dissect.target.helpers.ssh#

Module Contents#

Classes#

SSHPrivateKey

A class to parse (OpenSSH-supported) SSH private keys.

Functions#

is_rfc4716

Validate data is a valid looking SSH private key in the OpenSSH format.

decode_rfc4716

Base64 decode the private key data.

is_pkcs8

Validate data is a valid looking PKCS8 SSH private key.

is_pem

Validate data is a valid looking PEM SSH private key.

Attributes#

dissect.target.helpers.ssh.c_rfc4716_def = Multiline-String#
Show Value
"""
struct ssh_string {
    uint32 length;
    char value[length];
}

struct ssh_private_key {
    char magic[15];

    ssh_string cipher;
    ssh_string kdf_name;
    ssh_string kdf_options;

    uint32 number_of_keys;

    ssh_string public;
    ssh_string private;
}
"""
dissect.target.helpers.ssh.c_rfc4716#
dissect.target.helpers.ssh.RFC4716_MARKER_START = b'-----BEGIN OPENSSH PRIVATE KEY-----'#
dissect.target.helpers.ssh.RFC4716_MARKER_END = b'-----END OPENSSH PRIVATE KEY-----'#
dissect.target.helpers.ssh.RFC4716_MAGIC = b'openssh-key-v1\x00'#
dissect.target.helpers.ssh.RFC4716_PADDING = b'\x01\x02\x03\x04\x05\x06\x07'#
dissect.target.helpers.ssh.RFC4716_NONE = b'none'#
dissect.target.helpers.ssh.PKCS8_MARKER_START = b'-----BEGIN PRIVATE KEY-----'#
dissect.target.helpers.ssh.PKCS8_MARKER_END = b'-----END PRIVATE KEY-----'#
dissect.target.helpers.ssh.PKCS8_MARKER_START_ENCRYPTED = b'-----BEGIN ENCRYPTED PRIVATE KEY-----'#
dissect.target.helpers.ssh.PKCS8_MARKER_END_ENCRYPTED = b'-----END ENCRYPTED PRIVATE KEY-----'#
dissect.target.helpers.ssh.PEM_MARKER_START_RSA = b'-----BEGIN RSA PRIVATE KEY-----'#
dissect.target.helpers.ssh.PEM_MARKER_END_RSA = b'-----END RSA PRIVATE KEY-----'#
dissect.target.helpers.ssh.PEM_MARKER_START_DSA = b'-----BEGIN DSA PRIVATE KEY-----'#
dissect.target.helpers.ssh.PEM_MARKER_END_DSA = b'-----END DSA PRIVATE KEY-----'#
dissect.target.helpers.ssh.PEM_MARKER_START_EC = b'-----BEGIN EC PRIVATE KEY-----'#
dissect.target.helpers.ssh.PEM_MARKER_END_EC = b'-----END EC PRIVATE KEY-----'#
dissect.target.helpers.ssh.PEM_ENCRYPTED = b'ENCRYPTED'#
class dissect.target.helpers.ssh.SSHPrivateKey(data: bytes)#

A class to parse (OpenSSH-supported) SSH private keys.

OpenSSH supports three types of keys: * RFC4716 (default) * PKCS8 * PEM

dissect.target.helpers.ssh.is_rfc4716(data: bytes) bool#

Validate data is a valid looking SSH private key in the OpenSSH format.

dissect.target.helpers.ssh.decode_rfc4716(data: bytes) bytes#

Base64 decode the private key data.

dissect.target.helpers.ssh.is_pkcs8(data: bytes) bool#

Validate data is a valid looking PKCS8 SSH private key.

dissect.target.helpers.ssh.is_pem(data: bytes) bool#

Validate data is a valid looking PEM SSH private key.