class documentation
class SSHPublicKeyChecker: (source)
Constructor: SSHPublicKeyChecker(keydb)
Implements interfaces: twisted.cred.checkers.ICredentialsChecker
Checker that authenticates SSH public keys, based on public keys listed in authorized_keys and authorized_keys2 files in user .ssh/ directories.
Initializing this checker with a UNIXAuthorizedKeysFiles
should be used instead of twisted.conch.checkers.SSHPublicKeyDatabase
.
Present Since | |
15.0 |
Method | __init__ |
Initializes a SSHPublicKeyChecker . |
Method | request |
Validate credentials and produce an avatar ID. |
Class Variable | credential |
A list of sub-interfaces of ICredentials which specifies which I may check. |
Method | _check |
Checks the public key against all authorized keys (if any) for the user. |
Method | _sanity |
Checks whether the provided credentials are a valid SSH key with a signature (does not actually verify the signature). |
Method | _verify |
Checks whether the credentials themselves are valid, now that we know if the key matches the user. |
Instance Variable | _keydb |
Undocumented |
Validate credentials and produce an avatar ID.
Parameters | |
credentials | something which implements one of the interfaces in credentialInterfaces. |
Returns | |
a Deferred which will fire with a bytes that identifies an avatar, an empty tuple to specify an authenticated anonymous user (provided as twisted.cred.checkers.ANONYMOUS ) or fail with UnauthorizedLogin . Alternatively, return the result itself. | |
See Also | |
twisted.cred.credentials |
Checks the public key against all authorized keys (if any) for the user.
Parameters | |
pub | the key in the credentials (just to prevent it from having to be calculated again) |
credentials:ISSHPrivateKey provider | the credentials offered by the user |
Returns | |
twisted.conch.ssh.keys.Key | pubKey if the key is authorized |
Raises | |
UnauthorizedLogin | If the key is not authorized, or if there was any error obtaining a list of authorized keys for the user. |
Checks whether the provided credentials are a valid SSH key with a signature (does not actually verify the signature).
Parameters | |
credentials:ISSHPrivateKey provider | the credentials offered by the user |
Returns | |
twisted.conch.ssh.keys.Key | the key in the credentials |
Raises | |
ValidPublicKey | the credentials do not include a signature. See error.ValidPublicKey for more information. |
BadKeyError | The key included with the credentials is not recognized as a key. |
Checks whether the credentials themselves are valid, now that we know if the key matches the user.
Parameters | |
pubtwisted.conch.ssh.keys.Key | the key in the credentials (just to prevent it from having to be calculated again) |
credentials:ISSHPrivateKey provider | the credentials offered by the user |
Returns | |
bytes | The user's username, if authentication was successful |
Raises | |
UnauthorizedLogin | If the key signature is invalid or there was any error verifying the signature. |