From a0c7e634643255bec02f8f44285d44933b4c4c3d Mon Sep 17 00:00:00 2001
From: Roald de Vries <rdevries@thoughtworks.com>
Date: Thu, 15 Sep 2016 16:46:26 +0200
Subject: allow ssh for manhole

---
 service/pixelated/application.py | 33 ++++++++++++++++++---------------
 1 file changed, 18 insertions(+), 15 deletions(-)

(limited to 'service/pixelated/application.py')

diff --git a/service/pixelated/application.py b/service/pixelated/application.py
index 7e97ee74..8c65586a 100644
--- a/service/pixelated/application.py
+++ b/service/pixelated/application.py
@@ -22,8 +22,9 @@ from OpenSSL import crypto
 from leap.common.events import (server as events_server,
                                 register, catalog as events)
 from leap.soledad.common.errors import InvalidAuthTokenError
+from twisted.conch import manhole_tap
 from twisted.cred import portal
-from twisted.cred.checkers import AllowAnonymousAccess
+from twisted.cred.checkers import AllowAnonymousAccess, FilePasswordDB
 from twisted.internet import defer
 from twisted.internet import reactor
 from twisted.internet import ssl
@@ -192,21 +193,23 @@ def _start_in_single_user_mode(args, resource, services_factory):
 def start_site(config, resource):
     log.info('Starting the API on port %s' % config.port)
     if config.manhole:
-        MANHOLE_PORT = 8008
-        log.info('Starting the manhole on port %s' % MANHOLE_PORT)
-        from twisted.conch import manhole, manhole_tap, telnet
-        from twisted.conch.insults import insults
-        from twisted.cred import portal, checkers
-        from twisted.internet.protocol import ServerFactory
+        log.info('Starting the manhole on port 8008')
+
         passwdFile, namespace = 'passwd', globals()
-        telnetRealm = manhole_tap._StupidRealm(telnet.TelnetBootstrapProtocol,
-                                               insults.ServerProtocol,
-                                               manhole.ColoredManhole,
-                                               namespace)
-        telnetPortal = portal.Portal(telnetRealm, [checkers.FilePasswordDB(passwdFile)])
-        telnetFactory = ServerFactory()
-        telnetFactory.protocol = manhole_tap.makeTelnetProtocol(telnetPortal)
-        reactor.listenTCP(MANHOLE_PORT, telnetFactory)
+        checker = FilePasswordDB(passwdFile)
+
+        multiService = manhole_tap.makeService(dict(namespace=globals(),
+                                                    telnetPort='8008',
+                                                    sshPort='8009',
+                                                    sshKeyDir='sshKeyDir',
+                                                    sshKeyName='id_rsa',
+                                                    sshKeySize=4096,
+                                                    passwd='passwd'))
+        telnetService, sshService = multiService.services
+        sshFactory = sshService.factory
+
+        reactor.listenTCP(8009, sshFactory)
+
     if config.sslkey and config.sslcert:
         reactor.listenSSL(config.port, PixelatedSite(resource), _ssl_options(config.sslkey, config.sslcert),
                           interface=config.host)
-- 
cgit v1.2.3