t.c.s.t.SSHTransportBase(protocol.Protocol) : class documentation

Part of twisted.conch.ssh.transport View Source View In Hierarchy

Known subclasses: twisted.conch.ssh.transport.SSHClientTransport, twisted.conch.ssh.transport.SSHServerTransport

Protocol supporting basic SSH functionality: sending/receiving packets and message dispatch. To connect to or run a server, you must use SSHClientTransport or SSHServerTransport.
Instance VariablesprotocolVersionA string representing the version of the SSH protocol we support. Currently defaults to '2.0'.
versionA string representing the version of the server or client. Currently defaults to 'Twisted'.
commentAn optional string giving more information about the server or client.
supportedCiphersA list of strings representing the encryption algorithms supported, in order from most-preferred to least.
supportedMACsA list of strings representing the message authentication codes (hashes) supported, in order from most-preferred to least. Both this and supportedCiphers can include 'none' to use no encryption or authentication, but that must be done manually,
supportedKeyExchangesA list of strings representing the key exchanges supported, in order from most-preferred to least.
supportedPublicKeysA list of strings representing the public key types supported, in order from most-preferred to least.
supportedCompressionsA list of strings representing compression types supported, from most-preferred to least.
supportedLanguagesA list of strings representing languages supported, from most-preferred to least.
supportedVersionsA container of strings representing supported ssh protocol version numbers.
isClientA boolean indicating whether this is a client or server.
gotVersionA boolean indicating whether we have receieved the version string from the other side.
bufData we've received but hasn't been parsed into a packet.
outgoingPacketSequencethe sequence number of the next packet we will send.
incomingPacketSequencethe sequence number of the next packet we are expecting from the other side.
outgoingCompressionan object supporting the .compress(str) and .flush() methods, or None if there is no outgoing compression. Used to compress outgoing data.
outgoingCompressionTypeA string representing the outgoing compression type.
incomingCompressionan object supporting the .decompress(str) method, or None if there is no incoming compression. Used to decompress incoming data.
incomingCompressionTypeA string representing the incoming compression type.
ourVersionStringthe version string that we sent to the other side. Used in the key exchange.
otherVersionStringthe version string sent by the other side. Used in the key exchange.
ourKexInitPayloadthe MSG_KEXINIT payload we sent. Used in the key exchange.
otherKexInitPayloadthe MSG_KEXINIT payload we received. Used in the key exchange
sessionIDa string that is unique to this SSH session. Created as part of the key exchange, sessionID is used to generate the various encryption and authentication keys.
servicean SSHService instance, or None. If it's set to an object, it's the currently running service.
kexAlgthe agreed-upon key exchange algorithm.
keyAlgthe agreed-upon public key type for the key exchange.
currentEncryptionsan SSHCiphers instance. It represents the current encryption and authentication options for the transport.
nextEncryptionsan SSHCiphers instance. Held here until the MSG_NEWKEYS messages are exchanged, when nextEncryptions is transitioned to currentEncryptions.
firstthe first bytes of the next packet. In order to avoid decrypting data twice, the first bytes are decrypted and stored until the whole packet is available.
_keyExchangeStateThe current protocol state with respect to key exchange. This is either _KEY_EXCHANGE_NONE if no key exchange is in progress (and returns to this value after any key exchange completes), _KEY_EXCHANGE_REQUESTED if this side of the connection initiated a key exchange, and _KEY_EXCHANGE_PROGRESSING if the other side of the connection initiated a key exchange. _KEY_EXCHANGE_NONE is the initial value (however SSH connections begin with key exchange, so it will quickly change to another state).
_blockedByKeyExchangeWhenever _keyExchangeState is not _KEY_EXCHANGE_NONE, this is a list of pending messages which were passed to sendPacket but could not be sent because it is not legal to send them while a key exchange is in progress. When the key exchange completes, another attempt is made to send these messages.
Method connectionLost Called when the connection is shut down.
Method connectionMade Called when the connection is made to the other side. We sent our version and the MSG_KEXINIT packet.
Method sendKexInit Send a KEXINIT message to initiate key exchange or to respond to a key exchange initiated by the peer.
Method sendPacket Sends a packet. If it's been set up, compress the data, encrypt it, and authenticate it before sending. If key exchange is in progress and the message is not part of key exchange, queue it to be sent later.
Method getPacket Try to return a decrypted, authenticated, and decompressed packet out of the buffer. If there is not enough data, return None.
Method dataReceived First, check for the version string (SSH-2.0-*). After that has been received, this method adds data to the buffer, and pulls out any packets.
Method dispatchMessage Send a received message to the appropriate method.
Method ssh_KEXINIT No summary
Method ssh_DISCONNECT Called when we receive a MSG_DISCONNECT message. Payload:: long code string description
Method ssh_IGNORE Called when we receieve a MSG_IGNORE message. No payload. This means nothing; we simply return.
Method ssh_UNIMPLEMENTED Called when we receieve a MSG_UNIMPLEMENTED message. Payload:: long packet
Method ssh_DEBUG No summary
Method setService Set our service to service and start it running. If we were running a service previously, stop it first.
Method sendDebug Send a debug message to the other side.
Method sendIgnore Send a message that will be ignored by the other side. This is useful to fool attacks based on guessing packet sizes in the encrypted stream.
Method sendUnimplemented Send a message to the other side that the last packet was not understood.
Method sendDisconnect Send a disconnect message to the other side and then disconnect.
Method isEncrypted Return True if the connection is encrypted in the given direction. Direction must be one of ["out", "in", "both"].
Method isVerified Return True if the connecction is verified/authenticated in the given direction. Direction must be one of ["out", "in", "both"].
Method loseConnection Lose the connection to the other side, sending a DISCONNECT_CONNECTION_LOST message.
Method receiveError Called when we receive a disconnect error message from the other side.
Method receiveUnimplemented Called when we receive an unimplemented packet message from the other side.
Method receiveDebug Called when we receive a debug message from the other side.
Method _allowedKeyExchangeMessageType Determine if the given message type may be sent while key exchange is in progress.
Method _unsupportedVersionReceived Called when an unsupported version of the ssh protocol is received from the remote endpoint.
Method _getKey Get one of the keys for authentication/encryption.
Method _keySetup Set up the keys for the connection and sends MSG_NEWKEYS when finished,
Method _newKeys No summary

Inherited from BaseProtocol (via Protocol):

Method makeConnection Make a connection to a transport and a server.
def connectionLost(self, reason): (source)

Called when the connection is shut down.

Clear any circular references here, and any external references to this Protocol. The connection has been closed.
Parametersreason (type: twisted.python.failure.Failure )
def connectionMade(self): (source)
Called when the connection is made to the other side. We sent our version and the MSG_KEXINIT packet.
def sendKexInit(self): (source)
Send a KEXINIT message to initiate key exchange or to respond to a key exchange initiated by the peer.
ReturnsNone
RaisesRuntimeErrorIf a key exchange has already been started and it is not appropriate to send a KEXINIT message at this time.
def _allowedKeyExchangeMessageType(self, messageType): (source)
Determine if the given message type may be sent while key exchange is in progress.
ParametersmessageTypeThe type of message (type: int )
ReturnsTrue if the given type of message may be sent while key exchange is in progress, False if it may not. (type: bool )
See Alsohttp://tools.ietf.org/html/rfc4253#section-7.1
def sendPacket(self, messageType, payload): (source)
Sends a packet. If it's been set up, compress the data, encrypt it, and authenticate it before sending. If key exchange is in progress and the message is not part of key exchange, queue it to be sent later.
ParametersmessageTypeThe type of the packet; generally one of the MSG_* values. (type: int )
payloadThe payload for the message. (type: str )
def getPacket(self): (source)
Try to return a decrypted, authenticated, and decompressed packet out of the buffer. If there is not enough data, return None.
Returns (type: str/None )
def _unsupportedVersionReceived(self, remoteVersion): (source)
Called when an unsupported version of the ssh protocol is received from the remote endpoint.
ParametersremoteVersionremote ssh protocol version which is unsupported by us. (type: str )
def dataReceived(self, data): (source)
First, check for the version string (SSH-2.0-*). After that has been received, this method adds data to the buffer, and pulls out any packets.
Parametersdata (type: str )
def dispatchMessage(self, messageNum, payload): (source)
Send a received message to the appropriate method.
ParametersmessageNum (type: int )
payload (type: c{str} )
def ssh_KEXINIT(self, packet): (source)
Called when we receive a MSG_KEXINIT message. Payload:
   bytes[16] cookie
   string keyExchangeAlgorithms
   string keyAlgorithms
   string incomingEncryptions
   string outgoingEncryptions
   string incomingAuthentications
   string outgoingAuthentications
   string incomingCompressions
   string outgoingCompressions
   string incomingLanguages
   string outgoingLanguages
   bool firstPacketFollows
   unit32 0 (reserved)
Starts setting up the key exchange, keys, encryptions, and authentications. Extended by ssh_KEXINIT in SSHServerTransport and SSHClientTransport.
def ssh_DISCONNECT(self, packet): (source)
Called when we receive a MSG_DISCONNECT message. Payload:
   long code
   string description
This means that the other side has disconnected. Pass the message up and disconnect ourselves.
def ssh_IGNORE(self, packet): (source)
Called when we receieve a MSG_IGNORE message. No payload. This means nothing; we simply return.
def ssh_UNIMPLEMENTED(self, packet): (source)
Called when we receieve a MSG_UNIMPLEMENTED message. Payload:
   long packet
This means that the other side did not implement one of our packets.
def ssh_DEBUG(self, packet): (source)
Called when we receieve a MSG_DEBUG message. Payload:
   bool alwaysDisplay
   string message
   string language
This means the other side has passed along some debugging info.
def setService(self, service): (source)
Set our service to service and start it running. If we were running a service previously, stop it first.
Parametersservice (type: SSHService )
def sendDebug(self, message, alwaysDisplay=False, language=''): (source)
Send a debug message to the other side.
Parametersmessagethe message to send. (type: str )
alwaysDisplayif True, tell the other side to always display this message. (type: bool )
languageoptionally, the language the message is in. (type: str )
def sendIgnore(self, message): (source)
Send a message that will be ignored by the other side. This is useful to fool attacks based on guessing packet sizes in the encrypted stream.
Parametersmessagedata to send with the message (type: str )
def sendUnimplemented(self): (source)
Send a message to the other side that the last packet was not understood.
def sendDisconnect(self, reason, desc): (source)
Send a disconnect message to the other side and then disconnect.
Parametersreasonthe reason for the disconnect. Should be one of the DISCONNECT_* values. (type: int )
desca descrption of the reason for the disconnection. (type: str )
def _getKey(self, c, sharedSecret, exchangeHash): (source)
Get one of the keys for authentication/encryption.
Parametersc (type: str )
sharedSecret (type: str )
exchangeHash (type: str )
def _keySetup(self, sharedSecret, exchangeHash): (source)
Set up the keys for the connection and sends MSG_NEWKEYS when finished,
ParameterssharedSecreta secret string agreed upon using a Diffie- Hellman exchange, so it is only shared between the server and the client. (type: str )
exchangeHashA hash of various data known by both sides. (type: str )
def _newKeys(self): (source)
Called back by a subclass once a MSG_NEWKEYS message has been received. This indicates key exchange has completed and new encryption and compression parameters should be adopted. Any messages which were queued during key exchange will also be flushed.
def isEncrypted(self, direction='out'): (source)
Return True if the connection is encrypted in the given direction. Direction must be one of ["out", "in", "both"].
def isVerified(self, direction='out'): (source)
Return True if the connecction is verified/authenticated in the given direction. Direction must be one of ["out", "in", "both"].
def loseConnection(self): (source)
Lose the connection to the other side, sending a DISCONNECT_CONNECTION_LOST message.
def receiveError(self, reasonCode, description): (source)
Called when we receive a disconnect error message from the other side.
ParametersreasonCodethe reason for the disconnect, one of the DISCONNECT_ values. (type: int )
descriptiona human-readable description of the disconnection. (type: str )
def receiveUnimplemented(self, seqnum): (source)
Called when we receive an unimplemented packet message from the other side.
Parametersseqnumthe sequence number that was not understood. (type: int )
def receiveDebug(self, alwaysDisplay, message, lang): (source)
Called when we receive a debug message from the other side.
ParametersalwaysDisplayif True, this message should always be displayed. (type: bool )
messagethe debug message (type: str )
langoptionally the language the message is in. (type: str )
API Documentation for Twisted, generated by pydoctor at 2011-10-27 16:27:37.