Twisted Conch - Server/Client

Question

I'm looking to create a Twisted Conch Server/Client SSH application similar to the below:

Client <---Key1---> Server/Client <---Key2---> Server

I guess it's like an SSH MITM or command proxier.

I have read the answers to similar Twisted related questions, such as: Twisted server-client data sharing and I understand the theory behind passing client/server data.

The part I am unsure of is the user authentication. I want to pass the login details from the first client, through my twisted conch application to the endpoint server. Is there a way to do this?

Also, would it be possible to do separate SSH key negotiations but then pass all data, including credentials and any commands typed, between server and client?

Answer 1

Unfortunately, this is a little more complicated than it seems. SSH goes through some pains to try and avoid this kind of MITM. If you don't use the same key negotiation, the publickey authentication won't succeed because string you're signing is different on both sides of the connection (see the RFC section 7 for more).

Password authentication should still work okay, though. The easiest way to do that would be to create a twisted.conch.ssh.session.SSHSession subclass which listens for packets on the packetReceived method and forwards them to the corresponding transport.sendPacket.