class documentation

class twisted.conch.ssh.userauth.SSHUserAuthClient(service.SSHService): (source)

Known subclasses: twisted.conch.client.default.SSHUserAuthClient, twisted.conch.endpoints._UserAuth, twisted.conch.scripts.tkconch.SSHUserAuthClient

View In Hierarchy

A service implementing the client side of 'ssh-userauth'.

This service will try all authentication methods provided by the server, making callbacks for more information when necessary.

Instance Variable name the name of this service: 'ssh-userauth'
Instance Variable preferredOrder a list of authentication methods that should be used first, in order of preference, if supported by the server
Instance Variable user the name of the user to authenticate as
Instance Variable instance the service to start after authentication has finished
Instance Variable authenticatedWith a list of strings of authentication methods we've tried
Instance Variable triedPublicKeys a list of public key objects that we've tried to authenticate with
Instance Variable lastPublicKey the last public key object we've tried to authenticate with
Method __init__ Undocumented
Method serviceStarted called when the service is active on the transport.
Method askForAuth Send a MSG_USERAUTH_REQUEST.
Instance Variable lastAuth Undocumented
Method tryAuth Dispatch to an authentication method.
Method ssh_USERAUTH_SUCCESS We received a MSG_USERAUTH_SUCCESS. The server has accepted our authentication, so start the next service.
Method ssh_USERAUTH_FAILURE We received a MSG_USERAUTH_FAILURE. Payload:: string methods byte partial success
Method ssh_USERAUTH_PK_OK This message (number 60) can mean several different messages depending on the current authentication type. We dispatch to individual methods in order to handle this request.
Method ssh_USERAUTH_PK_OK_publickey This is MSG_USERAUTH_PK. Our public key is valid, so we create a signature and try to authenticate with it.
Method ssh_USERAUTH_PK_OK_password This is MSG_USERAUTH_PASSWD_CHANGEREQ. The password given has expired. We ask for an old password and a new password, then send both back to the server.
Method ssh_USERAUTH_PK_OK_keyboard_interactive This is MSG_USERAUTH_INFO_RESPONSE. The server has sent us the questions it wants us to answer, so we ask the user and sent the responses.
Method auth_publickey Try to authenticate with a public key. Ask the user for a public key; if the user has one, send the request to the server and return True. Otherwise, return False.
Method auth_password Try to authenticate with a password. Ask the user for a password. If the user will return a password, return True. Otherwise, return False.
Method auth_keyboard_interactive Try to authenticate with keyboard-interactive authentication. Send the request to the server and return True.
Method signData Sign the given data with the given public key.
Method getPublicKey Return a public key for the user. If no more public keys are available, return None.
Method getPrivateKey Return a Deferred that will be called back with the private key object corresponding to the last public key from getPublicKey(). If the private key is not available, errback on the Deferred.
Method getPassword Return a Deferred that will be called back with a password. prompt is a string to display for the password, or None for a generic 'user@hostname's password: '.
Method getGenericAnswers Returns a Deferred with the responses to the promopts.
Method _ebAuth Generic callback for a failed authentication attempt. Respond by asking for the list of accepted methods (the 'none' method)
Method _cbUserauthFailure Undocumented
Instance Variable _oldPass Undocumented
Instance Variable _newPass Undocumented
Method _cbSignedData Called back out of self.signData with the signed data. Send the authentication request with the signature.
Method _setOldPass Called back when we are choosing a new password. Simply store the old password for now.
Method _setNewPass Called back when we are choosing a new password. Get the old password and send the authentication message with both.
Method _cbGenericAnswers Called back when we are finished answering keyboard-interactive questions. Send the info back to the server in a MSG_USERAUTH_INFO_RESPONSE.
Method _cbGetPublicKey Undocumented
Method _cbPassword Called back when the user gives a password. Send the request to the server.
Method _cbSignData Called back when the private key is returned. Sign the data and return the signature.

Inherited from SSHService:

Class Variable protocolMessages Undocumented
Class Variable transport Undocumented
Method serviceStopped called when the service is stopped, either by the connection ending or by another service being started
Method logPrefix Undocumented
Method packetReceived called when we receive a packet on the transport
Class Variable _log Undocumented
name = (source)
the name of this service: 'ssh-userauth'
(type: str)
preferredOrder = (source)
a list of authentication methods that should be used first, in order of preference, if supported by the server
(type: list)
user = (source)
the name of the user to authenticate as
(type: bytes)
instance = (source)
the service to start after authentication has finished
(type: service.SSHService)
authenticatedWith = (source)
a list of strings of authentication methods we've tried
(type: list of bytes)
triedPublicKeys = (source)
a list of public key objects that we've tried to authenticate with
(type: list of Key)
lastPublicKey = (source)
the last public key object we've tried to authenticate with
(type: Key)
def __init__(self, user, instance): (source)
def serviceStarted(self): (source)

called when the service is active on the transport.

def askForAuth(self, kind, extraData): (source)

Send a MSG_USERAUTH_REQUEST.

Parameterskindthe authentication method to try. (type: bytes)
extraDatamethod-specific data to go in the packet (type: bytes)
lastAuth = (source)

Undocumented

def tryAuth(self, kind): (source)

Dispatch to an authentication method.

Parameterskindthe authentication method (type: bytes)
def _ebAuth(self, ignored, *args): (source)

Generic callback for a failed authentication attempt. Respond by asking for the list of accepted methods (the 'none' method)

def ssh_USERAUTH_SUCCESS(self, packet): (source)

We received a MSG_USERAUTH_SUCCESS. The server has accepted our authentication, so start the next service.

def ssh_USERAUTH_FAILURE(self, packet): (source)

We received a MSG_USERAUTH_FAILURE. Payload:

    string methods
    byte partial success

If partial success is True, then the previous method succeeded but is not sufficient for authentication. methods is a comma-separated list of accepted authentication methods.

We sort the list of methods by their position in self.preferredOrder, removing methods that have already succeeded. We then call self.tryAuth with the most preferred method.

Parameterspacketthe MSG_USERAUTH_FAILURE payload. (type: bytes)
Returnsa defer.Deferred that will be callbacked with None as soon as all authentication methods have been tried, or None if no more authentication methods are available. (type: defer.Deferred or None)
def _cbUserauthFailure(self, result, iterator): (source)

Undocumented

def ssh_USERAUTH_PK_OK(self, packet): (source)

This message (number 60) can mean several different messages depending on the current authentication type. We dispatch to individual methods in order to handle this request.

def ssh_USERAUTH_PK_OK_publickey(self, packet): (source)

This is MSG_USERAUTH_PK. Our public key is valid, so we create a signature and try to authenticate with it.

def ssh_USERAUTH_PK_OK_password(self, packet): (source)

This is MSG_USERAUTH_PASSWD_CHANGEREQ. The password given has expired. We ask for an old password and a new password, then send both back to the server.

_oldPass = (source)

Undocumented

_newPass = (source)

Undocumented

def ssh_USERAUTH_PK_OK_keyboard_interactive(self, packet): (source)

This is MSG_USERAUTH_INFO_RESPONSE. The server has sent us the questions it wants us to answer, so we ask the user and sent the responses.

def _cbSignedData(self, signedData): (source)

Called back out of self.signData with the signed data. Send the authentication request with the signature.

ParameterssignedDatathe data signed by the user's private key. (type: bytes)
def _setOldPass(self, op): (source)

Called back when we are choosing a new password. Simply store the old password for now.

Parametersopthe old password as entered by the user (type: bytes)
def _setNewPass(self, np): (source)

Called back when we are choosing a new password. Get the old password and send the authentication message with both.

Parametersnpthe new password as entered by the user (type: bytes)
def _cbGenericAnswers(self, responses): (source)

Called back when we are finished answering keyboard-interactive questions. Send the info back to the server in a MSG_USERAUTH_INFO_RESPONSE.

Parametersresponsesa list of bytes responses (type: list)
def auth_publickey(self): (source)

Try to authenticate with a public key. Ask the user for a public key; if the user has one, send the request to the server and return True. Otherwise, return False.

ReturnsUndocumented (type: bool)
def _cbGetPublicKey(self, publicKey): (source)

Undocumented

def auth_password(self): (source)

Try to authenticate with a password. Ask the user for a password. If the user will return a password, return True. Otherwise, return False.

ReturnsUndocumented (type: bool)
def auth_keyboard_interactive(self): (source)

Try to authenticate with keyboard-interactive authentication. Send the request to the server and return True.

ReturnsUndocumented (type: bool)
def _cbPassword(self, password): (source)

Called back when the user gives a password. Send the request to the server.

Parameterspasswordthe password the user entered (type: bytes)
def signData(self, publicKey, signData): (source)

Sign the given data with the given public key.

By default, this will call getPrivateKey to get the private key, then sign the data using Key.sign().

This method is factored out so that it can be overridden to use alternate methods, such as a key agent.

ParameterspublicKeyThe public key object returned from getPublicKey (type: keys.Key)
signDatathe data to be signed by the private key. (type: bytes)
Returnsa Deferred that's called back with the signature (type: defer.Deferred)
def _cbSignData(self, privateKey, signData): (source)

Called back when the private key is returned. Sign the data and return the signature.

ParametersprivateKeythe private key object (type: keys.Key)
signDatathe data to be signed by the private key. (type: bytes)
Returnsthe signature (type: bytes)
def getPublicKey(self): (source)

Return a public key for the user. If no more public keys are available, return None.

This implementation always returns None. Override it in a subclass to actually find and return a public key object.

ReturnsUndocumented (type: Key or None)
def getPrivateKey(self): (source)

Return a Deferred that will be called back with the private key object corresponding to the last public key from getPublicKey(). If the private key is not available, errback on the Deferred.

ReturnsUndocumented (type: Deferred called back with Key)
def getPassword(self, prompt=None): (source)

Return a Deferred that will be called back with a password. prompt is a string to display for the password, or None for a generic 'user@hostname's password: '.

ParameterspromptUndocumented (type: bytes/None)
ReturnsUndocumented (type: defer.Deferred)
def getGenericAnswers(self, name, instruction, prompts): (source)

Returns a Deferred with the responses to the promopts.

ParametersnameThe name of the authentication currently in progress.
instructionDescribes what the authentication wants.
promptsA list of (prompt, echo) pairs, where prompt is a string to display and echo is a boolean indicating whether the user's response should be echoed as they type it.
API Documentation for Twisted, generated by pydoctor 20.12.1 at 2021-02-28 19:53:36.