From 2e0c2cd4d08ac341c65c76f7315fb6a6f6bc2685 Mon Sep 17 00:00:00 2001
From: g0tmi1k <have.you.g0tmi1k@gmail.com>
Date: Fri, 30 May 2014 05:19:23 +0100
Subject: [PATCH] =?UTF-8?q?Add=20DSA=20support,=20move=20location=20&=20in?=
 =?UTF-8?q?crease=20key=20size=20Credit:=20https://github.com/michelooster?=
 =?UTF-8?q?hof/kippo/=20Add=20DSA=20SSH=20key=20support=20Move=20from:=20?=
 =?UTF-8?q?=E2=80=9C./public.key=E2=80=9D=20to=20=E2=80=9C./data/ssh=5Fhos?=
 =?UTF-8?q?t=5Frsa=5Fkey.pub=E2=80=9C=20Increase=20key=20size=20from=20102?=
 =?UTF-8?q?4=20to=202048=20bits?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 kippo.cfg.dist         |  8 ++++----
 kippo.tac              |  9 ++++++---
 kippo/core/honeypot.py | 38 ++++++++++++++++++++++++++++----------
 3 files changed, 38 insertions(+), 17 deletions(-)

diff --git a/kippo.cfg.dist b/kippo.cfg.dist
index 1f2d380d..2cd4ea5f 100644
--- a/kippo.cfg.dist
+++ b/kippo.cfg.dist
@@ -76,10 +76,10 @@ txtcmds_path = txtcmds
 
 # Public and private SSH key files. If these don't exist, they are created
 # automatically.
-#
-# (defaults: public.key and private.key)
-public_key = public.key
-private_key = private.key
+rsa_public_key = data/ssh_host_rsa_key.pub
+rsa_private_key = data/ssh_host_rsa_key
+dsa_public_key = data/ssh_host_dsa_key.pub
+dsa_private_key = data/ssh_host_dsa_key
 
 # Initial root password. NO LONGER USED!
 # Instead, see {data_path}/userdb.txt
diff --git a/kippo.tac b/kippo.tac
index bde5eb4e..23c3a893 100644
--- a/kippo.tac
+++ b/kippo.tac
@@ -28,10 +28,13 @@ from kippo.core.config import config
 factory = honeypot.HoneyPotSSHFactory()
 factory.portal = portal.Portal(honeypot.HoneyPotRealm())
 
-pubKeyString, privKeyString = honeypot.getRSAKeys()
+rsa_pubKeyString, rsa_privKeyString = honeypot.getRSAKeys()
+dsa_pubKeyString, dsa_privKeyString = honeypot.getDSAKeys()
 factory.portal.registerChecker(honeypot.HoneypotPasswordChecker())
-factory.publicKeys = {'ssh-rsa': keys.Key.fromString(data=pubKeyString)}
-factory.privateKeys = {'ssh-rsa': keys.Key.fromString(data=privKeyString)}
+factory.publicKeys = {'ssh-rsa': keys.Key.fromString(data=rsa_pubKeyString),
+                      'ssh-dss': keys.Key.fromString(data=dsa_pubKeyString)}
+factory.privateKeys = {'ssh-rsa': keys.Key.fromString(data=rsa_privKeyString),
+                       'ssh-dss': keys.Key.fromString(data=dsa_privKeyString)}
 
 cfg = config()
 if cfg.has_option('honeypot', 'ssh_addr'):
diff --git a/kippo/core/honeypot.py b/kippo/core/honeypot.py
index 0957d7ef..87a6feff 100644
--- a/kippo/core/honeypot.py
+++ b/kippo/core/honeypot.py
@@ -698,24 +698,42 @@ class HoneypotPasswordChecker:
 
 def getRSAKeys():
     cfg = config()
-    public_key = cfg.get('honeypot', 'public_key')
-    private_key = cfg.get('honeypot', 'private_key')
+    public_key = cfg.get('honeypot', 'rsa_public_key')
+    private_key = cfg.get('honeypot', 'rsa_private_key')
     if not (os.path.exists(public_key) and os.path.exists(private_key)):
-        # generate a RSA keypair
-        print "Generating RSA keypair..."
+        print "[i] Generating new RSA keypair..."
         from Crypto.PublicKey import RSA
         from twisted.python import randbytes
-        KEY_LENGTH = 1024
+        KEY_LENGTH = 2048
         rsaKey = RSA.generate(KEY_LENGTH, randbytes.secureRandom)
-        publicKeyString = keys.Key(rsaKey).public().toString('openssh')
-        privateKeyString = keys.Key(rsaKey).toString('openssh')
-        # save keys for next time
+        publicKeyString = twisted.conch.ssh.keys.Key(rsaKey).public().toString('openssh')
+        privateKeyString = twisted.conch.ssh.keys.Key(rsaKey).toString('openssh')
         file(public_key, 'w+b').write(publicKeyString)
         file(private_key, 'w+b').write(privateKeyString)
-        print "done."
+        print "[i] Done."
     else:
         publicKeyString = file(public_key).read()
         privateKeyString = file(private_key).read()
     return publicKeyString, privateKeyString
 
-# vim: set sw=4 et:
+def getDSAKeys():
+    cfg = config()
+    public_key = cfg.get('honeypot', 'dsa_public_key')
+    private_key = cfg.get('honeypot', 'dsa_private_key')
+    if not (os.path.exists(public_key) and os.path.exists(private_key)):
+        print "[i] Generating new DSA keypair..."
+        from Crypto.PublicKey import DSA
+        from twisted.python import randbytes
+        KEY_LENGTH = 1024
+        dsaKey = DSA.generate(KEY_LENGTH, randbytes.secureRandom)
+        publicKeyString = twisted.conch.ssh.keys.Key(dsaKey).public().toString('openssh')
+        privateKeyString = twisted.conch.ssh.keys.Key(dsaKey).toString('openssh')
+        file(public_key, 'w+b').write(publicKeyString)
+        file(private_key, 'w+b').write(privateKeyString)
+        print "[i] Done."
+    else:
+        publicKeyString = file(public_key).read()
+        privateKeyString = file(private_key).read()
+    return publicKeyString, privateKeyString
+
+# vim: set sw=4 et:
\ No newline at end of file