twisted.conch.ssh.userauth.SSHUserAuthClient

class documentation

class SSHUserAuthClient(service.SSHService): (source)

Known subclasses: twisted.conch.client.default.SSHUserAuthClient, twisted.conch.scripts.tkconch.SSHUserAuthClient, twisted.conch.endpoints._UserAuth

View In Hierarchy

A service implementing the client side of 'ssh-userauth'.

This service will try all authentication methods provided by the server, making callbacks for more information when necessary.

Method	`__init__`	Undocumented
Method	`askForAuth`	Send a MSG_USERAUTH_REQUEST.
Method	`auth_keyboard_interactive`	Try to authenticate with keyboard-interactive authentication. Send the request to the server and return True.
Method	`auth_password`	Try to authenticate with a password. Ask the user for a password. If the user will return a password, return True. Otherwise, return False.
Method	`auth_publickey`	Try to authenticate with a public key. Ask the user for a public key; if the user has one, send the request to the server and return True. Otherwise, return False.
Method	`getGenericAnswers`	Returns a `Deferred` with the responses to the promopts.
Method	`getPassword`	Return a `Deferred` that will be called back with a password. prompt is a string to display for the password, or None for a generic 'user@hostname's password: '.
Method	`getPrivateKey`	Return a `Deferred` that will be called back with the private key object corresponding to the last public key from getPublicKey(). If the private key is not available, errback on the Deferred.
Method	`getPublicKey`	Return a public key for the user. If no more public keys are available, return `None`.
Method	`serviceStarted`	called when the service is active on the transport.
Method	`signData`	Sign the given data with the given public key.
Method	`ssh_USERAUTH_FAILURE`	We received a MSG_USERAUTH_FAILURE. Payload:: string methods byte partial success
Method	`ssh_USERAUTH_PK_OK`	This message (number 60) can mean several different messages depending on the current authentication type. We dispatch to individual methods in order to handle this request.
Method	`ssh_USERAUTH_PK_OK_keyboard_interactive`	This is MSG_USERAUTH_INFO_RESPONSE. The server has sent us the questions it wants us to answer, so we ask the user and sent the responses.
Method	`ssh_USERAUTH_PK_OK_password`	This is MSG_USERAUTH_PASSWD_CHANGEREQ. The password given has expired. We ask for an old password and a new password, then send both back to the server.
Method	`ssh_USERAUTH_PK_OK_publickey`	This is MSG_USERAUTH_PK. Our public key is valid, so we create a signature and try to authenticate with it.
Method	`ssh_USERAUTH_SUCCESS`	We received a MSG_USERAUTH_SUCCESS. The server has accepted our authentication, so start the next service.
Method	`tryAuth`	Dispatch to an authentication method.
Instance Variable	`authenticatedWith`	a list of strings of authentication methods we've tried
Instance Variable	`instance`	the service to start after authentication has finished
Instance Variable	`lastAuth`	Undocumented
Instance Variable	`lastPublicKey`	the last public key object we've tried to authenticate with
Instance Variable	`name`	the name of this service: 'ssh-userauth'
Instance Variable	`preferredOrder`	a list of authentication methods that should be used first, in order of preference, if supported by the server
Instance Variable	`triedPublicKeys`	a list of public key objects that we've tried to authenticate with
Instance Variable	`user`	the name of the user to authenticate as
Method	`_cbGenericAnswers`	Called back when we are finished answering keyboard-interactive questions. Send the info back to the server in a MSG_USERAUTH_INFO_RESPONSE.
Method	`_cbGetPublicKey`	Undocumented
Method	`_cbPassword`	Called back when the user gives a password. Send the request to the server.
Method	`_cbSignData`	Called back when the private key is returned. Sign the data and return the signature.
Method	`_cbSignedData`	Called back out of self.signData with the signed data. Send the authentication request with the signature.
Method	`_cbUserauthFailure`	Undocumented
Method	`_ebAuth`	Generic callback for a failed authentication attempt. Respond by asking for the list of accepted methods (the 'none' method)
Method	`_setNewPass`	Called back when we are choosing a new password. Get the old password and send the authentication message with both.
Method	`_setOldPass`	Called back when we are choosing a new password. Simply store the old password for now.
Instance Variable	`_newPass`	Undocumented
Instance Variable	`_oldPass`	Undocumented

Inherited from SSHService:

Method	`logPrefix`	Undocumented
Method	`packetReceived`	called when we receive a packet on the transport
Method	`serviceStopped`	called when the service is stopped, either by the connection ending or by another service being started
Class Variable	`protocolMessages`	Undocumented
Class Variable	`transport`	Undocumented
Class Variable	`_log`	Undocumented

def __init__(self, user, instance): (source)

overridden in twisted.conch.client.default.SSHUserAuthClient

Undocumented

def askForAuth(self, kind, extraData): (source)

Send a MSG_USERAUTH_REQUEST.

Parameters
kind:`bytes`	the authentication method to try.
extraData:`bytes`	method-specific data to go in the packet

def auth_keyboard_interactive(self): (source)

Try to authenticate with keyboard-interactive authentication. Send the request to the server and return True.

Returns
`bool`	Undocumented

def auth_password(self): (source)

Try to authenticate with a password. Ask the user for a password. If the user will return a password, return True. Otherwise, return False.

Returns
`bool`	Undocumented

def auth_publickey(self): (source)

Try to authenticate with a public key. Ask the user for a public key; if the user has one, send the request to the server and return True. Otherwise, return False.

Returns
`bool`	Undocumented

def getGenericAnswers(self, name, instruction, prompts): (source)

overridden in twisted.conch.client.default.SSHUserAuthClient

Returns a Deferred with the responses to the promopts.

Parameters
name	The name of the authentication currently in progress.
instruction	Describes what the authentication wants.
prompts	A list of (prompt, echo) pairs, where prompt is a string to display and echo is a boolean indicating whether the user's response should be echoed as they type it.

def getPassword(self, prompt=None): (source)

overridden in twisted.conch.client.default.SSHUserAuthClient, twisted.conch.scripts.tkconch.SSHUserAuthClient, twisted.conch.endpoints._UserAuth

Return a Deferred that will be called back with a password. prompt is a string to display for the password, or None for a generic 'user@hostname's password: '.

Parameters
prompt:`bytes`/`None`	Undocumented
Returns
`defer.Deferred`	Undocumented

def getPrivateKey(self): (source)

overridden in twisted.conch.client.default.SSHUserAuthClient, twisted.conch.scripts.tkconch.SSHUserAuthClient, twisted.conch.endpoints._UserAuth

Return a Deferred that will be called back with the private key object corresponding to the last public key from getPublicKey(). If the private key is not available, errback on the Deferred.

Returns
`Deferred` called back with `Key`	Undocumented

def getPublicKey(self): (source)

overridden in twisted.conch.client.default.SSHUserAuthClient, twisted.conch.scripts.tkconch.SSHUserAuthClient, twisted.conch.endpoints._UserAuth

Return a public key for the user. If no more public keys are available, return None.

This implementation always returns None. Override it in a subclass to actually find and return a public key object.

Returns
`Key` or `None`	Undocumented

def serviceStarted(self): (source)

overrides twisted.conch.ssh.service.SSHService.serviceStarted

overridden in twisted.conch.client.default.SSHUserAuthClient

called when the service is active on the transport.

def signData(self, publicKey, signData): (source)

overridden in twisted.conch.client.default.SSHUserAuthClient, twisted.conch.endpoints._UserAuth

Sign the given data with the given public key.

By default, this will call getPrivateKey to get the private key, then sign the data using Key.sign().

This method is factored out so that it can be overridden to use alternate methods, such as a key agent.

Parameters
publicKey:`keys.Key`	The public key object returned from `getPublicKey`
signData:`bytes`	the data to be signed by the private key.
Returns
`defer.Deferred`	a Deferred that's called back with the signature

def ssh_USERAUTH_FAILURE(self, packet): (source)

We received a MSG_USERAUTH_FAILURE. Payload:

    string methods
    byte partial success

If partial success is True, then the previous method succeeded but is not sufficient for authentication. methods is a comma-separated list of accepted authentication methods.

We sort the list of methods by their position in self.preferredOrder, removing methods that have already succeeded. We then call self.tryAuth with the most preferred method.

Parameters
packet:`bytes`	the `MSG_USERAUTH_FAILURE` payload.
Returns
`defer.Deferred` or `None`	a `defer.Deferred` that will be callbacked with `None` as soon as all authentication methods have been tried, or `None` if no more authentication methods are available.

def ssh_USERAUTH_PK_OK(self, packet): (source)

This message (number 60) can mean several different messages depending on the current authentication type. We dispatch to individual methods in order to handle this request.

def ssh_USERAUTH_PK_OK_keyboard_interactive(self, packet): (source)

This is MSG_USERAUTH_INFO_RESPONSE. The server has sent us the questions it wants us to answer, so we ask the user and sent the responses.

def ssh_USERAUTH_PK_OK_password(self, packet): (source)

This is MSG_USERAUTH_PASSWD_CHANGEREQ. The password given has expired. We ask for an old password and a new password, then send both back to the server.

def ssh_USERAUTH_PK_OK_publickey(self, packet): (source)

This is MSG_USERAUTH_PK. Our public key is valid, so we create a signature and try to authenticate with it.

def ssh_USERAUTH_SUCCESS(self, packet): (source)

overridden in twisted.conch.endpoints._UserAuth

We received a MSG_USERAUTH_SUCCESS. The server has accepted our authentication, so start the next service.

def tryAuth(self, kind): (source)

Dispatch to an authentication method.

Parameters
kind:`bytes`	the authentication method

authenticatedWith: list of bytes = (source)

a list of strings of authentication methods we've tried

instance: service.SSHService = (source)

the service to start after authentication has finished

lastAuth = (source)

Undocumented

lastPublicKey: Key = (source)

the last public key object we've tried to authenticate with

name: str = (source)

overrides twisted.conch.ssh.service.SSHService.name

the name of this service: 'ssh-userauth'

preferredOrder: list = (source)

a list of authentication methods that should be used first, in order of preference, if supported by the server

triedPublicKeys: list of Key = (source)

a list of public key objects that we've tried to authenticate with

user: bytes = (source)

the name of the user to authenticate as

def _cbGenericAnswers(self, responses): (source)

Called back when we are finished answering keyboard-interactive questions. Send the info back to the server in a MSG_USERAUTH_INFO_RESPONSE.

Parameters
responses:`list`	a list of `bytes` responses

def _cbGetPublicKey(self, publicKey): (source)

Undocumented

def _cbPassword(self, password): (source)

Called back when the user gives a password. Send the request to the server.

Parameters
password:`bytes`	the password the user entered

def _cbSignData(self, privateKey, signData): (source)

Called back when the private key is returned. Sign the data and return the signature.

Parameters
privateKey:`keys.Key`	the private key object
signData:`bytes`	the data to be signed by the private key.
Returns
`bytes`	the signature

def _cbSignedData(self, signedData): (source)

Called back out of self.signData with the signed data. Send the authentication request with the signature.

Parameters
signedData:`bytes`	the data signed by the user's private key.

def _cbUserauthFailure(self, result, iterator): (source)

Undocumented

def _ebAuth(self, ignored, *args): (source)

Generic callback for a failed authentication attempt. Respond by asking for the list of accepted methods (the 'none' method)

def _setNewPass(self, np): (source)

Called back when we are choosing a new password. Get the old password and send the authentication message with both.

Parameters
np:`bytes`	the new password as entered by the user

def _setOldPass(self, op): (source)

Called back when we are choosing a new password. Simply store the old password for now.

Parameters
op:`bytes`	the old password as entered by the user

_newPass = (source)

Undocumented

_oldPass = (source)

Undocumented