The `sshutil.server` Module¶

class sshutil.server.SSHServer(server_ctl=None, server_socket_class=None, server_session_class=None, extra_args=None, port=None, host_key=None, debug=False)¶

Bases: object

An ssh server

close()¶

join()¶: Wait on server to terminate

remove_socket(serversocket)¶

class sshutil.server.SSHServerSession(stream, server, extra_args, debug)¶

Bases: object

close()¶

is_active()¶

reader_exits()¶

reader_handle_data(data)¶

reader_read_data()¶: Called by reader thread if a evaluate false value is returned thread exits

recv(rlen)¶

send(data)¶

class sshutil.server.SSHServerSocket(server_ctl, session_class, extra_args, server, newsocket, addr, debug)¶

Bases: object

An SSH socket connection from a client

close()¶

class sshutil.server.SSHUserPassController(username=None, password=None)¶

Bases: paramiko.server.ServerInterface

check_auth_none(username)¶

Determine if a client may open channels with no (further) authentication.

Return AUTH_FAILED if the client must authenticate, or AUTH_SUCCESSFUL if it’s okay for the client to not authenticate.

The default implementation always returns AUTH_FAILED.

Parameters:	username (str) – the username of the client.
Returns:	`AUTH_FAILED` if the authentication fails; `AUTH_SUCCESSFUL` if it succeeds.
Return type:	int

check_auth_password(username, password)¶

Determine if a given username and password supplied by the client is acceptable for use in authentication.

Return AUTH_FAILED if the password is not accepted, AUTH_SUCCESSFUL if the password is accepted and completes the authentication, or AUTH_PARTIALLY_SUCCESSFUL if your authentication is stateful, and this key is accepted for authentication, but more authentication is required. (In this latter case, get_allowed_auths will be called to report to the client what options it has for continuing the authentication.)

The default implementation always returns AUTH_FAILED.

Parameters:	username (str) – the username of the authenticating client. password (str) – the password given by the client.
Returns:	`AUTH_FAILED` if the authentication fails; `AUTH_SUCCESSFUL` if it succeeds; `AUTH_PARTIALLY_SUCCESSFUL` if the password auth is successful, but authentication must continue.
Return type:	int

check_channel_request(kind, chanid)¶

Determine if a channel request of a given type will be granted, and return OPEN_SUCCEEDED or an error code. This method is called in server mode when the client requests a channel, after authentication is complete.

If you allow channel requests (and an ssh server that didn’t would be useless), you should also override some of the channel request methods below, which are used to determine which services will be allowed on a given channel:

check_channel_pty_request

check_channel_shell_request

check_channel_subsystem_request

check_channel_window_change_request

check_channel_x11_request

check_channel_forward_agent_request

The chanid parameter is a small number that uniquely identifies the channel within a .Transport. A .Channel object is not created unless this method returns OPEN_SUCCEEDED – once a .Channel object is created, you can call .Channel.get_id to retrieve the channel ID.

The return value should either be OPEN_SUCCEEDED (or 0) to allow the channel request, or one of the following error codes to reject it:

OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED

OPEN_FAILED_CONNECT_FAILED

OPEN_FAILED_UNKNOWN_CHANNEL_TYPE

OPEN_FAILED_RESOURCE_SHORTAGE

The default implementation always returns OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED.

Parameters:	kind (str) – the kind of channel the client would like to open (usually `"session"`). chanid (int) – ID of the channel
Returns:	an int success or failure code (listed above)

check_channel_subsystem_request(channel, name)¶

Determine if a requested subsystem will be provided to the client on the given channel. If this method returns True, all future I/O through this channel will be assumed to be connected to the requested subsystem. An example of a subsystem is sftp.

The default implementation checks for a subsystem handler assigned via .Transport.set_subsystem_handler. If one has been set, the handler is invoked and this method returns True. Otherwise it returns False.

Note

Because the default implementation uses the .Transport to identify valid subsystems, you probably won’t need to override this method.

Parameters:	channel (Channel) – the .Channel the pty request arrived on. name (str) – name of the requested subsystem.
Returns:	`True` if this channel is now hooked up to the requested subsystem; `False` if that subsystem can’t or won’t be provided.

get_allowed_auths(username)¶

Return a list of authentication methods supported by the server. This list is sent to clients attempting to authenticate, to inform them of authentication methods that might be successful.

The “list” is actually a string of comma-separated names of types of authentication. Possible values are "password", "publickey", and "none".

The default implementation always returns "password".

Parameters:	username (str) – the username requesting authentication.
Returns:	a comma-separated str of authentication types

sshutil.server.from_private_key_file(keyfile, password=None)¶: Return a private key from a file, try all the types.

sshutil.server.is_sock_closed(sock)¶: Check to see if the socket is ready for reading but nothing is there, IOW it’s closed

The sshutil.server Module¶

The `sshutil.server` Module¶