t.c.s.u.SSHUserAuthServer(service.SSHService) : class documentation

Part of twisted.conch.ssh.userauth View Source View In Hierarchy

A service implementing the server side of the 'ssh-userauth' service. It is used to authenticate the user on the other side as being able to access this server.
Instance Variable name the name of this service: 'ssh-userauth' (type: str)
Instance Variable authenticatedWith a list of authentication methods that have already been used. (type: list)
Instance Variable loginTimeout the number of seconds we wait before disconnecting the user for taking too long to authenticate (type: int)
Instance Variable attemptsBeforeDisconnect the number of failed login attempts we allow before disconnecting. (type: int)
Instance Variable loginAttempts the number of login attempts that have been made (type: int)
Instance Variable passwordDelay the number of seconds to delay when the user gives an incorrect password (type: int)
Instance Variable interfaceToMethod a dict mapping credential interfaces to authentication methods. The server checks to see which of the cred interfaces have checkers and tells the client that those methods are valid for authentication. (type: dict)
Instance Variable supportedAuthentications A list of the supported authentication methods. (type: list of str)
Instance Variable user the last username the client tried to authenticate with (type: str)
Instance Variable method the current authentication method (type: str)
Instance Variable nextService the service the user wants started after authentication has been completed. (type: str)
Instance Variable portal the twisted.cred.portal.Portal we are using for authentication (type: twisted.cred.portal.Portal)
Instance Variable clock an object with a callLater method. Stubbed out for testing.
Method serviceStarted No summary
Method serviceStopped Called when the userauth service is stopped. Cancel the login timeout if it's still going.
Method timeoutAuthentication Called when the user has timed out on authentication. Disconnect with a DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE message.
Method tryAuth Try to authenticate the user with the given method. Dispatches to a auth_* method.
Method ssh_USERAUTH_REQUEST No summary
Method auth_publickey No summary
Method auth_password Password authentication. Payload:: string password
Method auth_keyboard_interactive Keyboard interactive authentication. No payload. We create a PluggableAuthenticationModules credential and authenticate with our portal.
Method ssh_USERAUTH_INFO_RESPONSE No summary
Method _cbFinishedAuth The callback when user has successfully been authenticated. For a description of the arguments, see twisted.cred.portal.Portal.login. We start the service requested by the user.
Method _ebMaybeBadAuth An intermediate errback. If the reason is error.NotEnoughAuthentication, we send a MSG_USERAUTH_FAILURE, but with the partial success indicator set.
Method _ebBadAuth No summary
Method _ebCheckKey Called back if the user did not sent a signature. If reason is error.ValidPublicKey then this key is valid for the user to authenticate with. Send MSG_USERAUTH_PK_OK.
Method _ebPassword If the password is invalid, wait before sending the failure in order to delay brute-force password guessing.
Method _pamConv Convert a list of PAM authentication questions into a MSG_USERAUTH_INFO_REQUEST. Returns a Deferred that will be called back when the user has responses to the questions.

Inherited from SSHService:

Method logPrefix Override this method to insert custom logging behavior. Its return value will be inserted in front of every line. It may be called more times than the number of output lines.
Method packetReceived called when we receive a packet on the transport
name =
the name of this service: 'ssh-userauth' (type: str)
authenticatedWith =
a list of authentication methods that have already been used. (type: list)
loginTimeout =
the number of seconds we wait before disconnecting the user for taking too long to authenticate (type: int)
attemptsBeforeDisconnect =
the number of failed login attempts we allow before disconnecting. (type: int)
loginAttempts =
the number of login attempts that have been made (type: int)
passwordDelay =
the number of seconds to delay when the user gives an incorrect password (type: int)
interfaceToMethod =
a dict mapping credential interfaces to authentication methods. The server checks to see which of the cred interfaces have checkers and tells the client that those methods are valid for authentication. (type: dict)
supportedAuthentications =
A list of the supported authentication methods. (type: list of str)
user =
the last username the client tried to authenticate with (type: str)
method =
the current authentication method (type: str)
nextService =
the service the user wants started after authentication has been completed. (type: str)
portal =
the twisted.cred.portal.Portal we are using for authentication (type: twisted.cred.portal.Portal)
clock =
an object with a callLater method. Stubbed out for testing.
def serviceStarted(self): (source)
Called when the userauth service is started. Set up instance variables, check if we should allow password/keyboard-interactive authentication (only allow if the outgoing connection is encrypted) and set up a login timeout.
def serviceStopped(self): (source)
Called when the userauth service is stopped. Cancel the login timeout if it's still going.
def timeoutAuthentication(self): (source)
Called when the user has timed out on authentication. Disconnect with a DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE message.
def tryAuth(self, kind, user, data): (source)
Try to authenticate the user with the given method. Dispatches to a auth_* method.
Parameterskindthe authentication method to try. (type: str)
userthe username the client is authenticating with. (type: str)
dataauthentication specific data sent by the client. (type: str)
ReturnsA Deferred called back if the method succeeded, or erred back if it failed. (type: defer.Deferred)
def ssh_USERAUTH_REQUEST(self, packet): (source)

The client has requested authentication. Payload:

   string user
   string next service
   string method
   <authentication specific data>
def _cbFinishedAuth(self, (interface, avatar, logout)): (source)
The callback when user has successfully been authenticated. For a description of the arguments, see twisted.cred.portal.Portal.login. We start the service requested by the user.
def _ebMaybeBadAuth(self, reason): (source)
An intermediate errback. If the reason is error.NotEnoughAuthentication, we send a MSG_USERAUTH_FAILURE, but with the partial success indicator set.
def _ebBadAuth(self, reason): (source)
The final errback in the authentication chain. If the reason is error.IgnoreAuthentication, we simply return; the authentication method has sent its own response. Otherwise, send a failure message and (if the method is not 'none') increment the number of login attempts.
def auth_publickey(self, packet): (source)
Public key authentication. Payload:

   byte has signature
   string algorithm name
   string key blob
   [string signature] (if has signature is True)

Create a SSHPublicKey credential and verify it using our portal.

def _ebCheckKey(self, reason, packet): (source)
Called back if the user did not sent a signature. If reason is error.ValidPublicKey then this key is valid for the user to authenticate with. Send MSG_USERAUTH_PK_OK.
def auth_password(self, packet): (source)
Password authentication. Payload:

   string password

Make a UsernamePassword credential and verify it with our portal.

def _ebPassword(self, f): (source)
If the password is invalid, wait before sending the failure in order to delay brute-force password guessing.
def auth_keyboard_interactive(self, packet): (source)
Keyboard interactive authentication. No payload. We create a PluggableAuthenticationModules credential and authenticate with our portal.
def _pamConv(self, items): (source)
Convert a list of PAM authentication questions into a MSG_USERAUTH_INFO_REQUEST. Returns a Deferred that will be called back when the user has responses to the questions.
Parametersitemsa list of 2-tuples (message, kind). We only care about kinds 1 (password) and 2 (text). (type: list)
Returns (type: defer.Deferred)
def ssh_USERAUTH_INFO_RESPONSE(self, packet): (source)

The user has responded with answers to PAMs authentication questions. Parse the packet into a PAM response and callback self._pamDeferred. Payload:

   uint32 numer of responses
   string response 1
   ...
   string response n
API Documentation for Twisted, generated by pydoctor at 2015-01-30 14:14:53.