class SSHTransportBase(protocol.Protocol): (source)
Known subclasses: twisted.conch.ssh.transport.SSHClientTransport
, twisted.conch.ssh.transport.SSHServerTransport
Protocol supporting basic SSH functionality: sending/receiving packets and message dispatch. To connect to or run a server, you must use SSHClientTransport or SSHServerTransport.
Method | connection |
When the underlying connection is closed, stop the running service (if any), and log out the avatar (if any). |
Method | connection |
Called when the connection is made to the other side. We sent our version and the MSG_KEXINIT packet. |
Method | data |
First, check for the version string (SSH-2.0-*). After that has been received, this method adds data to the buffer, and pulls out any packets. |
Method | dispatch |
Send a received message to the appropriate method. |
Method | get |
Returns an SSHTransportAddress corresponding to the this side of transport. |
Method | get |
Try to return a decrypted, authenticated, and decompressed packet out of the buffer. If there is not enough data, return None. |
Method | get |
Returns an SSHTransportAddress corresponding to the other (peer) side of this transport. |
Method | is |
Check if the connection is encrypted in the given direction. |
Method | is |
Check if the connection is verified/authentication in the given direction. |
Method | kex |
Set the key exchange algorithm name. |
Method | lose |
Lose the connection to the other side, sending a DISCONNECT_CONNECTION_LOST message. |
Method | receive |
Called when we receive a debug message from the other side. |
Method | receive |
Called when we receive a disconnect error message from the other side. |
Method | receive |
Called when we receive an unimplemented packet message from the other side. |
Method | send |
Send a debug message to the other side. |
Method | send |
Send a disconnect message to the other side and then disconnect. |
Method | send |
Send an RFC 8308 extension advertisement to the remote peer. |
Method | send |
Send a message that will be ignored by the other side. This is useful to fool attacks based on guessing packet sizes in the encrypted stream. |
Method | send |
Send a KEXINIT message to initiate key exchange or to respond to a key exchange initiated by the peer. |
Method | send |
Sends a packet. If it's been set up, compress the data, encrypt it, and authenticate it before sending. If key exchange is in progress and the message is not part of key exchange, queue it to be sent later. |
Method | send |
Send a message to the other side that the last packet was not understood. |
Method | set |
Set our service to service and start it running. If we were running a service previously, stop it first. |
Method | ssh_ |
Called when we receive a MSG_DEBUG message. Payload: |
Method | ssh_ |
Called when we receive a MSG_DISCONNECT message. Payload: |
Method | ssh_ |
Called when we get a MSG_EXT_INFO message. Payload: |
Method | ssh_ |
Called when we receive a MSG_IGNORE message. No payload. This means nothing; we simply return. |
Method | ssh_ |
Called when we receive a MSG_KEXINIT message. Payload: |
Method | ssh_ |
Called when we receive a MSG_UNIMPLEMENTED message. Payload: |
Instance Variable | buf |
Data we've received but hasn't been parsed into a packet. |
Instance Variable | comment |
An optional string giving more information about the server or client. |
Instance Variable | current |
an SSHCiphers instance. It represents the current encryption and authentication options for the transport. |
Instance Variable | dh |
Undocumented |
Instance Variable | dh |
Undocumented |
Instance Variable | first |
the first bytes of the next packet. In order to avoid decrypting data twice, the first bytes are decrypted and stored until the whole packet is available. |
Instance Variable | got |
A boolean indicating whether we have received the version string from the other side. |
Instance Variable | incoming |
an object supporting the .decompress(str) method, or None if there is no incoming compression. Used to decompress incoming data. |
Instance Variable | incoming |
A string representing the incoming compression type. |
Instance Variable | incoming |
the sequence number of the next packet we are expecting from the other side. |
Instance Variable | is |
A boolean indicating whether this is a client or server. |
Instance Variable | kex |
The key exchange algorithm name agreed between client and server. |
Instance Variable | key |
the agreed-upon public key type for the key exchange. |
Instance Variable | next |
an SSHCiphers instance. Held here until the MSG_NEWKEYS messages are exchanged, when nextEncryptions is transitioned to currentEncryptions. |
Instance Variable | other |
the MSG_KEXINIT payload we received. Used in the key exchange |
Instance Variable | other |
the version string sent by the other side. Used in the key exchange. |
Instance Variable | our |
the MSG_KEXINIT payload we sent. Used in the key exchange. |
Instance Variable | our |
the version string that we sent to the other side. Used in the key exchange. |
Instance Variable | outgoing |
an object supporting the .compress(str) and .flush() methods, or None if there is no outgoing compression. Used to compress outgoing data. |
Instance Variable | outgoing |
A string representing the outgoing compression type. |
Instance Variable | outgoing |
the sequence number of the next packet we will send. |
Instance Variable | peer |
a dict of extensions supported by the other side of the connection. |
Instance Variable | protocol |
A string representing the version of the SSH protocol we support. Currently defaults to '2.0'. |
Instance Variable | service |
an SSHService instance, or None. If it's set to an object, it's the currently running service. |
Instance Variable | session |
a string that is unique to this SSH session. Created as part of the key exchange, sessionID is used to generate the various encryption and authentication keys. |
Instance Variable | supported |
A list of strings representing the encryption algorithms supported, in order from most-preferred to least. |
Instance Variable | supported |
A list of strings representing compression types supported, from most-preferred to least. |
Instance Variable | supported |
A list of strings representing the key exchanges supported, in order from most-preferred to least. |
Instance Variable | supported |
A list of strings representing languages supported, from most-preferred to least. |
Instance Variable | supported |
A list of strings representing the message authentication codes (hashes) supported, in order from most-preferred to least. Both this and supportedCiphers can include 'none' to use no encryption or authentication, but that must be done manually,... |
Instance Variable | supported |
A list of strings representing the public key algorithms supported, in order from most-preferred to least. |
Instance Variable | supported |
A container of strings representing supported ssh protocol version numbers. |
Instance Variable | version |
A string representing the version of the server or client. Currently defaults to 'Twisted'. |
Method | _allowed |
Determine if the given message type may be sent while key exchange is in progress. |
Method | _encode |
Encode an elliptic curve public key to bytes. |
Method | _finish |
Completes the Diffie-Hellman key agreement started by _startEphemeralDH, and forgets the ephemeral secret key. |
Method | _generate |
Generate an private key for ECDH key exchange. |
Method | _generate |
Generate a shared secret for ECDH key exchange. |
Method | _get |
Get one of the keys for authentication/encryption. |
Method | _key |
Set up the keys for the connection and sends MSG_NEWKEYS when finished, |
Method | _new |
Called back by a subclass once a MSG_NEWKEYS message has been received. This indicates key exchange has completed and new encryption and compression parameters should be adopted. Any messages which were queued during key exchange will also be flushed. |
Method | _start |
Prepares for a Diffie-Hellman key agreement exchange. |
Method | _unsupported |
Called when an unsupported version of the ssh protocol is received from the remote endpoint. |
Constant | _EXT |
Undocumented |
Constant | _EXT |
Undocumented |
Constant | _KEY |
Undocumented |
Constant | _KEY |
Undocumented |
Constant | _KEY |
Undocumented |
Class Variable | _log |
Undocumented |
Instance Variable | _blocked |
Whenever _keyExchangeState is not _KEY_EXCHANGE_NONE, this is a list of pending messages which were passed to sendPacket but could not be sent because it is not legal to send them while a key exchange is in progress... |
Instance Variable | _kex |
Undocumented |
Instance Variable | _key |
The current protocol state with respect to key exchange. This is either _KEY_EXCHANGE_NONE if no key exchange is in progress (and returns to this value after any key exchange completqes), _KEY_EXCHANGE_REQUESTED... |
Instance Variable | _peer |
a boolean indicating whether the other side of the connection supports RFC 8308 extension negotiation. |
Inherited from Protocol
:
Method | log |
Return a prefix matching the class name, to identify log messages related to this protocol instance. |
Class Variable | factory |
Undocumented |
Inherited from BaseProtocol
(via Protocol
):
Method | make |
Make a connection to a transport and a server. |
Instance Variable | connected |
Undocumented |
Instance Variable | transport |
Undocumented |
twisted.conch.client.direct.SSHClientTransport
, twisted.conch.endpoints._CommandTransport
When the underlying connection is closed, stop the running service (if any), and log out the avatar (if any).
Parameters | |
reason:twisted.python.failure.Failure | The cause of the connection being closed. |
twisted.conch.ssh.transport.SSHClientTransport
Called when the connection is made to the other side. We sent our version and the MSG_KEXINIT packet.
First, check for the version string (SSH-2.0-*). After that has been received, this method adds data to the buffer, and pulls out any packets.
Parameters | |
data:bytes | The data that was received. |
Returns an SSHTransportAddress
corresponding to the this side of transport.
Returns | |
SSHTransportAddress | SSHTransportAddress for the peer |
Present Since | |
12.1 |
Returns an SSHTransportAddress
corresponding to the other (peer) side of this transport.
Returns | |
SSHTransportAddress | SSHTransportAddress for the peer |
Present Since | |
12.1 |
Called when we receive an unimplemented packet message from the other side.
Parameters | |
seqnum:int | the sequence number that was not understood. |
Send a message that will be ignored by the other side. This is useful to fool attacks based on guessing packet sizes in the encrypted stream.
Parameters | |
message:str | data to send with the message |
Send a KEXINIT message to initiate key exchange or to respond to a key exchange initiated by the peer.
Returns | |
None | |
Raises | |
RuntimeError | If a key exchange has already been started and it is not appropriate to send a KEXINIT message at this time. |
Sends a packet. If it's been set up, compress the data, encrypt it, and authenticate it before sending. If key exchange is in progress and the message is not part of key exchange, queue it to be sent later.
Parameters | |
messageint | The type of the packet; generally one of the MSG_* values. |
payload:str | The payload for the message. |
twisted.conch.client.direct.SSHClientTransport
Set our service to service and start it running. If we were running a service previously, stop it first.
Parameters | |
service:SSHService | The service to attach. |
Called when we receive a MSG_DEBUG message. Payload:
bool alwaysDisplay string message string language
This means the other side has passed along some debugging info.
Parameters | |
packet:bytes | The message data. |
Called when we receive a MSG_DISCONNECT message. Payload:
long code string description
This means that the other side has disconnected. Pass the message up and disconnect ourselves.
Parameters | |
packet:bytes | The message data. |
Called when we get a MSG_EXT_INFO message. Payload:
uint32 nr-extensions repeat the following 2 fields "nr-extensions" times: string extension-name string extension-value (binary)
Parameters | |
packet:bytes | The message data. |
Called when we receive a MSG_IGNORE message. No payload. This means nothing; we simply return.
Parameters | |
packet:bytes | The message data. |
twisted.conch.ssh.transport.SSHClientTransport
, twisted.conch.ssh.transport.SSHServerTransport
Called when we receive a MSG_KEXINIT message. Payload:
bytes[16] cookie string keyExchangeAlgorithms string keyAlgorithms string incomingEncryptions string outgoingEncryptions string incomingAuthentications string outgoingAuthentications string incomingCompressions string outgoingCompressions string incomingLanguages string outgoingLanguages bool firstPacketFollows unit32 0 (reserved)
Starts setting up the key exchange, keys, encryptions, and authentications. Extended by ssh_KEXINIT in SSHServerTransport and SSHClientTransport.
Parameters | |
packet:bytes | The message data. |
Returns | |
A tuple of negotiated key exchange algorithms, key algorithms, and unhandled data, or None if something went wrong. |
Called when we receive a MSG_UNIMPLEMENTED message. Payload:
long packet
This means that the other side did not implement one of our packets.
Parameters | |
packet:bytes | The message data. |
an SSHCiphers instance. It represents the current encryption and authentication options for the transport.
the first bytes of the next packet. In order to avoid decrypting data twice, the first bytes are decrypted and stored until the whole packet is available.
an object supporting the .decompress(str) method, or None if there is no incoming compression. Used to decompress incoming data.
twisted.conch.ssh.transport.SSHClientTransport
, twisted.conch.ssh.transport.SSHServerTransport
A boolean indicating whether this is a client or server.
an SSHCiphers instance. Held here until the MSG_NEWKEYS messages are exchanged, when nextEncryptions is transitioned to currentEncryptions.
an object supporting the .compress(str) and .flush() methods, or None if there is no outgoing compression. Used to compress outgoing data.
a string that is unique to this SSH session. Created as part of the key exchange, sessionID is used to generate the various encryption and authentication keys.
A list of strings representing the encryption algorithms supported, in order from most-preferred to least.
A list of strings representing the message authentication codes (hashes) supported, in order from most-preferred to least. Both this and supportedCiphers can include 'none' to use no encryption or authentication, but that must be done manually,
A list of strings representing the public key algorithms supported, in order from most-preferred to least.
Determine if the given message type may be sent while key exchange is in progress.
Parameters | |
messageint | The type of message |
Returns | |
bool | True if the given type of message may be sent while key exchange is in progress, False if it may not. |
See Also | |
http://tools.ietf.org/html/rfc4253#section-7.1 |
Encode an elliptic curve public key to bytes.
Parameters | |
ecec.EllipticCurvePublicKey for ecdh-sha2-nistp*, or x25519.X25519PublicKey for curve25519-sha256. | The public key to encode. |
Returns | |
bytes | The encoded public key. |
Generate an private key for ECDH key exchange.
Returns | |
The appropriate private key type matching self.kexAlg: ec.EllipticCurvePrivateKey for ecdh-sha2-nistp*, or x25519.X25519PrivateKey for curve25519-sha256. | The generated private key. |
Generate a shared secret for ECDH key exchange.
Parameters | |
ecec.EllipticCurvePrivateKey for ecdh-sha2-nistp*, or x25519.X25519PrivateKey for curve25519-sha256. | Our private key. |
their | Undocumented |
Returns | |
bytes | The generated shared secret, as an SSH multiple-precision integer. |
Called back by a subclass once a MSG_NEWKEYS message has been received. This indicates key exchange has completed and new encryption and compression parameters should be adopted. Any messages which were queued during key exchange will also be flushed.
Prepares for a Diffie-Hellman key agreement exchange.
Creates an ephemeral keypair in the group defined by (self.g, self.p) and stores it.
Called when an unsupported version of the ssh protocol is received from the remote endpoint.
Parameters | |
remotestr | remote ssh protocol version which is unsupported by us. |
Whenever _keyExchangeState is not _KEY_EXCHANGE_NONE, this is a list of pending messages which were passed to sendPacket
but could not be sent because it is not legal to send them while a key exchange is in progress. When the key exchange completes, another attempt is made to send these messages.
The current protocol state with respect to key exchange. This is either _KEY_EXCHANGE_NONE if no key exchange is in progress (and returns to this value after any key exchange completqes), _KEY_EXCHANGE_REQUESTED if this side of the connection initiated a key exchange, and _KEY_EXCHANGE_PROGRESSING if the other side of the connection initiated a key exchange. _KEY_EXCHANGE_NONE is the initial value (however SSH connections begin with key exchange, so it will quickly change to another state).