class SSHUserAuthClient(service.SSHService): (source)
Known subclasses: twisted.conch.client.default.SSHUserAuthClient
, twisted.conch.scripts.tkconch.SSHUserAuthClient
, twisted.conch.test.test_ssh.ConchTestClientAuth
, twisted.conch.test.test_userauth.ClientAuthWithoutPrivateKey
, twisted.conch.test.test_userauth.ClientUserAuth
, twisted.conch.test.test_userauth.OldClientAuth
, twisted.conch.endpoints._UserAuth
A service implementing the client side of 'ssh-userauth'.
This service will try all authentication methods provided by the server, making callbacks for more information when necessary.
Method | __init__ |
Undocumented |
Method | ask |
Send a MSG_USERAUTH_REQUEST. |
Method | auth |
Try to authenticate with keyboard-interactive authentication. Send the request to the server and return True. |
Method | auth |
Try to authenticate with a password. Ask the user for a password. If the user will return a password, return True. Otherwise, return False. |
Method | auth |
Try to authenticate with a public key. Ask the user for a public key; if the user has one, send the request to the server and return True. Otherwise, return False. |
Method | get |
Returns a Deferred with the responses to the promopts. |
Method | get |
Return a Deferred that will be called back with a password. prompt is a string to display for the password, or None for a generic 'user@hostname's password: '. |
Method | get |
Return a Deferred that will be called back with the private key object corresponding to the last public key from getPublicKey(). If the private key is not available, errback on the Deferred. |
Method | get |
Return a public key for the user. If no more public keys are available, return None . |
Method | service |
called when the service is active on the transport. |
Method | sign |
Sign the given data with the given public key. |
Method | ssh_ |
We received a MSG_USERAUTH_FAILURE. Payload: |
Method | ssh_ |
This message (number 60) can mean several different messages depending on the current authentication type. We dispatch to individual methods in order to handle this request. |
Method | ssh_ |
This is MSG_USERAUTH_INFO_RESPONSE. The server has sent us the questions it wants us to answer, so we ask the user and sent the responses. |
Method | ssh_ |
This is MSG_USERAUTH_PASSWD_CHANGEREQ. The password given has expired. We ask for an old password and a new password, then send both back to the server. |
Method | ssh_ |
This is MSG_USERAUTH_PK. Our public key is valid, so we create a signature and try to authenticate with it. |
Method | ssh_ |
We received a MSG_USERAUTH_SUCCESS. The server has accepted our authentication, so start the next service. |
Method | try |
Dispatch to an authentication method. |
Instance Variable | authenticated |
a list of strings of authentication methods we've tried |
Instance Variable | instance |
the service to start after authentication has finished |
Instance Variable | last |
Undocumented |
Instance Variable | last |
the last public key object we've tried to authenticate with |
Instance Variable | name |
the name of this service: 'ssh-userauth' |
Instance Variable | preferred |
a list of authentication methods that should be used first, in order of preference, if supported by the server |
Instance Variable | tried |
a list of public key objects that we've tried to authenticate with |
Instance Variable | user |
the name of the user to authenticate as |
Method | _cb |
Called back when we are finished answering keyboard-interactive questions. Send the info back to the server in a MSG_USERAUTH_INFO_RESPONSE. |
Method | _cb |
Undocumented |
Method | _cb |
Called back when the user gives a password. Send the request to the server. |
Method | _cb |
Called back when the private key is returned. Sign the data and return the signature. |
Method | _cb |
Called back out of self.signData with the signed data. Send the authentication request with the signature. |
Method | _cb |
Undocumented |
Method | _eb |
Generic callback for a failed authentication attempt. Respond by asking for the list of accepted methods (the 'none' method) |
Method | _set |
Called back when we are choosing a new password. Get the old password and send the authentication message with both. |
Method | _set |
Called back when we are choosing a new password. Simply store the old password for now. |
Instance Variable | _new |
Undocumented |
Instance Variable | _old |
Undocumented |
Inherited from SSHService
:
Method | log |
Undocumented |
Method | packet |
called when we receive a packet on the transport |
Method | service |
called when the service is stopped, either by the connection ending or by another service being started |
Class Variable | protocol |
Undocumented |
Class Variable | transport |
Undocumented |
Class Variable | _log |
Undocumented |
Try to authenticate with keyboard-interactive authentication. Send the request to the server and return True.
Returns | |
bool | Undocumented |
Try to authenticate with a password. Ask the user for a password. If the user will return a password, return True. Otherwise, return False.
Returns | |
bool | Undocumented |
Try to authenticate with a public key. Ask the user for a public key; if the user has one, send the request to the server and return True. Otherwise, return False.
Returns | |
bool | Undocumented |
twisted.conch.client.default.SSHUserAuthClient
, twisted.conch.test.test_userauth.ClientUserAuth
Returns a Deferred
with the responses to the promopts.
Parameters | |
name | The name of the authentication currently in progress. |
instruction | Describes what the authentication wants. |
prompts | A list of (prompt, echo) pairs, where prompt is a string to display and echo is a boolean indicating whether the user's response should be echoed as they type it. |
twisted.conch.client.default.SSHUserAuthClient
, twisted.conch.scripts.tkconch.SSHUserAuthClient
, twisted.conch.test.test_ssh.ConchTestClientAuth
, twisted.conch.test.test_userauth.ClientUserAuth
, twisted.conch.endpoints._UserAuth
Return a Deferred
that will be called back with a password. prompt is a string to display for the password, or None for a generic 'user@hostname's password: '.
Parameters | |
prompt:bytes /None | Undocumented |
Returns | |
defer.Deferred | Undocumented |
twisted.conch.client.default.SSHUserAuthClient
, twisted.conch.scripts.tkconch.SSHUserAuthClient
, twisted.conch.test.test_ssh.ConchTestClientAuth
, twisted.conch.test.test_userauth.ClientAuthWithoutPrivateKey
, twisted.conch.test.test_userauth.ClientUserAuth
, twisted.conch.test.test_userauth.OldClientAuth
, twisted.conch.endpoints._UserAuth
twisted.conch.client.default.SSHUserAuthClient
, twisted.conch.scripts.tkconch.SSHUserAuthClient
, twisted.conch.test.test_ssh.ConchTestClientAuth
, twisted.conch.test.test_userauth.ClientAuthWithoutPrivateKey
, twisted.conch.test.test_userauth.ClientUserAuth
, twisted.conch.test.test_userauth.OldClientAuth
, twisted.conch.endpoints._UserAuth
twisted.conch.client.default.SSHUserAuthClient
called when the service is active on the transport.
Sign the given data with the given public key.
By default, this will call getPrivateKey to get the private key, then sign the data using Key.sign().
This method is factored out so that it can be overridden to use alternate methods, such as a key agent.
Parameters | |
publickeys.Key | The public key object returned from getPublicKey |
signbytes | the data to be signed by the private key. |
Returns | |
defer.Deferred | a Deferred that's called back with the signature |
We received a MSG_USERAUTH_FAILURE. Payload:
string methods byte partial success
If partial success is True, then the previous method succeeded but is not sufficient for authentication. methods is a comma-separated list of accepted authentication methods.
We sort the list of methods by their position in self.preferredOrder, removing methods that have already succeeded. We then call self.tryAuth with the most preferred method.
Parameters | |
packet:bytes | the MSG_USERAUTH_FAILURE payload. |
Returns | |
defer.Deferred or None | a defer.Deferred that will be callbacked with None as soon as all authentication methods have been tried, or None if no more authentication methods are available. |
This message (number 60) can mean several different messages depending on the current authentication type. We dispatch to individual methods in order to handle this request.
This is MSG_USERAUTH_INFO_RESPONSE. The server has sent us the questions it wants us to answer, so we ask the user and sent the responses.
This is MSG_USERAUTH_PASSWD_CHANGEREQ. The password given has expired. We ask for an old password and a new password, then send both back to the server.
This is MSG_USERAUTH_PK. Our public key is valid, so we create a signature and try to authenticate with it.
We received a MSG_USERAUTH_SUCCESS. The server has accepted our authentication, so start the next service.
a list of authentication methods that should be used first, in order of preference, if supported by the server
Called back when the user gives a password. Send the request to the server.
Parameters | |
password:bytes | the password the user entered |
Called back out of self.signData with the signed data. Send the authentication request with the signature.
Parameters | |
signedbytes | the data signed by the user's private key. |
Generic callback for a failed authentication attempt. Respond by asking for the list of accepted methods (the 'none' method)
Called back when we are choosing a new password. Get the old password and send the authentication message with both.
Parameters | |
np:bytes | the new password as entered by the user |
Called back when we are choosing a new password. Simply store the old password for now.
Parameters | |
op:bytes | the old password as entered by the user |