class Metasploit::Credential::SSHKey

A private SSH key file.

Public Instance Methods

encrypted?() click to toggle source

Whether the key data in {#data} is encrypted. Encrypted keys cannot be saved and should be decrypted before saving in a {Metasploit::Credential::SSHKey}.

@return [false] if {#data} does not contain ‘’ENCRYPTED’‘ or {#data} is `nil`. @return [true] if {#data} contains `’ENCRYPTED’‘.

# File app/models/metasploit/credential/ssh_key.rb, line 44
def encrypted?
  if data
    # see https://github.com/net-ssh/net-ssh/blob/1b5db680fee66e1d846d0396eb1a68d3fabdc3de/lib/net/ssh/key_factory.rb#L72
    data.match(/ENCRYPTED/)
  else
    false
  end
end
private?() click to toggle source

Whether the key data in {#data} is a private key. Only private keys are supported as public keys cannot be used as {Metasploit::Credential::Public#data}.

@return [false] if {#data} does not contain ‘’—–BEGIN <type> PRIVATE KEY—–‘` or {#data} is `nil`. @return [true] if {#data} contains `’—–BEGIN <type> PRIVATE KEY—–‘`.

# File app/models/metasploit/credential/ssh_key.rb, line 58
def private?
  if data
    # @see https://github.com/net-ssh/net-ssh/blob/1b5db680fee66e1d846d0396eb1a68d3fabdc3de/lib/net/ssh/key_factory.rb#L56-L69
    data.match(/-----BEGIN (.+) PRIVATE KEY-----/)
  else
    false
  end
end
to_s() click to toggle source

The {#data key data}‘s fingerprint, suitable for displaying to the user.

@return [String]

# File app/models/metasploit/credential/ssh_key.rb, line 71
def to_s
  data ? openssl_pkey_pkey.fingerprint : ''
end

Private Instance Methods

openssl_pkey_pkey() click to toggle source

Converts the private key file data in {#data} to an ‘OpenSSL::PKey::PKey` subclass instance.

@return [OpenSSL::PKey::PKey] @raise [ArgumentError, OpenSSL::PKey::PKeyError] if {#data} cannot be loaded

# File app/models/metasploit/credential/ssh_key.rb, line 81
def openssl_pkey_pkey
  if data
    ask_passphrase = false
    filename = "#{self.class}#data"
    passphrase = nil

    begin
      Net::SSH::KeyFactory.load_data_private_key(data, passphrase, ask_passphrase, filename)
    rescue OpenSSL::PKey::PKeyError => error
      raise ArgumentError.new(error)
    end
  end
end
private() click to toggle source

Validates that {#data} contains a private key and NOT a public key or some other non-key data.

@return [void]

# File app/models/metasploit/credential/ssh_key.rb, line 98
def private
  unless private?
    errors.add(:data, :not_private)
  end
end
readable() click to toggle source

Validates that {#data} can be read by Net::SSH and a ‘OpenSSL::PKey::PKey` created from {#data}. Any exception raised will be reported as a validation error.

@return [void]

# File app/models/metasploit/credential/ssh_key.rb, line 108
def readable
  if data
    begin
      openssl_pkey_pkey
    rescue ArgumentError, OpenSSL::PKey::PKeyError => error
      errors.add(:data, "#{error.class} #{error}")
    end
  end
end
unencrypted() click to toggle source

Validates that the private key is not encrypted as unencrypting the private key with its password is not supported: the unencrypted version of the key should be generated using the password and stored instead.

@return [void]

# File app/models/metasploit/credential/ssh_key.rb, line 122
def unencrypted
  if encrypted?
    errors.add(:data, :encrypted)
  end
end