class twisted.conch.checkers.SSHPublicKeyChecker: (source)
Implements interfaces: twisted.cred.checkers.ICredentialsChecker
Checker that authenticates SSH public keys, based on public keys listed in authorized_keys and authorized_keys2 files in user .ssh/ directories.
Initializing this checker with a UNIXAuthorizedKeysFiles
should be used instead of twisted.conch.checkers.SSHPublicKeyDatabase
.
Present Since | 15.0 |
Class Variable | credentialInterfaces | A list of sub-interfaces of ICredentials which specifies which I may check. |
Method | __init__ | Initializes a SSHPublicKeyChecker . |
Method | requestAvatarId | Validate credentials and produce an avatar ID. |
Instance Variable | _keydb | Undocumented |
Method | _sanityCheckKey | Checks whether the provided credentials are a valid SSH key with a signature (does not actually verify the signature). |
Method | _checkKey | Checks the public key against all authorized keys (if any) for the user. |
Method | _verifyKey | Checks whether the credentials themselves are valid, now that we know if the key matches the user. |
A list of sub-interfaces of ICredentials
which specifies which I may check.
Initializes a SSHPublicKeyChecker
.
Parameters | keydb | a provider of IAuthorizedKeysDB (type: IAuthorizedKeysDB provider) |
Validate credentials and produce an avatar ID.
Parameters | credentials | something which implements one of the interfaces in credentialInterfaces . |
Returns | a Deferred which will fire with a bytes that identifies an avatar, an empty tuple to specify an authenticated anonymous user (provided as twisted.cred.checkers.ANONYMOUS ) or fail with UnauthorizedLogin . Alternatively, return the result itself. | |
See Also | twisted.cred.credentials |
Checks whether the provided credentials are a valid SSH key with a signature (does not actually verify the signature).
Parameters | credentials | the credentials offered by the user (type: ISSHPrivateKey provider) |
Returns | the key in the credentials (type: twisted.conch.ssh.keys.Key ) | |
Raises | ValidPublicKey | the credentials do not include a signature. See error.ValidPublicKey for more information. |
BadKeyError | The key included with the credentials is not recognized as a key. |
Checks the public key against all authorized keys (if any) for the user.
Parameters | pubKey | the key in the credentials (just to prevent it from having to be calculated again) (type: ) |
credentials | the credentials offered by the user (type: ISSHPrivateKey provider) | |
Returns | pubKey if the key is authorized (type: twisted.conch.ssh.keys.Key ) | |
Raises | UnauthorizedLogin | If the key is not authorized, or if there was any error obtaining a list of authorized keys for the user. |
Checks whether the credentials themselves are valid, now that we know if the key matches the user.
Parameters | pubKey | the key in the credentials (just to prevent it from having to be calculated again) (type: twisted.conch.ssh.keys.Key ) |
credentials | the credentials offered by the user (type: ISSHPrivateKey provider) | |
Returns | The user's username, if authentication was successful (type: bytes ) | |
Raises | UnauthorizedLogin | If the key signature is invalid or there was any error verifying the signature. |