
Research
npm Malware Targets Telegram Bot Developers with Persistent SSH Backdoors
Malicious npm packages posing as Telegram bot libraries install SSH backdoors and exfiltrate data from Linux developer machines.
.. image:: https://github.com/ojarva/python-sshpubkeys/workflows/Run%20python%20tests/badge.svg
Native implementation for validating OpenSSH public keys.
Currently ssh-rsa, ssh-dss (DSA), ssh-ed25519 and ecdsa keys with NIST curves are supported.
Installation:
::
pip install sshpubkeys
or clone the repository <https://github.com/ojarva/sshpubkeys>
_ and use
::
python setup.py install
Usage:
::
import sys from sshpubkeys import SSHKey
ssh = SSHKey("ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAYQCxO38tKAJXIs9ivPxt7AY" "dfybgtAR1ow3Qkb9GPQ6wkFHQqcFDe6faKCxH6iDRteo4D8L8B" "xwzN42uZSB0nfmjkIxFTcEU3mFSXEbWByg78aoddMrAAjatyrh" "H1pON6P0= ojarva@ojar-laptop", strict=True) try: ssh.parse() except InvalidKeyError as err: print("Invalid key:", err) sys.exit(1) except NotImplementedError as err: print("Invalid key type:", err) sys.exit(1)
print(ssh.bits) # 768 print(ssh.hash_md5()) # 56:84:1e:90:08:3b:60:c7:29:70:5f:5e:25:a6:3b:86 print(ssh.hash_sha256()) # SHA256:xk3IEJIdIoR9MmSRXTP98rjDdZocmXJje/28ohMQEwM print(ssh.hash_sha512()) # SHA512:1C3lNBhjpDVQe39hnyy+xvlZYU3IPwzqK1rVneGavy6O3/ebjEQSFvmeWoyMTplIanmUK1hmr9nA8Skmj516HA print(ssh.comment) # ojar@ojar-laptop print(ssh.options_raw) # None (string of optional options at the beginning of public key) print(ssh.options) # None (options as a dictionary, parsed and validated)
Parsing of authorized_keys
files:
::
import os from sshpubkeys import AuthorizedKeysFile f = open(os.environ["HOME"] + "/.ssh/authorized_keys", "r") key_file = AuthorizedKeysFile(f, strict=False)
for key in key_file.keys: print(key.key_type, key.bits, key.hash_sha512())
Set options in constructor as a keywords (i.e., SSHKey(None, strict=False)
)
See "tests/ <https://github.com/ojarva/sshpubkeys/tree/master/tests>
_" folder for unit tests. Use
::
python setup.py test
or
::
python3 setup.py test
to run test suite. If you have keys that are not parsed properly, or malformed keys that raise incorrect exception, please send your public key to olli@jarva.fi, and I'll include it. Alternatively, create a new issue <https://github.com/ojarva/sshpubkeys/issues/new>
_ or make a pull request <https://github.com/ojarva/sshpubkeys/compare>
_ in github.
FAQs
SSH public key parser
We found that sshpubkeys demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Malicious npm packages posing as Telegram bot libraries install SSH backdoors and exfiltrate data from Linux developer machines.
Security News
pip, PDM, pip-audit, and the packaging library are already adding support for Python’s new lock file format.
Product
Socket's Go support is now generally available, bringing automatic scanning and deep code analysis to all users with Go projects.