[Twisted-Python] (conch) credentials.signature always None?
Paul Swartz
paulswartz at gmail.com
Wed Jan 19 17:06:11 MST 2011
On Wed, Jan 19, 2011 at 6:55 PM, Saúl Ibarra Corretgé <saghul at gmail.com> wrote:
> Hi all,
>
> I'm experiencing something weird while writing a simple SSH server,
> and I wonder if anyone did run into this before:
>
> On every snippet I see around regarding public key authentication, the
> signature is checked as follows:
>
> # if not credentials.signature:
> # return failure.Failure(ValidPublicKey())
> # try:
> # public_key = keys.Key.fromString(data=credentials.blob)
> # except (keys.BadKeyError, keys.EncryptedKeyError):
> # return failure.Failure(ConchError("Public key error"))
If it's not continuing, that's a problem with the other side. What
happens with the SSH protocol is:
C: sends a message asking 'if this public key okay?' without sending
any signed data
S: says either "no it's not valid for this account" or "yes it is
valid, please prove you have the private key"
C: if yes, sign some data and send the signature; otherwise try a
different key or different authentication mechanism
The 'if not credentials.signature: return
failure.Failure(ValidPublicKey())' code is how the server tells the
client it's a valid key, but needs to prove it also has the public
key.
-p
--
Paul Swartz
paulswartz at gmail dot com
http://paulswartz.net/
AIM: z3penguin
More information about the Twisted-Python
mailing list