From a0c7e634643255bec02f8f44285d44933b4c4c3d Mon Sep 17 00:00:00 2001
From: Roald de Vries <rdevries@thoughtworks.com>
Date: Thu, 15 Sep 2016 16:46:26 +0200
Subject: allow ssh for manhole

---
 passwd                           |  2 +-
 service/pixelated/application.py | 33 ++++++++++++++++++---------------
 sshKeyDir/id_rsa                 | 15 +++++++++++++++
 sshKeyDir/id_rsa.pub             |  1 +
 4 files changed, 35 insertions(+), 16 deletions(-)
 create mode 100644 sshKeyDir/id_rsa
 create mode 100755 sshKeyDir/id_rsa.pub

diff --git a/passwd b/passwd
index 65a28bbc..54cf98bb 100644
--- a/passwd
+++ b/passwd
@@ -1 +1 @@
-roald:verystrong
+pix:
diff --git a/service/pixelated/application.py b/service/pixelated/application.py
index 7e97ee74..8c65586a 100644
--- a/service/pixelated/application.py
+++ b/service/pixelated/application.py
@@ -22,8 +22,9 @@ from OpenSSL import crypto
 from leap.common.events import (server as events_server,
                                 register, catalog as events)
 from leap.soledad.common.errors import InvalidAuthTokenError
+from twisted.conch import manhole_tap
 from twisted.cred import portal
-from twisted.cred.checkers import AllowAnonymousAccess
+from twisted.cred.checkers import AllowAnonymousAccess, FilePasswordDB
 from twisted.internet import defer
 from twisted.internet import reactor
 from twisted.internet import ssl
@@ -192,21 +193,23 @@ def _start_in_single_user_mode(args, resource, services_factory):
 def start_site(config, resource):
     log.info('Starting the API on port %s' % config.port)
     if config.manhole:
-        MANHOLE_PORT = 8008
-        log.info('Starting the manhole on port %s' % MANHOLE_PORT)
-        from twisted.conch import manhole, manhole_tap, telnet
-        from twisted.conch.insults import insults
-        from twisted.cred import portal, checkers
-        from twisted.internet.protocol import ServerFactory
+        log.info('Starting the manhole on port 8008')
+
         passwdFile, namespace = 'passwd', globals()
-        telnetRealm = manhole_tap._StupidRealm(telnet.TelnetBootstrapProtocol,
-                                               insults.ServerProtocol,
-                                               manhole.ColoredManhole,
-                                               namespace)
-        telnetPortal = portal.Portal(telnetRealm, [checkers.FilePasswordDB(passwdFile)])
-        telnetFactory = ServerFactory()
-        telnetFactory.protocol = manhole_tap.makeTelnetProtocol(telnetPortal)
-        reactor.listenTCP(MANHOLE_PORT, telnetFactory)
+        checker = FilePasswordDB(passwdFile)
+
+        multiService = manhole_tap.makeService(dict(namespace=globals(),
+                                                    telnetPort='8008',
+                                                    sshPort='8009',
+                                                    sshKeyDir='sshKeyDir',
+                                                    sshKeyName='id_rsa',
+                                                    sshKeySize=4096,
+                                                    passwd='passwd'))
+        telnetService, sshService = multiService.services
+        sshFactory = sshService.factory
+
+        reactor.listenTCP(8009, sshFactory)
+
     if config.sslkey and config.sslcert:
         reactor.listenSSL(config.port, PixelatedSite(resource), _ssl_options(config.sslkey, config.sslcert),
                           interface=config.host)
diff --git a/sshKeyDir/id_rsa b/sshKeyDir/id_rsa
new file mode 100644
index 00000000..3df44486
--- /dev/null
+++ b/sshKeyDir/id_rsa
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCislwCbPl41Dq02X8BtA97+5GVp2J40l8LOzTbsTc20ikt/2hy
+EFgbbnhnd0IkPMO2ggnr9jB0PX39QliXIrhDGSkIcLf3VHowHZwfsVEKO2jjlQgs
+uliymfYc3MI8yN/2W1vDYIqJ56W52ZWSs+csPnioMPAwG+d14qDsjJ/FCwIDAQAB
+AoGBAI2cNy+5UG8WMr8E7GI8KpocvnwHBFPrr+RjtT9fgZKK3GL4Ax39EeNWhSBx
+kjVeWm85wo8KauRSPZ45qEhsZPpG0dBihgvv/L1HFIDdyscS61Jmb3spngb3+PpS
+EYGIyMlEfnzXGRsdH3QFNdGwTFhe7uHx2qTuXdM8sTJ2jMMBAkEAyJt/S8/229w5
+znLzeRgt4yacKaiZQuWdX66Jdtogap57ZfXpLAV+pmck980748XDQdo54uLayAgv
+VPNZuPbliwJBAM+fCZI8tTJI9ziXqwty0Tv2FmLnwuzS34/hhVr76t2w7ToN0T2E
+oCo5SQerbvGQlZzWlC3RWGSM0n7ZJlkJjoECQFAm2OiokgBscGhNQ3xprcPpZFG8
+vGefKI7XRLNJGdSft7wYUe61z1GbOokL5lbuaEKCd8hwTWvI4Wh2xq2BcFsCQHQl
+Lb+HAn5M3y/jeKYA5xe6BK/zotHE7ZeZu3Y4cxzteuf9Ds5xQQAd58LInlm4XlnM
+mDxBXkdxl9eqNo+cjwECQCQMqAgrWUeaviH8uHukWCud8gxpLt1G/gduoqwLixoo
+Od0G87s6V4fbUXSu34oix1cCQore95S+fliPOsrdue8=
+-----END RSA PRIVATE KEY-----
\ No newline at end of file
diff --git a/sshKeyDir/id_rsa.pub b/sshKeyDir/id_rsa.pub
new file mode 100755
index 00000000..e02f9bc1
--- /dev/null
+++ b/sshKeyDir/id_rsa.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCislwCbPl41Dq02X8BtA97+5GVp2J40l8LOzTbsTc20ikt/2hyEFgbbnhnd0IkPMO2ggnr9jB0PX39QliXIrhDGSkIcLf3VHowHZwfsVEKO2jjlQgsuliymfYc3MI8yN/2W1vDYIqJ56W52ZWSs+csPnioMPAwG+d14qDsjJ/FCw== rdevries@eurdevries.local
\ No newline at end of file
-- 
cgit v1.2.3