class SSHPublicKeyDatabase: (source)
Implements interfaces: twisted.cred.checkers.ICredentialsChecker
Checker that authenticates SSH public keys, based on public keys listed in authorized_keys and authorized_keys2 files in user .ssh/ directories.
Method | check |
Retrieve files containing authorized keys and check against user credentials. |
Method | get |
Return a list of FilePath instances for authorized_keys files which might contain information about authorized keys for the given credentials. |
Method | request |
Validate credentials and produce an avatar ID. |
Class Variable | credential |
A list of sub-interfaces of ICredentials which specifies which I may check. |
Method | _cb |
Check whether the credentials themselves are valid, now that we know if the key matches the user. |
Method | _eb |
Undocumented |
Class Variable | _userdb |
Undocumented |
Return a list of FilePath
instances for authorized_keys files which might contain information about authorized keys for the given credentials.
On OpenSSH servers, the default location of the file containing the list of authorized public keys is $HOME/.ssh/authorized_keys.
$HOME/.ssh/authorized_keys2 is also returned, though it has been deprecated by OpenSSH since 2001.
Returns | |
A list of FilePath instances to files with the authorized keys. |
Validate credentials and produce an avatar ID.
Parameters | |
credentials | something which implements one of the interfaces in credentialInterfaces. |
Returns | |
a Deferred which will fire with a bytes that identifies an avatar, an empty tuple to specify an authenticated anonymous user (provided as twisted.cred.checkers.ANONYMOUS ) or fail with UnauthorizedLogin . Alternatively, return the result itself. | |
See Also | |
twisted.cred.credentials |
Check whether the credentials themselves are valid, now that we know if the key matches the user.
Parameters | |
valid | A boolean indicating whether or not the public key matches a key in the user's authorized_keys file. |
credentials:ISSHPrivateKey provider | The credentials offered by the user. |
Returns | |
The user's username, if authentication was successful. | |
Raises | |
UnauthorizedLogin | (as a failure) if the key does not match the user in credentials. Also raised if the user provides an invalid signature. |
ValidPublicKey | (as a failure) if the key matches the user but the credentials do not include a signature. See error.ValidPublicKey for more information. |