The sshutil.server
Module¶
-
class
sshutil.server.
SSHServer
(server_ctl=None, server_socket_class=None, server_session_class=None, extra_args=None, port=None, host_key=None, debug=False)¶ Bases:
object
An ssh server
-
close
()¶
-
join
()¶ Wait on server to terminate
-
remove_socket
(serversocket)¶
-
-
class
sshutil.server.
SSHServerSession
(stream, server, extra_args, debug)¶ Bases:
object
-
close
()¶
-
is_active
()¶
-
reader_exits
()¶
-
reader_handle_data
(data)¶
-
reader_read_data
()¶ Called by reader thread if a evaluate false value is returned thread exits
-
recv
(rlen)¶
-
send
(data)¶
-
-
class
sshutil.server.
SSHServerSocket
(server_ctl, session_class, extra_args, server, newsocket, addr, debug)¶ Bases:
object
An SSH socket connection from a client
-
close
()¶
-
-
class
sshutil.server.
SSHUserPassController
(username=None, password=None)¶ Bases:
paramiko.server.ServerInterface
-
check_auth_none
(username)¶ Determine if a client may open channels with no (further) authentication.
Return
AUTH_FAILED
if the client must authenticate, orAUTH_SUCCESSFUL
if it’s okay for the client to not authenticate.The default implementation always returns
AUTH_FAILED
.Parameters: username (str) – the username of the client. Returns: AUTH_FAILED
if the authentication fails;AUTH_SUCCESSFUL
if it succeeds.Return type: int
-
check_auth_password
(username, password)¶ Determine if a given username and password supplied by the client is acceptable for use in authentication.
Return
AUTH_FAILED
if the password is not accepted,AUTH_SUCCESSFUL
if the password is accepted and completes the authentication, orAUTH_PARTIALLY_SUCCESSFUL
if your authentication is stateful, and this key is accepted for authentication, but more authentication is required. (In this latter case, get_allowed_auths will be called to report to the client what options it has for continuing the authentication.)The default implementation always returns
AUTH_FAILED
.Parameters: - username (str) – the username of the authenticating client.
- password (str) – the password given by the client.
Returns: AUTH_FAILED
if the authentication fails;AUTH_SUCCESSFUL
if it succeeds;AUTH_PARTIALLY_SUCCESSFUL
if the password auth is successful, but authentication must continue.Return type: int
-
check_channel_request
(kind, chanid)¶ Determine if a channel request of a given type will be granted, and return
OPEN_SUCCEEDED
or an error code. This method is called in server mode when the client requests a channel, after authentication is complete.If you allow channel requests (and an ssh server that didn’t would be useless), you should also override some of the channel request methods below, which are used to determine which services will be allowed on a given channel:
- check_channel_pty_request
- check_channel_shell_request
- check_channel_subsystem_request
- check_channel_window_change_request
- check_channel_x11_request
- check_channel_forward_agent_request
The
chanid
parameter is a small number that uniquely identifies the channel within a .Transport. A .Channel object is not created unless this method returnsOPEN_SUCCEEDED
– once a .Channel object is created, you can call .Channel.get_id to retrieve the channel ID.The return value should either be
OPEN_SUCCEEDED
(or0
) to allow the channel request, or one of the following error codes to reject it:OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED
OPEN_FAILED_CONNECT_FAILED
OPEN_FAILED_UNKNOWN_CHANNEL_TYPE
OPEN_FAILED_RESOURCE_SHORTAGE
The default implementation always returns
OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED
.Parameters: - kind (str) – the kind of channel the client would like to open (usually
"session"
). - chanid (int) – ID of the channel
Returns: an int success or failure code (listed above)
-
check_channel_subsystem_request
(channel, name)¶ Determine if a requested subsystem will be provided to the client on the given channel. If this method returns
True
, all future I/O through this channel will be assumed to be connected to the requested subsystem. An example of a subsystem issftp
.The default implementation checks for a subsystem handler assigned via .Transport.set_subsystem_handler. If one has been set, the handler is invoked and this method returns
True
. Otherwise it returnsFalse
.Note
Because the default implementation uses the .Transport to identify valid subsystems, you probably won’t need to override this method.
Parameters: - channel (Channel) – the .Channel the pty request arrived on.
- name (str) – name of the requested subsystem.
Returns: True
if this channel is now hooked up to the requested subsystem;False
if that subsystem can’t or won’t be provided.
-
get_allowed_auths
(username)¶ Return a list of authentication methods supported by the server. This list is sent to clients attempting to authenticate, to inform them of authentication methods that might be successful.
The “list” is actually a string of comma-separated names of types of authentication. Possible values are
"password"
,"publickey"
, and"none"
.The default implementation always returns
"password"
.Parameters: username (str) – the username requesting authentication. Returns: a comma-separated str of authentication types
-
-
sshutil.server.
from_private_key_file
(keyfile, password=None)¶ Return a private key from a file, try all the types.
-
sshutil.server.
is_sock_closed
(sock)¶ Check to see if the socket is ready for reading but nothing is there, IOW it’s closed