From 853c155bda3a833cc2f18e4aa943508f696c8624 Mon Sep 17 00:00:00 2001
From: desaster <desaster@951d7100-d841-11de-b865-b3884708a8e2>
Date: Thu, 10 Feb 2011 16:33:59 +0000
Subject: [PATCH] #36: Support sending a banner before authentication

git-svn-id: https://kippo.googlecode.com/svn/trunk@201 951d7100-d841-11de-b865-b3884708a8e2
---
 kippo.cfg.dist         |  5 +++++
 kippo/core/honeypot.py | 26 +++++++++++++++++++++++++-
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/kippo.cfg.dist b/kippo.cfg.dist
index e2c568a6..ff4e0115 100644
--- a/kippo.cfg.dist
+++ b/kippo.cfg.dist
@@ -103,6 +103,11 @@ private_key = private.key
 # (default: not specified)
 #fake_addr = 192.168.66.254
 
+# Banner file to be displayed before the first login attempt.
+#
+# (default: not specified)
+#banner_file =
+
 # MySQL logging module
 #
 # Database structure for this module is supplied in doc/sql/mysql.sql
diff --git a/kippo/core/honeypot.py b/kippo/core/honeypot.py
index d922792f..f53288fc 100644
--- a/kippo/core/honeypot.py
+++ b/kippo/core/honeypot.py
@@ -493,10 +493,34 @@ class HoneyPotTransport(transport.SSHServerTransport):
         print 'Remote SSH version: %s' % (self.otherVersionString,)
         return transport.SSHServerTransport.ssh_KEXINIT(self, packet)
 
+from twisted.conch.ssh.common import NS, getNS
+class HoneyPotSSHUserAuthServer(userauth.SSHUserAuthServer):
+    def serviceStarted(self):
+        userauth.SSHUserAuthServer.serviceStarted(self)
+        self.bannerSent = False
+
+    def sendBanner(self):
+        if self.bannerSent:
+            return
+        cfg = config()
+        if not cfg.has_option('honeypot', 'banner_file'):
+            return
+        data = file(cfg.get('honeypot', 'banner_file')).read()
+        if not data or not len(data.strip()):
+            return
+        data = '\r\n'.join(data.splitlines() + [''])
+        self.transport.sendPacket(
+            userauth.MSG_USERAUTH_BANNER, NS(data) + NS('en'))
+        self.bannerSent = True
+
+    def ssh_USERAUTH_REQUEST(self, packet):
+        self.sendBanner()
+        return userauth.SSHUserAuthServer.ssh_USERAUTH_REQUEST(self, packet)
+
 # As implemented by Kojoney
 class HoneyPotSSHFactory(factory.SSHFactory):
     services = {
-        'ssh-userauth': userauth.SSHUserAuthServer,
+        'ssh-userauth': HoneyPotSSHUserAuthServer,
         'ssh-connection': connection.SSHConnection,
         }