module documentation

Provide ICredentialsChecker implementations to be used in Conch protocols.

Interface IAuthorizedKeysDB An object that provides valid authorized ssh keys mapped to usernames.
Class CryptedPasswordRecord A sequence where the item at index 1 may be a crypted password.
Class InMemorySSHKeyDB Object that provides SSH public keys based on a dictionary of usernames mapped to twisted.conch.ssh.keys.Keys.
Class SSHProtocolChecker SSHProtocolChecker is a checker that requires multiple authentications to succeed. To add a checker, call my registerChecker method with the checker and the interface.
Class SSHPublicKeyChecker Checker that authenticates SSH public keys, based on public keys listed in authorized_keys and authorized_keys2 files in user .ssh/ directories.
Class SSHPublicKeyDatabase Checker that authenticates SSH public keys, based on public keys listed in authorized_keys and authorized_keys2 files in user .ssh/ directories.
Class UNIXAuthorizedKeysFiles Object that provides SSH public keys based on public keys listed in authorized_keys and authorized_keys2 files in UNIX user .ssh/ directories. If any of the files cannot be read, a message is logged but that file is otherwise ignored.
Class UNIXPasswordDatabase A checker which validates users out of the UNIX password databases, or databases of a compatible format.
Class UserDB A database of users by name, like the stdlib pwd module.
Class UserRecord A record in a UNIX-style password database. See pwd for field details.
Function readAuthorizedKeyFile Reads keys from an authorized keys file. Any non-comment line that cannot be parsed as a key will be ignored, although that particular line will be logged.
Variable pwd Undocumented
Function _keysFromFilepaths Helper function that turns an iterable of filepaths into a generator of keys. If any file cannot be read, a message is logged but it is otherwise ignored.
Function _lookupUser Lookup a user by name in a pwd-style database.
Function _pwdGetByName Look up a user in the /etc/passwd database using the pwd module. If the pwd module is not available, return None.
Function _shadowGetByName Look up a user in the /etc/shadow database using the spwd module. If it is not available, return None.
Variable _log Undocumented
def readAuthorizedKeyFile(fileobj: IO[bytes], parseKey: Callable[[bytes], keys.Key] = keys.Key.fromString) -> Iterator[keys.Key]: (source)

Reads keys from an authorized keys file. Any non-comment line that cannot be parsed as a key will be ignored, although that particular line will be logged.

Parameters
fileobj:IO[bytes]something from which to read lines which can be parsed as keys
parseKey:Callable[[bytes], keys.Key]a callable that takes bytes and returns a twisted.conch.ssh.keys.Key, mainly to be used for testing. The default is twisted.conch.ssh.keys.Key.fromString.
Returns
Iterator[keys.Key]an iterable of twisted.conch.ssh.keys.Key
Present Since
15.0

Undocumented

def _keysFromFilepaths(filepaths: Iterable[FilePath[Any]], parseKey: Callable[[bytes], keys.Key]) -> Iterable[keys.Key]: (source)

Helper function that turns an iterable of filepaths into a generator of keys. If any file cannot be read, a message is logged but it is otherwise ignored.

Parameters
filepaths:iterableiterable of twisted.python.filepath.FilePath.
parseKey:callablea callable that takes a string and returns a twisted.conch.ssh.keys.Key
Returns
Iterable[keys.Key]generator of twisted.conch.ssh.keys.Key
Present Since
15.0
def _lookupUser(userdb: UserDB, username: bytes) -> UserRecord: (source)

Lookup a user by name in a pwd-style database.

Parameters
userdb:UserDBThe user database.
username:bytesIdentifying name in bytes. This will be decoded according to the filesystem encoding, as the pwd module does internally.
Returns
UserRecordUndocumented
Raises
KeyErrorwhen the user doesn't exist
def _pwdGetByName(username: str) -> Optional[CryptedPasswordRecord]: (source)

Look up a user in the /etc/passwd database using the pwd module. If the pwd module is not available, return None.

Parameters
username:strthe username of the user to return the passwd database information for.
Returns
Optional[CryptedPasswordRecord]A pwd.struct_passwd, where field 1 may contain a crypted password, or None when the pwd database is unavailable.
Raises
KeyErrorwhen no such user exists
def _shadowGetByName(username: str) -> Optional[CryptedPasswordRecord]: (source)

Look up a user in the /etc/shadow database using the spwd module. If it is not available, return None.

Parameters
username:strthe username of the user to return the shadow database information for.
Returns
Optional[CryptedPasswordRecord]A spwd.struct_spwd, where field 1 may contain a crypted password, or None when the spwd database is unavailable.
Raises
KeyErrorwhen no such user exists

Undocumented