twisted.conch.ssh.transport.SSHServerTransport(SSHTransportBase) class documentationtwisted.conch.ssh.transport
View Source
(View In Hierarchy)
SSHServerTransport implements the server side of the SSH protocol.
| Instance Variable | isClient | since we are never the client, this is always False. |
| Instance Variable | ignoreNextPacket | if True, ignore the next key exchange packet. This is set when the client sends a guessed key exchange packet but with an incorrect guess. |
| Instance Variable | dhGexRequest | the KEX_DH_GEX_REQUEST(_OLD) that the client sent. The key generation needs this to be stored. |
| Instance Variable | g | the Diffie-Hellman group generator. |
| Instance Variable | p | the Diffie-Hellman group prime. |
| Method | ssh_KEXINIT | No summary |
| Method | ssh_KEX_DH_GEX_REQUEST_OLD | No summary |
| Method | ssh_KEX_DH_GEX_REQUEST | No summary |
| Method | ssh_KEX_DH_GEX_INIT | Called when we get a MSG_KEX_DH_GEX_INIT message. Payload:: integer e (client DH public key) |
| Method | ssh_NEWKEYS | Called when we get a MSG_NEWKEYS message. No payload. When we get this, the keys have been set on both sides, and we start using them to encrypt and authenticate the connection. |
| Method | ssh_SERVICE_REQUEST | Called when we get a MSG_SERVICE_REQUEST message. Payload:: string serviceName |
| Method | _ssh_KEX_ECDH_INIT | Called from ssh_KEX_DH_GEX_REQUEST_OLD
to handle elliptic curve key exchanges. |
| Method | _ssh_KEXDH_INIT | Called to handle the beginning of a non-group key exchange. |
Inherited from BaseProtocol (via SSHTransportBase, Protocol):
| Method | makeConnection | Make a connection to a transport and a server. |
Inherited from BaseProtocol (via SSHTransportBase, Protocol):
| Method | makeConnection | Make a connection to a transport and a server. |
Inherited from BaseProtocol (via SSHTransportBase, Protocol):
| Method | makeConnection | Make a connection to a transport and a server. |
Called when we receive a MSG_KEXINIT message. For a description of the packet, see SSHTransportBase.ssh_KEXINIT(). Additionally, this method checks if a guessed key exchange packet was sent. If it was sent, and it guessed incorrectly, the next key exchange packet MUST be ignored.
Called from ssh_KEX_DH_GEX_REQUEST_OLD
to handle elliptic curve key exchanges.
Payload:
string client Elliptic Curve Diffie-Hellman public key
Just like _ssh_KEXDH_INIT
this message type is also not dispatched directly. Extra check to determine
if this is really KEX_ECDH_INIT is required.
First we load the host's public/private keys. Then we generate the ECDH public/private keypair for the given curve. With that we generate the shared secret key. Then we compute the hash to sign and send back to the client Along with the server's public key and the ECDH public key.
| Parameters | packet | The message data. (type: bytes) |
| Returns | None. | |
Called to handle the beginning of a non-group key exchange.
Unlike other message types, this is not dispatched automatically. It is
called from ssh_KEX_DH_GEX_REQUEST_OLD because an extra check
is required to determine if this is really a KEXDH_INIT message or if it is
a KEX_DH_GEX_REQUEST_OLD message.
The KEXDH_INIT payload:
integer e (the client's Diffie-Hellman public key)
We send the KEXDH_REPLY with our host key and signature.
| Parameters | packet | The message data. (type: bytes) |
This represents different key exchange methods that share the same
integer value. If the message is determined to be a KEXDH_INIT, _ssh_KEXDH_INIT
is called to handle it. If it is a KEX_ECDH_INIT, _ssh_KEX_ECDH_INIT
is called. Otherwise, for KEX_DH_GEX_REQUEST_OLD payload:
integer ideal (ideal size for the Diffie-Hellman prime)
We send the KEX_DH_GEX_GROUP message with the group that is
closest in size to ideal.
If we were told to ignore the next key exchange packet by ssh_KEXINIT, drop it on the floor and return.
| Parameters | packet | The message data. (type: bytes) |
Called when we receive a MSG_KEX_DH_GEX_REQUEST message. Payload:
integer minimum integer ideal integer maximum
The client is asking for a Diffie-Hellman group between minimum and maximum size, and close to ideal if possible. We reply with a MSG_KEX_DH_GEX_GROUP message.
If we were told to ignore the next key exchange packet by ssh_KEXINIT, drop it on the floor and return.
| Parameters | packet | The message data. (type: bytes) |
Called when we get a MSG_KEX_DH_GEX_INIT message. Payload:
integer e (client DH public key)
We send the MSG_KEX_DH_GEX_REPLY message with our host key and signature.
| Parameters | packet | The message data. (type: bytes) |
Called when we get a MSG_NEWKEYS message. No payload. When we get this, the keys have been set on both sides, and we start using them to encrypt and authenticate the connection.
| Parameters | packet | The message data. (type: bytes) |
Called when we get a MSG_SERVICE_REQUEST message. Payload:
string serviceName
The client has requested a service. If we can start the service, start it; otherwise, disconnect with DISCONNECT_SERVICE_NOT_AVAILABLE.
| Parameters | packet | The message data. (type: bytes) |