{ "info": { "author": "Tim Savannah", "author_email": "kata198@gmail.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 5 - Production/Stable", "License :: OSI Approved :: GNU Lesser General Public License v2 (LGPLv2)", "Programming Language :: Python", "Programming Language :: Python :: 2", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 2 :: Only", "Topic :: Security", "Topic :: System :: Networking" ], "description": "Socket Gatekeeper\n=================\n\n\nSocket Gatekeeper provides a means of password securing and routing arbitrary sockets. It can add security to existing services that provide no/weak authentication,\n and replace several ports to the outside world with a single point of entry.\n\nIt listens on a socket and waits for a connection. Upon connection, it sends a 1024-bit RSA public key to the client.\nThe client uses this public key to encrypt the password and sends it back over the wire.\nThat password is hashed using SHA-256 and compared against a provided mapping file. This mapping file specifies where that password\nis to be routed. Example, giving password \"abc\" may route to some management info on one port, giving a different password \"foo\" may\nroute to an information service running somewhere else. Giving a password that is not mapped will result in a terminated connection.\nThere is no information to the client describing what is running where, or that this is even a gatekeeper socket (for security).\n\n\nYou can use Socket Gatekeeper for many tasks:\n\n* Securing protocols that do not have any inherit security\n* Only opening one port on a machine where several administrative services are running. Admins are given their own unique passwords to acccess the services they require\n* Opening a port to the outside world which then routes using secure passwords to any number of internal services\n* Several others!\n\n\nMapping File (configuration)\n============================\n\nThe routing provided by the daemon is controlled by a mapping file.\n\nThis file is in the format:\n\n sha256sum=Addr:Port\n\nExample, for a password \"abc\" to route to localhost port 6379, use:\n\n ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad = 127.0.0.1:6379\n\nYou can derive a sha256 sum with the following script:\n\n echo -n \"your_password_here\" | sha256sum | awk {'print $1'}\n\nYou may have multiple passwords lead to the same endpoint, but a single password may only lead to one endpoint.\n\n\nStarting The Server (in front of other services)\n================================================\n\nUse the provided command *socket-gatekeeperd* to start a gatekeeper daemon.\n\nRequired Arguments:\n\n You must provide \"--mappings=/path/to/file\" (or \"-m /path/to/file\") to the mapping file.\n You must also provide \"--bind=addr:port\" (or \"-b addr:port\") example: 127.0.0.1:50001\n\nOther Arguments:\n\n --client-buffer-len=X This will use X as the number of bytes transmitted/received at one time to/from the client\n --endpoint-buffer-len=X This will use X as the number of bytes transmitted/received at one time to/from the endpoint\n\n Both buffer arguments default to 4096.\n\n --enable-quit This will intercept the messages \"quit\" and \"exit\" and cause them to terminate the connection.\n\n\nConnecting To The Server (telnet style)\n=======================================\n\nOnce you have a server up and running, you can connect to it with the provided *socket-gatekeeper-connect* program.\n\nYou specify the address and port on which to connect, and it handles the RSA portion, prompts for a password which is not echoed\nto the screen, and then serves as an in-between to you and the endpoint.\n\n\n Usage: ./socket-gatekeeper-connect Addr:port\n\n Connects to a gatekeeper socket. This is basically the same as telnetting to the socket, except it will not echo the password\n back on the screen, so this is more secure.\n\n\nIntegrating Into Applications (socket style)\n============================================\n\n*socket-gatekeeperd* sits in front of your daemons to add security to any protocol. \n\nBut you want to connect to that service using existing tools?\n\n\nYou should use socket_gatekeeper.GatekeeperSocket. It extends the standard python \"socket\" with methods that either perform the handshake with\n\na given password, or prompt the user and perform the handshake that way. After authentication, it behaves just as a normal socket. Thus, you can\n\nextend any code by replacing socket with GatekeeperSocket.\n\nFor use with other languages as the client, see GatekeeperSocket for the simple implementation of the handshake. It should be easy to implement in \n\nother languages.\n\n\n\nExample:\n--------\n\n sock = GatekeeperSocket(socket.AF_INET, socket.SOCK_STREAM)\n\n try:\n\n sock.connect( (addrSplit[0], int(addrSplit[1])) )\n\n except socket.error:\n\n sys.stderr.write('Failed to connect to %s\\n' %(sys.argv[1],))\n\n sys.exit(1)\n\n\n sock.doAuthenticationFromInput()\n\n\nDependencies\n============\n\nDepends on python 2.7 and ArgumentParser (https://pypi.python.org/pypi/argumentparser) as well as PyCrypto (https://pypi.python.org/pypi/pycrypto)", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/kata198/socket-gatekeeper", "keywords": "socket,password,gatekeeper,security,auth,access,control,add,authenticate,RSA", "license": "LGPLv2", "maintainer": null, "maintainer_email": null, "name": "socket-gatekeeper", "package_url": "https://pypi.org/project/socket-gatekeeper/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/socket-gatekeeper/", "project_urls": { "Download": "UNKNOWN", "Homepage": "https://github.com/kata198/socket-gatekeeper" }, "release_url": "https://pypi.org/project/socket-gatekeeper/1.3.2/", "requires_dist": null, "requires_python": null, "summary": "Add authentication and enhance security to any existing service/protocol", "version": "1.3.2" }, "last_serial": 1588815, "releases": { "1.1": [ { "comment_text": "", "digests": { "md5": "f3eca700169de67bb846562a90333d96", "sha256": "845840a18bfb4df3c8bf785d747b8e66798a544b773bdd125186e179be1d9f60" }, "downloads": -1, "filename": "socket-gatekeeper-1.1.tar.gz", "has_sig": false, "md5_digest": "f3eca700169de67bb846562a90333d96", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 10912, "upload_time": "2015-05-26T16:57:46", "url": "https://files.pythonhosted.org/packages/ce/c4/249f2a1bcae6e7dc811e7fee1b692d95f6775497f96a244ab2da0a2bef77/socket-gatekeeper-1.1.tar.gz" } ], "1.2": [ { "comment_text": "", "digests": { "md5": "fed0f970b862f647845169bc67c9cccd", "sha256": "3916d4228d053935b429fb97ab5eed28cecd27d5740823b6e5822fda52bc83f7" }, "downloads": -1, "filename": "socket-gatekeeper-1.2.tar.gz", "has_sig": false, "md5_digest": "fed0f970b862f647845169bc67c9cccd", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 12412, "upload_time": "2015-05-27T18:34:01", "url": "https://files.pythonhosted.org/packages/f6/47/b06cacdd8aa914b7fc19f06e6564381218d07729479e9da62e6ab84d1328/socket-gatekeeper-1.2.tar.gz" } ], "1.3": [ { "comment_text": "", "digests": { "md5": "4e7f2c9f613f3c95eaecf2fffb39c412", "sha256": "0c8f1c51abfb5fbd39a22349227ca6b084b44e300a2ec7c4dda7bfca35dc6661" }, "downloads": -1, "filename": "socket-gatekeeper-1.3.tar.gz", "has_sig": false, "md5_digest": "4e7f2c9f613f3c95eaecf2fffb39c412", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 13428, "upload_time": "2015-06-11T22:16:11", "url": "https://files.pythonhosted.org/packages/3a/a7/38b3a72a360714a1d6e87892794f52d96e5b3285e5ea535f66aaa93f092a/socket-gatekeeper-1.3.tar.gz" } ], "1.3.1": [], "1.3.2": [ { "comment_text": "", "digests": { "md5": "72f44ecb52a89fc63f85c2af2bcc65b4", "sha256": "919a1ba7b5e515cd821a4645179f2704832cf3d39e9356ebb14d6b12ab316f01" }, "downloads": -1, "filename": "socket-gatekeeper-1.3.2.tar.gz", "has_sig": false, "md5_digest": "72f44ecb52a89fc63f85c2af2bcc65b4", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 13805, "upload_time": "2015-06-11T22:37:26", "url": "https://files.pythonhosted.org/packages/2c/da/63fd1a9b5f82c15dcf86fdf10447456a391993629f899685cd1566ab2b13/socket-gatekeeper-1.3.2.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "72f44ecb52a89fc63f85c2af2bcc65b4", "sha256": "919a1ba7b5e515cd821a4645179f2704832cf3d39e9356ebb14d6b12ab316f01" }, "downloads": -1, "filename": "socket-gatekeeper-1.3.2.tar.gz", "has_sig": false, "md5_digest": "72f44ecb52a89fc63f85c2af2bcc65b4", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 13805, "upload_time": "2015-06-11T22:37:26", "url": "https://files.pythonhosted.org/packages/2c/da/63fd1a9b5f82c15dcf86fdf10447456a391993629f899685cd1566ab2b13/socket-gatekeeper-1.3.2.tar.gz" } ] }