Part of twisted.conch.ssh.userauth View Source View In Hierarchy
Known subclasses: twisted.conch.client.default.SSHUserAuthClient, twisted.conch.scripts.tkconch.SSHUserAuthClient
| Instance Variables | name | the name of this service: 'ssh-userauth'
(type: str
) |
| preferredOrder | a list of authentication methods we support, in order of preference. The
client will try authentication methods in this order, making callbacks for
information when necessary.
(type: list
) | |
| user | the name of the user to authenticate as
(type: str
) | |
| instance | the service to start after authentication has finished
(type: service.SSHService
) | |
| authenticatedWith | a list of strings of authentication methods we've tried
(type: list of str
) | |
| triedPublicKeys | a list of public key objects that we've tried to authenticate with
(type: list of Key
) | |
| lastPublicKey | the last public key object we've tried to authenticate with
(type: Key
) |
| Method | __init__ | Undocumented |
| Method | serviceStarted | called when the service is active on the transport. |
| Method | askForAuth | Send a MSG_USERAUTH_REQUEST. |
| Method | tryAuth | Dispatch to an authentication method. |
| Method | ssh_USERAUTH_SUCCESS | We received a MSG_USERAUTH_SUCCESS. The server has accepted our |
| Method | ssh_USERAUTH_FAILURE | We received a MSG_USERAUTH_FAILURE. Payload: |
| Method | ssh_USERAUTH_PK_OK | This message (number 60) can mean several different messages depending |
| Method | ssh_USERAUTH_PK_OK_publickey | This is MSG_USERAUTH_PK. Our public key is valid, so we create a |
| Method | ssh_USERAUTH_PK_OK_password | This is MSG_USERAUTH_PASSWD_CHANGEREQ. The password given has expired. |
| Method | ssh_USERAUTH_PK_OK_keyboard_interactive | This is MSG_USERAUTH_INFO_RESPONSE. The server has sent us the |
| Method | auth_publickey | Try to authenticate with a public key. Ask the user for a public key; |
| Method | auth_password | Try to authenticate with a password. Ask the user for a password. |
| Method | auth_keyboard_interactive | Try to authenticate with keyboard-interactive authentication. Send |
| Method | signData | Sign the given data with the given public key. |
| Method | getPublicKey | Return a public key for the user. If no more public keys are |
| Method | getPrivateKey | Return a Deferred that
will be called back with the private key |
| Method | getPassword | Return a Deferred that
will be called back with a password. |
| Method | getGenericAnswers | Returns a Deferred with
the responses to the promopts. |
| Method | _ebAuth | Generic callback for a failed authentication attempt. Respond by |
| Method | _cbUserauthFailure | Undocumented |
| Method | _cbSignedData | Called back out of self.signData with the signed data. Send the |
| Method | _setOldPass | Called back when we are choosing a new password. Simply store the old |
| Method | _setNewPass | Called back when we are choosing a new password. Get the old password |
| Method | _cbGenericAnswers | Called back when we are finished answering keyboard-interactive |
| Method | _cbGetPublicKey | Undocumented |
| Method | _cbPassword | Called back when the user gives a password. Send the request to the |
| Method | _cbSignData | Called back when the private key is returned. Sign the data and |
Inherited from SSHService:
| Method | serviceStopped | called when the service is stopped, either by the connection ending |
| Method | logPrefix | Override this method to insert custom logging behavior. Its |
| Method | packetReceived | called when we receive a packet on the transport |
| Parameters | kind | the authentication method to try.
(type: str
) |
| extraData | method-specific data to go in the packet
(type: str
) |
| Parameters | kind | the authentication method
(type: str
) |
string methods byte partial success
If partial success is True, then the previous method succeeded but is not sufficent for authentication. methods is a comma-separated list of accepted authentication methods.
We sort the list of methods by their position in self.preferredOrder, removing methods that have already succeeded. We then call self.tryAuth with the most preferred method,
| Parameters | signedData | the data signed by the user's private key.
(type: str
) |
| Parameters | op | the old password as entered by the user
(type: str
) |
| Parameters | np | the new password as entered by the user
(type: str
) |
| Parameters | responses | a list of str responses
(type: list
) |
| Returns | (type: bool
) | |
| Returns | (type: bool
) | |
| Returns | (type: bool
) | |
| Parameters | password | the password the user entered
(type: str
) |
By default, this will call getPrivateKey to get the private key, then sign the data using Key.sign().
This method is factored out so that it can be overridden to use alternate methods, such as a key agent.
| Parameters | publicKey | The public key object returned from getPublicKey
(type: keys.Key
) |
| signData | the data to be signed by the private key.
(type: str
) | |
| Returns | a Deferred that's called back with the signature
(type: defer.Deferred
) | |
| Parameters | privateKey | the private key object |
| publicKey | (type: keys.Key
) | |
| signData | the data to be signed by the private key.
(type: str
) | |
| Returns | the signature
(type: str
) | |
None.
This implementation always returns None. Override it in a
subclass to actually find and return a public key object.
| Returns | (type: Key or
NoneType
) | |
Deferred that
will be called back with a password. prompt is a string to display for the
password, or None for a generic 'user@hostname's password: '.| Parameters | prompt | (type: str/None
) |
| Returns | (type: defer.Deferred
) | |
Deferred with
the responses to the promopts.| Parameters | name | The name of the authentication currently in progress. |
| instruction | Describes what the authentication wants. | |
| prompts | A list of (prompt, echo) pairs, where prompt is a string to display and echo is a boolean indicating whether the user's response should be echoed as they type it. |