twisted.conch.ssh.userauth.SSHUserAuthClient(service.SSHService)
class documentationtwisted.conch.ssh.userauth
View Source
(View In Hierarchy)
Known subclasses: twisted.conch.client.default.SSHUserAuthClient, twisted.conch.endpoints._UserAuth, twisted.conch.scripts.tkconch.SSHUserAuthClient
A service implementing the client side of 'ssh-userauth'.
This service will try all authentication methods provided by the server, making callbacks for more information when necessary.
Instance Variable | name | the name of this service: 'ssh-userauth' (type: str ) |
Instance Variable | preferredOrder | a list of authentication methods that should be used first, in order of
preference, if supported by the server (type: list ) |
Instance Variable | user | the name of the user to authenticate as (type: bytes ) |
Instance Variable | instance | the service to start after authentication has finished (type: service.SSHService ) |
Instance Variable | authenticatedWith | a list of strings of authentication methods we've tried (type: list of bytes ) |
Instance Variable | triedPublicKeys | a list of public key objects that we've tried to authenticate with (type: list of Key ) |
Instance Variable | lastPublicKey | the last public key object we've tried to authenticate with (type: Key ) |
Method | __init__ | Undocumented |
Method | serviceStarted | called when the service is active on the transport. |
Method | askForAuth | Send a MSG_USERAUTH_REQUEST. |
Method | tryAuth | Dispatch to an authentication method. |
Method | ssh_USERAUTH_SUCCESS | We received a MSG_USERAUTH_SUCCESS. The server has accepted our authentication, so start the next service. |
Method | ssh_USERAUTH_FAILURE | We received a MSG_USERAUTH_FAILURE. Payload:: string methods byte partial success |
Method | ssh_USERAUTH_PK_OK | This message (number 60) can mean several different messages depending on the current authentication type. We dispatch to individual methods in order to handle this request. |
Method | ssh_USERAUTH_PK_OK_publickey | This is MSG_USERAUTH_PK. Our public key is valid, so we create a signature and try to authenticate with it. |
Method | ssh_USERAUTH_PK_OK_password | This is MSG_USERAUTH_PASSWD_CHANGEREQ. The password given has expired. We ask for an old password and a new password, then send both back to the server. |
Method | ssh_USERAUTH_PK_OK_keyboard_interactive | This is MSG_USERAUTH_INFO_RESPONSE. The server has sent us the questions it wants us to answer, so we ask the user and sent the responses. |
Method | auth_publickey | Try to authenticate with a public key. Ask the user for a public key; if the user has one, send the request to the server and return True. Otherwise, return False. |
Method | auth_password | Try to authenticate with a password. Ask the user for a password. If the user will return a password, return True. Otherwise, return False. |
Method | auth_keyboard_interactive | Try to authenticate with keyboard-interactive authentication. Send the request to the server and return True. |
Method | signData | Sign the given data with the given public key. |
Method | getPublicKey | Return a public key for the user. If no more public keys are available,
return None . |
Method | getPrivateKey | Return a Deferred that
will be called back with the private key object corresponding to the last
public key from getPublicKey(). If the private key is not available,
errback on the Deferred. |
Method | getPassword | Return a Deferred that
will be called back with a password. prompt is a string to display for the
password, or None for a generic 'user@hostname's password: '. |
Method | getGenericAnswers | Returns a Deferred with
the responses to the promopts. |
Method | _ebAuth | Generic callback for a failed authentication attempt. Respond by asking for the list of accepted methods (the 'none' method) |
Method | _cbUserauthFailure | Undocumented |
Method | _cbSignedData | Called back out of self.signData with the signed data. Send the authentication request with the signature. |
Method | _setOldPass | Called back when we are choosing a new password. Simply store the old password for now. |
Method | _setNewPass | Called back when we are choosing a new password. Get the old password and send the authentication message with both. |
Method | _cbGenericAnswers | Called back when we are finished answering keyboard-interactive questions. Send the info back to the server in a MSG_USERAUTH_INFO_RESPONSE. |
Method | _cbGetPublicKey | Undocumented |
Method | _cbPassword | Called back when the user gives a password. Send the request to the server. |
Method | _cbSignData | Called back when the private key is returned. Sign the data and return the signature. |
Inherited from SSHService:
Method | serviceStopped | called when the service is stopped, either by the connection ending or by another service being started |
Method | logPrefix | Override this method to insert custom logging behavior. Its return value will be inserted in front of every line. It may be called more times than the number of output lines. |
Method | packetReceived | called when we receive a packet on the transport |
list
)
list
of Key
)
called when the service is active on the transport.
Send a MSG_USERAUTH_REQUEST.
Parameters | kind | the authentication method to try. (type: bytes ) |
extraData | method-specific data to go in the packet (type: bytes ) |
Dispatch to an authentication method.
Parameters | kind | the authentication method (type: bytes ) |
Generic callback for a failed authentication attempt. Respond by asking for the list of accepted methods (the 'none' method)
We received a MSG_USERAUTH_SUCCESS. The server has accepted our authentication, so start the next service.
We received a MSG_USERAUTH_FAILURE. Payload:
string methods byte partial success
If partial success is True
, then the previous method
succeeded but is not sufficient for authentication. methods
is
a comma-separated list of accepted authentication methods.
We sort the list of methods by their position in
self.preferredOrder
, removing methods that have already
succeeded. We then call self.tryAuth
with the most preferred
method.
Parameters | packet | the MSG_USERAUTH_FAILURE payload. (type: bytes ) |
Returns | a defer.Deferred
that will be callbacked with None as soon as all
authentication methods have been tried, or None if no more
authentication methods are available. (type: defer.Deferred or None ) |
This message (number 60) can mean several different messages depending on the current authentication type. We dispatch to individual methods in order to handle this request.
This is MSG_USERAUTH_PK. Our public key is valid, so we create a signature and try to authenticate with it.
This is MSG_USERAUTH_PASSWD_CHANGEREQ. The password given has expired. We ask for an old password and a new password, then send both back to the server.
This is MSG_USERAUTH_INFO_RESPONSE. The server has sent us the questions it wants us to answer, so we ask the user and sent the responses.
Called back out of self.signData with the signed data. Send the authentication request with the signature.
Parameters | signedData | the data signed by the user's private key. (type: bytes ) |
Called back when we are choosing a new password. Simply store the old password for now.
Parameters | op | the old password as entered by the user (type: bytes ) |
Called back when we are choosing a new password. Get the old password and send the authentication message with both.
Parameters | np | the new password as entered by the user (type: bytes ) |
Called back when we are finished answering keyboard-interactive questions. Send the info back to the server in a MSG_USERAUTH_INFO_RESPONSE.
Parameters | responses | a list of bytes responses (type: list ) |
Try to authenticate with a public key. Ask the user for a public key; if the user has one, send the request to the server and return True. Otherwise, return False.
Returns | (type: bool ) |
Try to authenticate with a password. Ask the user for a password. If the user will return a password, return True. Otherwise, return False.
Returns | (type: bool ) |
Try to authenticate with keyboard-interactive authentication. Send the request to the server and return True.
Returns | (type: bool ) |
Called back when the user gives a password. Send the request to the server.
Parameters | password | the password the user entered (type: bytes ) |
Sign the given data with the given public key.
By default, this will call getPrivateKey to get the private key, then sign the data using Key.sign().
This method is factored out so that it can be overridden to use alternate methods, such as a key agent.
Parameters | publicKey | The public key object returned from getPublicKey (type: keys.Key ) |
signData | the data to be signed by the private key. (type: bytes ) | |
Returns | a Deferred that's called back with the signature (type: defer.Deferred ) |
Called back when the private key is returned. Sign the data and return the signature.
Parameters | privateKey | the private key object |
signData | the data to be signed by the private key. (type: bytes ) | |
Returns | the signature (type: bytes ) |
Return a public key for the user. If no more public keys are available,
return None
.
This implementation always returns None
. Override it in a
subclass to actually find and return a public key object.
Returns | (type: Key or
NoneType ) |
Return a Deferred
that
will be called back with a password. prompt is a string to display for the
password, or None for a generic 'user@hostname's password: '.
Returns | (type: defer.Deferred ) |
Returns a Deferred
with
the responses to the promopts.
Parameters | name | The name of the authentication currently in progress. |
instruction | Describes what the authentication wants. | |
prompts | A list of (prompt, echo) pairs, where prompt is a string to display and echo is a boolean indicating whether the user's response should be echoed as they type it. |