twisted.conch.checkers

module documentation

(source)

Provide ICredentialsChecker implementations to be used in Conch protocols.

Interface	`IAuthorizedKeysDB`	An object that provides valid authorized ssh keys mapped to usernames.
Class	`CryptedPasswordRecord`	A sequence where the item at index 1 may be a crypted password.
Class	`InMemorySSHKeyDB`	Object that provides SSH public keys based on a dictionary of usernames mapped to `twisted.conch.ssh.keys.Key`s.
Class	`SSHProtocolChecker`	SSHProtocolChecker is a checker that requires multiple authentications to succeed. To add a checker, call my registerChecker method with the checker and the interface.
Class	`SSHPublicKeyChecker`	Checker that authenticates SSH public keys, based on public keys listed in authorized_keys and authorized_keys2 files in user .ssh/ directories.
Class	`SSHPublicKeyDatabase`	Checker that authenticates SSH public keys, based on public keys listed in authorized_keys and authorized_keys2 files in user .ssh/ directories.
Class	`UNIXAuthorizedKeysFiles`	Object that provides SSH public keys based on public keys listed in authorized_keys and authorized_keys2 files in UNIX user .ssh/ directories. If any of the files cannot be read, a message is logged but that file is otherwise ignored.
Class	`UNIXPasswordDatabase`	A checker which validates users out of the UNIX password databases, or databases of a compatible format.
Class	`UserDB`	A database of users by name, like the stdlib `pwd` module.
Class	`UserRecord`	A record in a UNIX-style password database. See `pwd` for field details.
Function	`readAuthorizedKeyFile`	Reads keys from an authorized keys file. Any non-comment line that cannot be parsed as a key will be ignored, although that particular line will be logged.
Variable	`pwd`	Undocumented
Function	`_keysFromFilepaths`	Helper function that turns an iterable of filepaths into a generator of keys. If any file cannot be read, a message is logged but it is otherwise ignored.
Function	`_lookupUser`	Lookup a user by name in a `pwd`-style database.
Function	`_pwdGetByName`	Look up a user in the /etc/passwd database using the pwd module. If the pwd module is not available, return None.
Function	`_shadowGetByName`	Look up a user in the /etc/shadow database using the spwd module. If it is not available, return `None`.
Variable	`_log`	Undocumented

def readAuthorizedKeyFile(fileobj: IO[bytes], parseKey: Callable[[bytes], keys.Key] = keys.Key.fromString) -> Iterator[keys.Key]: (source) ¶

Reads keys from an authorized keys file. Any non-comment line that cannot be parsed as a key will be ignored, although that particular line will be logged.

Parameters
fileobj:`IO[bytes]`	something from which to read lines which can be parsed as keys
parseKey:`Callable[[bytes], keys.Key]`	a callable that takes bytes and returns a `twisted.conch.ssh.keys.Key`, mainly to be used for testing. The default is `twisted.conch.ssh.keys.Key.fromString`.

Returns
`Iterator[keys.Key]`	an iterable of `twisted.conch.ssh.keys.Key`

Present Since
15.0

pwd: UserDB | None = (source) ¶

Undocumented

def _keysFromFilepaths(filepaths: Iterable[FilePath[Any]], parseKey: Callable[[bytes], keys.Key]) -> Iterable[keys.Key]: (source) ¶

Helper function that turns an iterable of filepaths into a generator of keys. If any file cannot be read, a message is logged but it is otherwise ignored.

Parameters
filepaths:iterable	iterable of `twisted.python.filepath.FilePath`.
parseKey:`callable`	a callable that takes a string and returns a `twisted.conch.ssh.keys.Key`

Returns
`Iterable[keys.Key]`	generator of `twisted.conch.ssh.keys.Key`

Present Since
15.0

def _lookupUser(userdb: UserDB, username: bytes) -> UserRecord: (source) ¶

Lookup a user by name in a pwd-style database.

Parameters
userdb:`UserDB`	The user database.
username:`bytes`	Identifying name in bytes. This will be decoded according to the filesystem encoding, as the `pwd` module does internally.

Returns
`UserRecord`	Undocumented

Raises
`KeyError`	when the user doesn't exist

def _pwdGetByName(username: str) -> CryptedPasswordRecord | None: (source) ¶

Look up a user in the /etc/passwd database using the pwd module. If the pwd module is not available, return None.

Parameters
username:`str`	the username of the user to return the passwd database information for.

Returns
`CryptedPasswordRecord \| None`	A `pwd.struct_passwd`, where field 1 may contain a crypted password, or `None` when the `pwd` database is unavailable.

Raises
`KeyError`	when no such user exists

def _shadowGetByName(username: str) -> CryptedPasswordRecord | None: (source) ¶

Look up a user in the /etc/shadow database using the spwd module. If it is not available, return None.

Parameters
username:`str`	the username of the user to return the shadow database information for.

Returns
`CryptedPasswordRecord \| None`	A `spwd.struct_spwd`, where field 1 may contain a crypted password, or `None` when the `spwd` database is unavailable.

Raises
`KeyError`	when no such user exists

_log = (source) ¶

Undocumented