Implements interfaces: twisted.cred.checkers.ICredentialsChecker

Checker that authenticates SSH public keys, based on public keys listed in authorized_keys and authorized_keys2 files in user .ssh/ directories.

Initializing this checker with a UNIXAuthorizedKeysFiles should be used instead of twisted.conch.checkers.SSHPublicKeyDatabase.

Present Since15.0
Method __init__ Initializes a SSHPublicKeyChecker.
Method requestAvatarId
Method _sanityCheckKey Checks whether the provided credentials are a valid SSH key with a signature (does not actually verify the signature).
Method _checkKey Checks the public key against all authorized keys (if any) for the user.
Method _verifyKey Checks whether the credentials themselves are valid, now that we know if the key matches the user.
def __init__(self, keydb): (source)

Initializes a SSHPublicKeyChecker.

Parameterskeydba provider of IAuthorizedKeysDB (type: IAuthorizedKeysDB provider)
def requestAvatarId(self, credentials): (source)
Parameterscredentialssomething which implements one of the interfaces in self.credentialInterfaces.
Returnsa Deferred which will fire a string which identifies an avatar, an empty tuple to specify an authenticated anonymous user (provided as checkers.ANONYMOUS) or fire a Failure(UnauthorizedLogin). Alternatively, return the result itself.
See Alsotwisted.cred.credentials
def _sanityCheckKey(self, credentials): (source)

Checks whether the provided credentials are a valid SSH key with a signature (does not actually verify the signature).

Parameterscredentialsthe credentials offered by the user (type: ISSHPrivateKey provider)
Returnsthe key in the credentials (type: twisted.conch.ssh.keys.Key)
RaisesValidPublicKeythe credentials do not include a signature. See error.ValidPublicKey for more information.
BadKeyErrorThe key included with the credentials is not recognized as a key.
def _checkKey(self, pubKey, credentials): (source)

Checks the public key against all authorized keys (if any) for the user.

ParameterspubKeythe key in the credentials (just to prevent it from having to be calculated again) (type: )
credentialsthe credentials offered by the user (type: ISSHPrivateKey provider)
ReturnspubKey if the key is authorized (type: twisted.conch.ssh.keys.Key)
RaisesUnauthorizedLoginIf the key is not authorized, or if there was any error obtaining a list of authorized keys for the user.
def _verifyKey(self, pubKey, credentials): (source)

Checks whether the credentials themselves are valid, now that we know if the key matches the user.

ParameterspubKeythe key in the credentials (just to prevent it from having to be calculated again) (type: twisted.conch.ssh.keys.Key)
credentialsthe credentials offered by the user (type: ISSHPrivateKey provider)
ReturnsThe user's username, if authentication was successful (type: bytes)
RaisesUnauthorizedLoginIf the key signature is invalid or there was any error verifying the signature.
API Documentation for Twisted, generated by pydoctor at 2018-04-29 21:01:12.