class documentation

class twisted.conch.checkers.SSHPublicKeyChecker: (source)

Implements interfaces: twisted.cred.checkers.ICredentialsChecker

View In Hierarchy

Checker that authenticates SSH public keys, based on public keys listed in authorized_keys and authorized_keys2 files in user .ssh/ directories.

Initializing this checker with a UNIXAuthorizedKeysFiles should be used instead of twisted.conch.checkers.SSHPublicKeyDatabase.

Present Since15.0
Class Variable credentialInterfaces A list of sub-interfaces of ICredentials which specifies which I may check.
Method __init__ Initializes a SSHPublicKeyChecker.
Method requestAvatarId Validate credentials and produce an avatar ID.
Instance Variable _keydb Undocumented
Method _sanityCheckKey Checks whether the provided credentials are a valid SSH key with a signature (does not actually verify the signature).
Method _checkKey Checks the public key against all authorized keys (if any) for the user.
Method _verifyKey Checks whether the credentials themselves are valid, now that we know if the key matches the user.
credentialInterfaces = (source)

A list of sub-interfaces of ICredentials which specifies which I may check.

def __init__(self, keydb): (source)

Initializes a SSHPublicKeyChecker.

Parameterskeydba provider of IAuthorizedKeysDB (type: IAuthorizedKeysDB provider)
_keydb = (source)

Undocumented

def requestAvatarId(self, credentials): (source)

Validate credentials and produce an avatar ID.

Parameterscredentialssomething which implements one of the interfaces in credentialInterfaces.
Returnsa Deferred which will fire with a bytes that identifies an avatar, an empty tuple to specify an authenticated anonymous user (provided as twisted.cred.checkers.ANONYMOUS) or fail with UnauthorizedLogin. Alternatively, return the result itself.
See Alsotwisted.cred.credentials
def _sanityCheckKey(self, credentials): (source)

Checks whether the provided credentials are a valid SSH key with a signature (does not actually verify the signature).

Parameterscredentialsthe credentials offered by the user (type: ISSHPrivateKey provider)
Returnsthe key in the credentials (type: twisted.conch.ssh.keys.Key)
RaisesValidPublicKeythe credentials do not include a signature. See error.ValidPublicKey for more information.
BadKeyErrorThe key included with the credentials is not recognized as a key.
def _checkKey(self, pubKey, credentials): (source)

Checks the public key against all authorized keys (if any) for the user.

ParameterspubKeythe key in the credentials (just to prevent it from having to be calculated again) (type: )
credentialsthe credentials offered by the user (type: ISSHPrivateKey provider)
ReturnspubKey if the key is authorized (type: twisted.conch.ssh.keys.Key)
RaisesUnauthorizedLoginIf the key is not authorized, or if there was any error obtaining a list of authorized keys for the user.
def _verifyKey(self, pubKey, credentials): (source)

Checks whether the credentials themselves are valid, now that we know if the key matches the user.

ParameterspubKeythe key in the credentials (just to prevent it from having to be calculated again) (type: twisted.conch.ssh.keys.Key)
credentialsthe credentials offered by the user (type: ISSHPrivateKey provider)
ReturnsThe user's username, if authentication was successful (type: bytes)
RaisesUnauthorizedLoginIf the key signature is invalid or there was any error verifying the signature.
API Documentation for Twisted, generated by pydoctor 20.12.1 at 2021-02-28 19:53:36.