[Twisted-Python] (conch) credentials.signature always None?
Saúl Ibarra Corretgé
saghul at gmail.com
Wed Jan 19 20:10:21 EST 2011
Hi Paul,
Thanks for that quick response!
On Thu, Jan 20, 2011 at 1:06 AM, Paul Swartz <paulswartz at gmail.com> wrote:
> On Wed, Jan 19, 2011 at 6:55 PM, Saúl Ibarra Corretgé <saghul at gmail.com> wrote:
>> Hi all,
>>
>> I'm experiencing something weird while writing a simple SSH server,
>> and I wonder if anyone did run into this before:
>>
>> On every snippet I see around regarding public key authentication, the
>> signature is checked as follows:
>>
>> # if not credentials.signature:
>> # return failure.Failure(ValidPublicKey())
>> # try:
>> # public_key = keys.Key.fromString(data=credentials.blob)
>> # except (keys.BadKeyError, keys.EncryptedKeyError):
>> # return failure.Failure(ConchError("Public key error"))
>
> If it's not continuing, that's a problem with the other side. What
> happens with the SSH protocol is:
>
> C: sends a message asking 'if this public key okay?' without sending
> any signed data
> S: says either "no it's not valid for this account" or "yes it is
> valid, please prove you have the private key"
> C: if yes, sign some data and send the signature; otherwise try a
> different key or different authentication mechanism
>
> The 'if not credentials.signature: return
> failure.Failure(ValidPublicKey())' code is how the server tells the
> client it's a valid key, but needs to prove it also has the public
> key.
>
My test was done wrong, my bad :-S I tested again and finally found
the issue: I'm searching for the user's key in a DB and errors are
handled in a errback. So ValidPublicKey was also handled there,
incorrectly.
I fixed it by doing the following:
def _got_keys_error(self, error, credentials):
if not error.check(ValidPublicKey):
return
failure.Failure(ConchError(error.getErrorMessage()))
So now it does work :-)
Thanks and regards,
--
/Saúl
http://saghul.net | http://sipdoc.net
More information about the Twisted-Python
mailing list