc' => :yellow, # CBC
  34. 'aes128-cbc' => :yellow, # CBC
  35. 'blowfish-cbc' => :yellow, # CBC
  36. 'cast128-cbc' => :yellow, # CBC
  37. '3des-cbc' => :red, # 3DES
  38. 'arcfour' => :red, # RC4
  39. 'arcfour128' => :red, # RC4
  40. 'arcfour256' => :red # RC4
  41. }
  42. HMAC = {
  43. 'hmac-sha2-512-etm@openssh.com' => :green,
  44. 'hmac-sha2-256-etm@openssh.com' => :green,
  45. 'hmac-sha2-512' => nil,
  46. 'hmac-sha2-256' => nil,
  47. 'hmac-sha1-etm@openssh.com' => :green,
  48. 'hmac-sha1' => nil,
  49. 'hmac-sha1-96-etm@openssh.com' => :red, # EXPORT
  50. 'hmac-sha1-96' => :red, # EXPORT
  51. 'hmac-ripemd160-etm@openssh.com' => :green,
  52. 'hmac-ripemd160' => nil,
  53. 'hmac-md5-etm@openssh.com' => :red, # MD5
  54. 'hmac-md5' => :red, # MD5
  55. 'hmac-md5-96-etm@openssh.com' => :red, # MD5 + EXPORT
  56. 'hmac-md5-96' => :red, # MD5 + EXPORT
  57. 'umac-128-etm@openssh.com' => :green,
  58. 'umac-128@openssh.com' => nil,
  59. 'umac-64-etm@openssh.com' => :red, # < 128 bits
  60. 'umac-64@openssh.com' => :red # < 128 bits
  61. }
  62. COMPRESSION = {
  63. 'none' => nil,
  64. 'zlib@openssh.com' => nil
  65. }
  66. KEY = {
  67. 'ssh-ed25519' => :green,
  68. 'ssh-ed25519-cert-v01@openssh.com' => :green,
  69. 'ecdsa-sha2-nistp256' => nil, # NIST
  70. 'ecdsa-sha2-nistp384' => nil, # NIST
  71. 'ecdsa-sha2-nistp521' => nil, # NIST
  72. 'ssh-rsa' => :yellow, # RSA
  73. 'ssh-dss' => :red, # DSA
  74. 'ecdsa-sha2-nistp256-cert-v01@openssh.com' => nil, # NIST
  75. 'ecdsa-sha2-nistp384-cert-v01@openssh.com' => nil, # NIST
  76. 'ecdsa-sha2-nistp521-cert-v01@openssh.com' => nil, # NIST
  77. 'ssh-rsa-cert-v01@openssh.com' => :yellow, # RSA
  78. 'ssh-rsa-cert-v00@openssh.com' => :yellow, # RSA
  79. 'ssh-dss-cert-v01@openssh.com' => :red, # DSA
  80. 'ssh-dss-cert-v00@openssh.com' => :red, # DSA
  81. }
  82. def initialize(hostname, port)
  83. @hostname, @port = hostname, port
  84. Logger.info { "#{hostname}:#{port}".colorize :blue }
  85. kex = ::Socket.tcp hostname, port, connect_timeout: TCP_TIMEOUT do |socket|
  86. socket.readline
  87. socket.write "SSH-2.0-CryptCheck\r\n"
  88. Packet.read_kex_init socket
  89. end
  90. @kex, @encryption, @hmac, @compression, @key = kex[:kex], kex[:encryption], kex[:mac], kex[:compression], kex[:host_key]
  91. Logger.info { '' }
  92. @kex.each { |k| Logger.info { "Key exchange : #{k.colorize KEX[k]}" } }
  93. Logger.info { '' }
  94. @encryption.each { |e| Logger.info { "Encryption : #{e.colorize ENCRYPTION[e]}" } }
  95. Logger.info { '' }
  96. @hmac.each { |h| Logger.info { "HMAC : #{h.colorize HMAC[h]}" } }
  97. Logger.info { '' }
  98. @compression.each { |c| Logger.info { "Compression : #{c}" } }
  99. Logger.info { '' }
  100. @key.each { |k| Logger.info { "Key type : #{k.colorize KEY[k]}" } }
  101. rescue => e
  102. Logger.debug { "SSH not supported : #{e}" }
  103. raise SshNotAvailableException, e
  104. end
  105. end
  106. end
  107. end