From df8043dcbee22ec8d9d45b24d9e1fc07daeabf64 Mon Sep 17 00:00:00 2001 From: erkin Date: Mon, 31 May 2021 13:15:36 +0300 Subject: T3563: Add support for IPv6 source addresses in SSH connections --- python/vyos/remote.py | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/python/vyos/remote.py b/python/vyos/remote.py index 0bc2ee7f8..f1768aa4f 100644 --- a/python/vyos/remote.py +++ b/python/vyos/remote.py @@ -14,6 +14,7 @@ # License along with this library. If not, see . from ftplib import FTP +import ipaddress import math import os import shutil @@ -28,7 +29,6 @@ from vyos.version import get_version from paramiko import SSHClient, SSHException, MissingHostKeyPolicy - # This is a hardcoded path and no environment variable can change it. KNOWN_HOSTS_FILE = os.path.expanduser('~/.ssh/known_hosts') CHUNK_SIZE = 8192 @@ -42,7 +42,8 @@ class InteractivePolicy(MissingHostKeyPolicy): print_error(f"Host '{hostname}' not found in known hosts.") print_error('Fingerprint: ' + key.get_fingerprint().hex()) if ask_yes_no('Do you wish to continue?'): - if client._host_keys_filename and ask_yes_no('Do you wish to permanently add this host/key pair to known hosts?'): + if client._host_keys_filename\ + and ask_yes_no('Do you wish to permanently add this host/key pair to known hosts?'): client._host_keys.add(hostname, key.get_name(), key) client.save_host_keys(client._host_keys_filename) else: @@ -180,7 +181,14 @@ def transfer_sftp(mode, local_path, hostname, remote_path,\ source=None, progressbar=False): sock = None if source: - sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + # Check if the given string is an IPv6 address. + try: + ipaddress.IPv6Address(source) + except ipaddress.AddressValueError: + address_family = socket.AF_INET + else: + address_family = socket.AF_INET6 + sock = socket.socket(address_family, socket.SOCK_STREAM) sock.bind((source, 0)) sock.connect((hostname, port)) callback = make_progressbar() if progressbar else None @@ -284,7 +292,7 @@ def get_http_file_size(urlstring, username=None, password=None): raise ValueError('Failed to receive file size from HTTP server.') -# Dynamic dispatchers +## Dynamic dispatchers def download(local_path, urlstring, source=None, progressbar=False): """ Dispatch the appropriate download function for the given `urlstring` and save to `local_path`. @@ -365,7 +373,6 @@ def get_remote_config(urlstring, source=None): """ - url = urllib.parse.urlparse(urlstring) temp = tempfile.NamedTemporaryFile(delete=False).name try: download(temp, urlstring, source) -- cgit v1.2.3 From 5bf0f7d818b353c0ad583e5c1d0835d510132958 Mon Sep 17 00:00:00 2001 From: erkin Date: Tue, 8 Jun 2021 14:14:26 +0300 Subject: remote: Use `is_ipv6()` instead of ad hoc IPv6 check --- python/vyos/remote.py | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/python/vyos/remote.py b/python/vyos/remote.py index f1768aa4f..81ea23c71 100644 --- a/python/vyos/remote.py +++ b/python/vyos/remote.py @@ -14,7 +14,6 @@ # License along with this library. If not, see . from ftplib import FTP -import ipaddress import math import os import shutil @@ -25,6 +24,7 @@ import urllib.parse import urllib.request as urlreq from vyos.util import cmd, ask_yes_no +from vyos.validate import is_ipv6 from vyos.version import get_version from paramiko import SSHClient, SSHException, MissingHostKeyPolicy @@ -182,12 +182,7 @@ def transfer_sftp(mode, local_path, hostname, remote_path,\ sock = None if source: # Check if the given string is an IPv6 address. - try: - ipaddress.IPv6Address(source) - except ipaddress.AddressValueError: - address_family = socket.AF_INET - else: - address_family = socket.AF_INET6 + address_family = socket.AF_INET6 if is_ipv6(source) else socket.AF_INET sock = socket.socket(address_family, socket.SOCK_STREAM) sock.bind((source, 0)) sock.connect((hostname, port)) -- cgit v1.2.3