[Twisted-Python] Need help with SSHUserAuthClient keyfile and passphrase
Stephen McRoberts
steveo at mcroberts.org
Tue Jul 11 12:02:35 MDT 2017
My auth code works for a public keyfile on my local servers but I can't get it to work with a private key.
***Here's an ssh debug list when I login at the console (not twisted):
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/sten/.ssh/mcroberts.org-rsa
debug1: key_load_private_type: incorrect passphrase supplied to decrypt private key
Enter passphrase for key '/home/sten/.ssh/myserver.com-rsa':
debug1: Authentication succeeded (publickey).
***Here's my twisted log:
2017-07-11 12:47:03-0500 [] can continue with: ['publickey', 'password']
2017-07-11 12:47:03-0500 [] trying to auth with publickey
2017-07-11 12:47:03-0500 [] KeyFileAuth.getPublicKey
2017-07-11 12:47:03-0500 [] pubkeyfile=None
2017-07-11 12:47:03-0500 [] KeyFileAuth.getPrivateKey
2017-07-11 12:47:03-0500 [] /home/steve/.ssh/mcroberts.org-rsa is encrypted - looking for passphrase
2017-07-11 12:47:03-0500 [] trying to auth with password
Note that they both only ask for ['publickey', 'password']. My following code attempts the same but fails.
Here's my source code. This is called from the SSHConnection class before starting service. The verify host is already done.
class KeyFileAuth(userauth.SSHUserAuthClient):
#https://twistedmatrix.com/documents/current/api/twisted.conch.ssh.userauth.SSHUserAuthClient.html
#http://twistedmatrix.com/documents/current/api/twisted.conch.ssh.keys.Key.html
def __init__(self, config, user, instance):
self.config = config
self.user = user
log.msg("KeyFileAuth - requesting auth for user %s @ %s" % (user,config.get('host')), level=logging.DEBUG)
userauth.SSHUserAuthClient.__init__(self,user,instance)
#--------------------------
def getPublicKey(self):
log.msg("KeyFileAuth.getPublicKey", level=logging.DEBUG)
kf = self.config.get('pubkeyfile')
log.msg(" pubkeyfile=%s" % (kf), level=logging.DEBUG)
if kf is not None:
try:
if kf.startswith('~'):
kf = os.path.expanduser(kf)
if not os.path.exists(kf):
msg = " No such pubkeyfile=%s" % (kf)
return defer.fail(msg)
except Exception as e:
log.err(" provided pubkeyfile=%s raised %s" % (kf,e))
return defer.fail(msg)
#
# no apparent public keyfile in config
# private keyfile - this is the way ssh -v shows it done as in:
# debug1: Authentications that can continue: publickey,password
# debug1: Next authentication method: publickey
# debug1: Trying private key: /home/steve/.ssh/awebsite.com-rsa
#
elif self.config.get('keyfile') is not None:
return self.getPrivateKey()
return defer.fail("KeyFileAuth.getPublicKey out of options")
#--------------------------
def getPrivateKey(self):
log.msg("KeyFileAuth.getPrivateKey", level=logging.DEBUG)
kf = self.config.get('keyfile')
if kf is not None:
try:
if kf.startswith('~'):
kf = os.path.expanduser(kf)
if not os.path.exists(kf):
msg = " No such keyfile=%s" % (kf)
return defer.fail(msg)
except Exception as e:
msg = " provided keyfile=%s raised %s" % (kf,e)
return defer.fail(msg)
try:
return defer.succeed(keys.Key.fromFile(kf))
except keys.EncryptedKeyError:
log.msg(" %s is encrypted - looking for passphrase" % (kf), level=logging.INFO)
if self.config.get('passphrase'):
passphrase = self.config.get('passphrase')
return defer.succeed(keys.Key.fromFile(kf, passphrase))
else:
msg = " No passphrase found for keyfile=%s" % (kf)
return defer.fail(msg)
except Exception as e:
msg = " keyfile=%s raised %s" % (kf,e)
return defer.fail(msg)
return defer.fail("KeyFileAuth.getPrivateKey out of options")
More information about the Twisted-Python
mailing list