twisted.conch.checkers.SSHPublicKeyChecker(object)
class documentationtwisted.conch.checkers
View Source
(View In Hierarchy)
Implements interfaces: twisted.cred.checkers.ICredentialsChecker
Checker that authenticates SSH public keys, based on public keys listed in authorized_keys and authorized_keys2 files in user .ssh/ directories.
Initializing this checker with a UNIXAuthorizedKeysFiles
should be used instead of twisted.conch.checkers.SSHPublicKeyDatabase
.
Present Since | 15.0 |
Method | __init__ | Initializes a SSHPublicKeyChecker . |
Method | requestAvatarId | |
Method | _sanityCheckKey | Checks whether the provided credentials are a valid SSH key with a signature (does not actually verify the signature). |
Method | _checkKey | Checks the public key against all authorized keys (if any) for the user. |
Method | _verifyKey | Checks whether the credentials themselves are valid, now that we know if the key matches the user. |
Initializes a SSHPublicKeyChecker
.
Parameters | keydb | a provider of IAuthorizedKeysDB (type: IAuthorizedKeysDB
provider) |
Parameters | credentials | something which implements one of the interfaces in self.credentialInterfaces. |
Returns | a Deferred which will fire a string which identifies an avatar, an empty tuple to specify an authenticated anonymous user (provided as checkers.ANONYMOUS) or fire a Failure(UnauthorizedLogin). Alternatively, return the result itself. | |
See Also | twisted.cred.credentials |
Checks whether the provided credentials are a valid SSH key with a signature (does not actually verify the signature).
Parameters | credentials | the credentials offered by the user (type: ISSHPrivateKey
provider) |
Returns | the key in the credentials (type: twisted.conch.ssh.keys.Key ) | |
Raises | ValidPublicKey | the credentials do not include a signature. See error.ValidPublicKey
for more information. |
BadKeyError | The key included with the credentials is not recognized as a key. |
Checks the public key against all authorized keys (if any) for the user.
Parameters | pubKey | the key in the credentials (just to prevent it from having to be calculated again) (type: ) |
credentials | the credentials offered by the user (type: ISSHPrivateKey
provider) | |
Returns | pubKey if the key is authorized (type: twisted.conch.ssh.keys.Key ) | |
Raises | UnauthorizedLogin | If the key is not authorized, or if there was any error obtaining a list of authorized keys for the user. |
Checks whether the credentials themselves are valid, now that we know if the key matches the user.
Parameters | pubKey | the key in the credentials (just to prevent it from having to be calculated
again) (type: twisted.conch.ssh.keys.Key ) |
credentials | the credentials offered by the user (type: ISSHPrivateKey
provider) | |
Returns | The user's username, if authentication was successful (type: bytes ) | |
Raises | UnauthorizedLogin | If the key signature is invalid or there was any error verifying the signature. |