torch-agent/torch-agent.py

from stem.control import Controller
import stem.connection
import paho.mqtt.client as mqtt
import ssl
import socks
import socket
import json
import configparser
import argparse
from datetime import datetime
from os import environ

parser = argparse.ArgumentParser(description='Broadcast SSH hidden service hostname via MQTT')

parser.add_argument('--config-dir', nargs='?', dest='configPath', default='/etc/torch',
                   help='configuration directory (default: /etc/torch)')

args = parser.parse_args()

configPath = args.configPath

if "TORCH_CONFIG_DIR" in environ:
  configPath = environ.get("TORCH_CONFIG_DIR")

if not configPath.endswith("/"):
  configPath = configPath + "/"

print("Using torch configuration path: " + configPath)

config = configparser.ConfigParser()
config.read(configPath + "torch.conf")

torProxyPort = config['tor'].getint('ProxyPort', fallback = 9050)
torControllerPort = config['tor'].getint('ControllerPort', fallback = 9051)

sshPort = config['ssh'].getint('Port', fallback = 22)

mqttConfig = config['mqtt']
mqttBrokerHost = mqttConfig.get('BrokerHost', fallback = "localhost")
mqttBrokerPort = mqttConfig.getint('BrokerPort', fallback = 1883)
clientID = mqttConfig.get('ClientID', fallback = socket.gethostname())
mqttTopic = mqttConfig.get('Topic', fallback = "torch/%s/onion_url" % (clientID))

mqttRequireCertificate = mqttConfig.getboolean(
                                       'RequireCertificate', 
                                       fallback = False)

mqttCaFile = configPath + mqttConfig.get('CaFile')
mqttCertFile = configPath + mqttConfig.get('CertFile')
mqttKeyFile = configPath + mqttConfig.get('KeyFile')

with Controller.from_port(port = torControllerPort) as controller:
  
  protocolInfo = stem.connection.get_protocolinfo(controller)

  stem.connection.authenticate_safecookie(
                       controller, 
                       protocolInfo.cookie_path)
  
  print("Connected to Tor on port %s" % (torControllerPort))

  service = controller.create_ephemeral_hidden_service(
                             sshPort,
							 detached = True)

  onionAddress = "%s.onion" % (service.service_id)

  print("Created Tor Hidden Service for local port %s at %s" % (sshPort, onionAddress))

payload = { 
  'clientId': clientID, 
  'timestamp': datetime.now().strftime("%d-%b-%Y (%H:%M:%S.%f)"), 
  'onionAddress': onionAddress, 
  'sshPort': sshPort 
  }

client = mqtt.Client()
protocol = "mqtt"

if mqttRequireCertificate:
  client.tls_set(
          ca_certs = mqttCaFile, 
          certfile = mqttCertFile, 
          keyfile = mqttKeyFile, 
          cert_reqs=ssl.CERT_REQUIRED)
  protocol = "mqtts"

if mqttBrokerHost.endswith(".onion"):
  client.proxy_set(proxy_type=socks.SOCKS5, proxy_addr="localhost", proxy_port=torProxyPort)
  client.tls_insecure_set(True)

client.connect(mqttBrokerHost, mqttBrokerPort, 60)
client.publish(mqttTopic, json.dumps(payload))
print("Connected to MQTT Broker at %s://%s:%s/%s" % (protocol, mqttBrokerHost, mqttBrokerPort, mqttTopic))
print("Published payload: " + json.dumps(payload))

client.disconnect()
print("Disconnected from MQTT Broker")
Initial commit 2020-10-02 14:34:30 +00:00			`from stem.control import Controller`
			`import stem.connection`
			`import paho.mqtt.client as mqtt`
			`import ssl`
Added support for tor / onion broker hostname 2020-10-05 11:18:22 +00:00			`import socks`
Include ClientID (default: hostname) and default topic 2020-10-05 11:49:34 +00:00			`import socket`
			`import json`
Initial commit 2020-10-02 14:34:30 +00:00			`import configparser`
Added --config-dir parameter and timestamp in payload 2020-10-05 14:36:04 +00:00			`import argparse`
			`from datetime import datetime`
can override config dir using environment variable; block while creating Tor hidden service in case Tor isn't quite ready; added logging 2020-10-06 09:49:02 +00:00			`from os import environ`
Initial commit 2020-10-02 14:34:30 +00:00
Added --config-dir parameter and timestamp in payload 2020-10-05 14:36:04 +00:00			`parser = argparse.ArgumentParser(description='Broadcast SSH hidden service hostname via MQTT')`

			`parser.add_argument('--config-dir', nargs='?', dest='configPath', default='/etc/torch',`
			`help='configuration directory (default: /etc/torch)')`

			`args = parser.parse_args()`

			`configPath = args.configPath`

can override config dir using environment variable; block while creating Tor hidden service in case Tor isn't quite ready; added logging 2020-10-06 09:49:02 +00:00			`if "TORCH_CONFIG_DIR" in environ:`
			`configPath = environ.get("TORCH_CONFIG_DIR")`

Added --config-dir parameter and timestamp in payload 2020-10-05 14:36:04 +00:00			`if not configPath.endswith("/"):`
			`configPath = configPath + "/"`
Initial commit 2020-10-02 14:34:30 +00:00
can override config dir using environment variable; block while creating Tor hidden service in case Tor isn't quite ready; added logging 2020-10-06 09:49:02 +00:00			`print("Using torch configuration path: " + configPath)`

Initial commit 2020-10-02 14:34:30 +00:00			`config = configparser.ConfigParser()`
			`config.read(configPath + "torch.conf")`

Added support for tor / onion broker hostname 2020-10-05 11:18:22 +00:00			`torProxyPort = config['tor'].getint('ProxyPort', fallback = 9050)`
Initial commit 2020-10-02 14:34:30 +00:00			`torControllerPort = config['tor'].getint('ControllerPort', fallback = 9051)`
Added --config-dir parameter and timestamp in payload 2020-10-05 14:36:04 +00:00
Initial commit 2020-10-02 14:34:30 +00:00			`sshPort = config['ssh'].getint('Port', fallback = 22)`
Added --config-dir parameter and timestamp in payload 2020-10-05 14:36:04 +00:00
Initial commit 2020-10-02 14:34:30 +00:00			`mqttConfig = config['mqtt']`
			`mqttBrokerHost = mqttConfig.get('BrokerHost', fallback = "localhost")`
			`mqttBrokerPort = mqttConfig.getint('BrokerPort', fallback = 1883)`
Include ClientID (default: hostname) and default topic 2020-10-05 11:49:34 +00:00			`clientID = mqttConfig.get('ClientID', fallback = socket.gethostname())`
			`mqttTopic = mqttConfig.get('Topic', fallback = "torch/%s/onion_url" % (clientID))`
Initial commit 2020-10-02 14:34:30 +00:00
			`mqttRequireCertificate = mqttConfig.getboolean(`
			`'RequireCertificate',`
			`fallback = False)`

			`mqttCaFile = configPath + mqttConfig.get('CaFile')`
			`mqttCertFile = configPath + mqttConfig.get('CertFile')`
			`mqttKeyFile = configPath + mqttConfig.get('KeyFile')`

			`with Controller.from_port(port = torControllerPort) as controller:`

			`protocolInfo = stem.connection.get_protocolinfo(controller)`

			`stem.connection.authenticate_safecookie(`
			`controller,`
			`protocolInfo.cookie_path)`

can override config dir using environment variable; block while creating Tor hidden service in case Tor isn't quite ready; added logging 2020-10-06 09:49:02 +00:00			`print("Connected to Tor on port %s" % (torControllerPort))`

BUGFIX: Tor hidden service was being closed after publication 2020-10-06 11:50:23 +00:00			`service = controller.create_ephemeral_hidden_service(`
			`sshPort,`
			`detached = True)`
Initial commit 2020-10-02 14:34:30 +00:00
			`onionAddress = "%s.onion" % (service.service_id)`

can override config dir using environment variable; block while creating Tor hidden service in case Tor isn't quite ready; added logging 2020-10-06 09:49:02 +00:00			`print("Created Tor Hidden Service for local port %s at %s" % (sshPort, onionAddress))`

Added --config-dir parameter and timestamp in payload 2020-10-05 14:36:04 +00:00			`payload = {`
			`'clientId': clientID,`
			`'timestamp': datetime.now().strftime("%d-%b-%Y (%H:%M:%S.%f)"),`
			`'onionAddress': onionAddress,`
			`'sshPort': sshPort`
			`}`
Include ClientID (default: hostname) and default topic 2020-10-05 11:49:34 +00:00
Initial commit 2020-10-02 14:34:30 +00:00			`client = mqtt.Client()`
can override config dir using environment variable; block while creating Tor hidden service in case Tor isn't quite ready; added logging 2020-10-06 09:49:02 +00:00			`protocol = "mqtt"`
Initial commit 2020-10-02 14:34:30 +00:00
			`if mqttRequireCertificate:`
			`client.tls_set(`
			`ca_certs = mqttCaFile,`
			`certfile = mqttCertFile,`
			`keyfile = mqttKeyFile,`
			`cert_reqs=ssl.CERT_REQUIRED)`
can override config dir using environment variable; block while creating Tor hidden service in case Tor isn't quite ready; added logging 2020-10-06 09:49:02 +00:00			`protocol = "mqtts"`
Initial commit 2020-10-02 14:34:30 +00:00
Added support for tor / onion broker hostname 2020-10-05 11:18:22 +00:00			`if mqttBrokerHost.endswith(".onion"):`
			`client.proxy_set(proxy_type=socks.SOCKS5, proxy_addr="localhost", proxy_port=torProxyPort)`
			`client.tls_insecure_set(True)`

Initial commit 2020-10-02 14:34:30 +00:00			`client.connect(mqttBrokerHost, mqttBrokerPort, 60)`
Include ClientID (default: hostname) and default topic 2020-10-05 11:49:34 +00:00			`client.publish(mqttTopic, json.dumps(payload))`
can override config dir using environment variable; block while creating Tor hidden service in case Tor isn't quite ready; added logging 2020-10-06 09:49:02 +00:00			`print("Connected to MQTT Broker at %s://%s:%s/%s" % (protocol, mqttBrokerHost, mqttBrokerPort, mqttTopic))`
			`print("Published payload: " + json.dumps(payload))`

Initial commit 2020-10-02 14:34:30 +00:00			`client.disconnect()`
can override config dir using environment variable; block while creating Tor hidden service in case Tor isn't quite ready; added logging 2020-10-06 09:49:02 +00:00			`print("Disconnected from MQTT Broker")`