class documentation

class SSHPublicKeyChecker: (source)

Constructor: SSHPublicKeyChecker(keydb)

Implements interfaces: twisted.cred.checkers.ICredentialsChecker

View In Hierarchy

Checker that authenticates SSH public keys, based on public keys listed in authorized_keys and authorized_keys2 files in user .ssh/ directories.

Initializing this checker with a UNIXAuthorizedKeysFiles should be used instead of twisted.conch.checkers.SSHPublicKeyDatabase.

Present Since
15.0
Method __init__ Initializes a SSHPublicKeyChecker.
Method requestAvatarId Validate credentials and produce an avatar ID.
Class Variable credentialInterfaces A list of sub-interfaces of ICredentials which specifies which I may check.
Method _checkKey Checks the public key against all authorized keys (if any) for the user.
Method _sanityCheckKey Checks whether the provided credentials are a valid SSH key with a signature (does not actually verify the signature).
Method _verifyKey Checks whether the credentials themselves are valid, now that we know if the key matches the user.
Instance Variable _keydb Undocumented
def __init__(self, keydb: IAuthorizedKeysDB): (source)

Initializes a SSHPublicKeyChecker.

Parameters
keydb:IAuthorizedKeysDBa provider of IAuthorizedKeysDB
def requestAvatarId(self, credentials): (source)

Validate credentials and produce an avatar ID.

Parameters
credentialssomething which implements one of the interfaces in credentialInterfaces.
Returns
a Deferred which will fire with a bytes that identifies an avatar, an empty tuple to specify an authenticated anonymous user (provided as twisted.cred.checkers.ANONYMOUS) or fail with UnauthorizedLogin. Alternatively, return the result itself.
See Also
twisted.cred.credentials
credentialInterfaces = (source)

A list of sub-interfaces of ICredentials which specifies which I may check.

def _checkKey(self, pubKey, credentials): (source)

Checks the public key against all authorized keys (if any) for the user.

Parameters
pubKey:the key in the credentials (just to prevent it from having to be calculated again)
credentials:ISSHPrivateKey providerthe credentials offered by the user
Returns
twisted.conch.ssh.keys.KeypubKey if the key is authorized
Raises
UnauthorizedLoginIf the key is not authorized, or if there was any error obtaining a list of authorized keys for the user.
def _sanityCheckKey(self, credentials): (source)

Checks whether the provided credentials are a valid SSH key with a signature (does not actually verify the signature).

Parameters
credentials:ISSHPrivateKey providerthe credentials offered by the user
Returns
twisted.conch.ssh.keys.Keythe key in the credentials
Raises
ValidPublicKeythe credentials do not include a signature. See error.ValidPublicKey for more information.
BadKeyErrorThe key included with the credentials is not recognized as a key.
def _verifyKey(self, pubKey, credentials): (source)

Checks whether the credentials themselves are valid, now that we know if the key matches the user.

Parameters
pubKey:twisted.conch.ssh.keys.Keythe key in the credentials (just to prevent it from having to be calculated again)
credentials:ISSHPrivateKey providerthe credentials offered by the user
Returns
bytesThe user's username, if authentication was successful
Raises
UnauthorizedLoginIf the key signature is invalid or there was any error verifying the signature.

Undocumented