API docs for “twisted.conch.ssh.userauth.SSHUserAuthServer”

Class t.c.s.u.SSHUserAuthServer(service.SSHService):

A service implementing the server side of the 'ssh-userauth' service. It is used to authenticate the user on the other side as being able to access this server.

Instance Variables	name	the name of this service: 'ssh-userauth' (type: `str` )
	authenticatedWith	a list of authentication methods that have already been used. (type: `list` )
	loginTimeout	the number of seconds we wait before disconnecting the user for taking too long to authenticate (type: `int` )
	attemptsBeforeDisconnect	the number of failed login attempts we allow before disconnecting. (type: `int` )
	loginAttempts	the number of login attempts that have been made (type: `int` )
	passwordDelay	the number of seconds to delay when the user gives an incorrect password (type: `int` )
	interfaceToMethod	a `dict` mapping credential interfaces to authentication methods. The server checks to see which of the cred interfaces have checkers and tells the client that those methods are valid for authentication. (type: `dict` )
	supportedAuthentications	A list of the supported authentication methods. (type: `list` of `str` )
	user	the last username the client tried to authenticate with (type: `str` )
	method	the current authentication method (type: `str` )
	nextService	the service the user wants started after authentication has been completed. (type: `str` )
	portal	the `twisted.cred.portal.Portal` we are using for authentication (type: `twisted.cred.portal.Portal` )
	clock	an object with a callLater method. Stubbed out for testing.

Method	serviceStarted	Called when the userauth service is started. Set up instance
Method	serviceStopped	Called when the userauth service is stopped. Cancel the login timeout
Method	timeoutAuthentication	Called when the user has timed out on authentication. Disconnect
Method	tryAuth	Try to authenticate the user with the given method. Dispatches to a
Method	ssh_USERAUTH_REQUEST	The client has requested authentication. Payload:
Method	auth_publickey	Public key authentication. Payload:
Method	auth_password	Password authentication. Payload:
Method	auth_keyboard_interactive	Keyboard interactive authentication. No payload. We create a
Method	ssh_USERAUTH_INFO_RESPONSE	The user has responded with answers to PAMs authentication questions.
Method	_cbFinishedAuth	The callback when user has successfully been authenticated. For a
Method	_ebMaybeBadAuth	An intermediate errback. If the reason is
Method	_ebBadAuth	The final errback in the authentication chain. If the reason is
Method	_ebCheckKey	Called back if the user did not sent a signature. If reason is
Method	_ebPassword	If the password is invalid, wait before sending the failure in order
Method	_pamConv	Convert a list of PAM authentication questions into a

Inherited from SSHService:

Method	logPrefix	Override this method to insert custom logging behavior. Its
Method	packetReceived	called when we receive a packet on the transport

def serviceStarted(self): (source)

overrides twisted.conch.ssh.service.SSHService.serviceStarted

Called when the userauth service is started. Set up instance variables, check if we should allow password/keyboard-interactive authentication (only allow if the outgoing connection is encrypted) and set up a login timeout.

def serviceStopped(self): (source)

overrides twisted.conch.ssh.service.SSHService.serviceStopped

Called when the userauth service is stopped. Cancel the login timeout if it's still going.

def timeoutAuthentication(self): (source)

Called when the user has timed out on authentication. Disconnect with a DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE message.

def tryAuth(self, kind, user, data): (source)

Try to authenticate the user with the given method. Dispatches to a auth_* method.

Parameters	kind	the authentication method to try. (type: `str` )
	user	the username the client is authenticating with. (type: `str` )
	data	authentication specific data sent by the client. (type: `str` )
Returns	A Deferred called back if the method succeeded, or erred back if it failed. (type: `defer.Deferred` )

def ssh_USERAUTH_REQUEST(self, packet): (source)

The client has requested authentication. Payload:

   string user
   string next service
   string method
   <authentication specific data>

Parameters packet (type: str )

def _cbFinishedAuth(self, (interface, avatar, logout)): (source)

The callback when user has successfully been authenticated. For a description of the arguments, see twisted.cred.portal.Portal.login. We start the service requested by the user.

def _ebMaybeBadAuth(self, reason): (source)

An intermediate errback. If the reason is error.NotEnoughAuthentication, we send a MSG_USERAUTH_FAILURE, but with the partial success indicator set.

Parameters reason (type: twisted.python.failure.Failure )

def _ebBadAuth(self, reason): (source)

The final errback in the authentication chain. If the reason is error.IgnoreAuthentication, we simply return; the authentication method has sent its own response. Otherwise, send a failure message and (if the method is not 'none') increment the number of login attempts.

Parameters reason (type: twisted.python.failure.Failure )

def auth_publickey(self, packet): (source)

Public key authentication. Payload:

   byte has signature
   string algorithm name
   string key blob
   [string signature] (if has signature is True)

Create a SSHPublicKey credential and verify it using our portal.

def _ebCheckKey(self, reason, packet): (source)

Called back if the user did not sent a signature. If reason is error.ValidPublicKey then this key is valid for the user to authenticate with. Send MSG_USERAUTH_PK_OK.

def auth_password(self, packet): (source)

Password authentication. Payload:

   string password

Make a UsernamePassword credential and verify it with our portal.

def _ebPassword(self, f): (source)

If the password is invalid, wait before sending the failure in order to delay brute-force password guessing.

def auth_keyboard_interactive(self, packet): (source)

Keyboard interactive authentication. No payload. We create a PluggableAuthenticationModules credential and authenticate with our portal.

def _pamConv(self, items): (source)

Convert a list of PAM authentication questions into a MSG_USERAUTH_INFO_REQUEST. Returns a Deferred that will be called back when the user has responses to the questions.

Parameters	items	a list of 2-tuples (message, kind). We only care about kinds 1 (password) and 2 (text). (type: `list` )
Returns	(type: `defer.Deferred` )

def ssh_USERAUTH_INFO_RESPONSE(self, packet): (source)

The user has responded with answers to PAMs authentication questions. Parse the packet into a PAM response and callback self._pamDeferred. Payload:

   uint32 numer of responses
   string response 1
   ...
   string response n