twisted.conch.checkers.SSHPublicKeyChecker

class documentation

class SSHPublicKeyChecker: (source)

Implements interfaces: twisted.cred.checkers.ICredentialsChecker

View In Hierarchy

Checker that authenticates SSH public keys, based on public keys listed in authorized_keys and authorized_keys2 files in user .ssh/ directories.

Initializing this checker with a UNIXAuthorizedKeysFiles should be used instead of twisted.conch.checkers.SSHPublicKeyDatabase.

Present Since
15.0
Method __init__ Initializes a SSHPublicKeyChecker.
Method requestAvatarId Validate credentials and produce an avatar ID.
Class Variable credentialInterfaces A list of sub-interfaces of ICredentials which specifies which I may check.
Method _checkKey Checks the public key against all authorized keys (if any) for the user.
Method _sanityCheckKey Checks whether the provided credentials are a valid SSH key with a signature (does not actually verify the signature).
Method _verifyKey Checks whether the credentials themselves are valid, now that we know if the key matches the user.
Instance Variable _keydb Undocumented
def __init__(self, keydb): (source)
Initializes a SSHPublicKeyChecker.
Parameters
keydb:IAuthorizedKeysDB providera provider of IAuthorizedKeysDB
def requestAvatarId(self, credentials): (source)
from twisted.cred.checkers.ICredentialsChecker
Validate credentials and produce an avatar ID.
Parameters
credentialssomething which implements one of the interfaces in credentialInterfaces.
Returns
a Deferred which will fire with a bytes that identifies an avatar, an empty tuple to specify an authenticated anonymous user (provided as twisted.cred.checkers.ANONYMOUS) or fail with UnauthorizedLogin. Alternatively, return the result itself.
See Also
twisted.cred.credentials
credentialInterfaces = (source)
from twisted.cred.checkers.ICredentialsChecker
A list of sub-interfaces of ICredentials which specifies which I may check.
def _checkKey(self, pubKey, credentials): (source)
Checks the public key against all authorized keys (if any) for the user.
Parameters
pubKey:the key in the credentials (just to prevent it from having to be calculated again)
credentials:ISSHPrivateKey providerthe credentials offered by the user
Returns
twisted.conch.ssh.keys.KeypubKey if the key is authorized
Raises
UnauthorizedLoginIf the key is not authorized, or if there was any error obtaining a list of authorized keys for the user.
def _sanityCheckKey(self, credentials): (source)
Checks whether the provided credentials are a valid SSH key with a signature (does not actually verify the signature).
Parameters
credentials:ISSHPrivateKey providerthe credentials offered by the user
Returns
twisted.conch.ssh.keys.Keythe key in the credentials
Raises
ValidPublicKeythe credentials do not include a signature. See error.ValidPublicKey for more information.
BadKeyErrorThe key included with the credentials is not recognized as a key.
def _verifyKey(self, pubKey, credentials): (source)
Checks whether the credentials themselves are valid, now that we know if the key matches the user.
Parameters
pubKey:twisted.conch.ssh.keys.Keythe key in the credentials (just to prevent it from having to be calculated again)
credentials:ISSHPrivateKey providerthe credentials offered by the user
Returns
bytesThe user's username, if authentication was successful
Raises
UnauthorizedLoginIf the key signature is invalid or there was any error verifying the signature.
_keydb = (source)

Undocumented