class twisted.conch.checkers.SSHPublicKeyChecker: (source)
Implements interfaces: twisted.cred.checkers.ICredentialsChecker
Checker that authenticates SSH public keys, based on public keys listed in authorized_keys and authorized_keys2 files in user .ssh/ directories.
Initializing this checker with a UNIXAuthorizedKeysFiles should be used instead of twisted.conch.checkers.SSHPublicKeyDatabase.
| Present Since | 15.0 | |
| Class Variable | credentialInterfaces | A list of sub-interfaces of ICredentials which specifies which I may check. |
| Method | __init__ | Initializes a SSHPublicKeyChecker. |
| Method | requestAvatarId | Validate credentials and produce an avatar ID. |
| Instance Variable | _keydb | Undocumented |
| Method | _sanityCheckKey | Checks whether the provided credentials are a valid SSH key with a signature (does not actually verify the signature). |
| Method | _checkKey | Checks the public key against all authorized keys (if any) for the user. |
| Method | _verifyKey | Checks whether the credentials themselves are valid, now that we know if the key matches the user. |
A list of sub-interfaces of ICredentials which specifies which I may check.
Initializes a SSHPublicKeyChecker.
| Parameters | keydb | a provider of IAuthorizedKeysDB (type: IAuthorizedKeysDB provider) |
Validate credentials and produce an avatar ID.
| Parameters | credentials | something which implements one of the interfaces in credentialInterfaces. |
| Returns | a Deferred which will fire with a bytes that identifies an avatar, an empty tuple to specify an authenticated anonymous user (provided as twisted.cred.checkers.ANONYMOUS) or fail with UnauthorizedLogin. Alternatively, return the result itself. | |
| See Also | twisted.cred.credentials | |
Checks whether the provided credentials are a valid SSH key with a signature (does not actually verify the signature).
| Parameters | credentials | the credentials offered by the user (type: ISSHPrivateKey provider) |
| Returns | the key in the credentials (type: twisted.conch.ssh.keys.Key) | |
| Raises | ValidPublicKey | the credentials do not include a signature. See error.ValidPublicKey for more information. |
| BadKeyError | The key included with the credentials is not recognized as a key. | |
Checks the public key against all authorized keys (if any) for the user.
| Parameters | pubKey | the key in the credentials (just to prevent it from having to be calculated again) (type: ) |
| credentials | the credentials offered by the user (type: ISSHPrivateKey provider) | |
| Returns | pubKey if the key is authorized (type: twisted.conch.ssh.keys.Key) | |
| Raises | UnauthorizedLogin | If the key is not authorized, or if there was any error obtaining a list of authorized keys for the user. |
Checks whether the credentials themselves are valid, now that we know if the key matches the user.
| Parameters | pubKey | the key in the credentials (just to prevent it from having to be calculated again) (type: twisted.conch.ssh.keys.Key) |
| credentials | the credentials offered by the user (type: ISSHPrivateKey provider) | |
| Returns | The user's username, if authentication was successful (type: bytes) | |
| Raises | UnauthorizedLogin | If the key signature is invalid or there was any error verifying the signature. |