angelos.lib.ssh.node¶
Module docstring.
-
class
angelos.lib.ssh.node.NodesServer(ioc)¶ Bases:
angelos.lib.ssh.ssh.SSHServerSSH Server for the nodes.
-
begin_auth(username)¶ Authentication has been requested by the client
This method will be called when authentication is attempted for the specified user. Applications should use this method to prepare whatever state they need to complete the authentication, such as loading in the set of authorized keys for that user. If no authentication is required for this user, this method should return False to cause the authentication to immediately succeed. Otherwise, it should return True to indicate that authentication should proceed.
If blocking operations need to be performed to prepare the state needed to complete the authentication, this method may be defined as a coroutine.
- Parameters
username (str) – The name of the user being authenticated
- Returns
A bool indicating whether authentication is required
-
session_requested()¶ Handle an incoming session request
This method is called when a session open request is received from the client, indicating it wishes to open a channel to be used for running a shell, executing a command, or connecting to a subsystem. If the application wishes to accept the session, it must override this method to return either an
SSHServerSessionobject to use to process the data received on the channel or a tuple consisting of anSSHServerChannelobject created withcreate_server_channeland anSSHServerSession, if the application wishes to pass non-default arguments when creating the channel.If blocking operations need to be performed before the session can be created, a coroutine which returns an
SSHServerSessionobject can be returned instead of the session iself. This can be either returned directly or as a part of a tuple with anSSHServerChannelobject.To reject this request, this method should return False to send back a “Session refused” response or raise a
ChannelOpenErrorexception with the reason for the failure.The details of what type of session the client wants to start will be delivered to methods on the
SSHServerSessionobject which is returned, along with other information such as environment variables, terminal type, size, and modes.By default, all session requests are rejected.
- Returns
One of the following:
An
SSHServerSessionobject or a coroutine which returns anSSHServerSessionA tuple consisting of an
SSHServerChanneland the aboveA callable or coroutine handler function which takes AsyncSSH stream objects for stdin, stdout, and stderr as arguments
A tuple consisting of an
SSHServerChanneland the aboveFalse to refuse the request
- Raises
ChannelOpenErrorif the session shouldn’t be accepted
-
validate_public_key(username, key)¶ Return whether key is an authorized client key for this user
Key based client authentication can be supported by passing authorized keys in the authorized_client_keys argument of
create_server(), or by callingset_authorized_keyson the server connection from thebegin_auth()method. However, for more flexibility in matching on the allowed set of keys, this method can be implemented by the application to do the matching itself. It should return True if the specified key is a valid client key for the user being authenticated.This method may be called multiple times with different keys provided by the client. Applications should precompute as much as possible in the
begin_auth()method so that this function can quickly return whether the key provided is in the list.If blocking operations need to be performed to determine the validity of the key, this method may be defined as a coroutine.
By default, this method returns False for all client keys.
Note
This function only needs to report whether the public key provided is a valid client key for this user. If it is, AsyncSSH will verify that the client possesses the corresponding private key before allowing the authentication to succeed.
- Parameters
username (str) – The user being authenticated
key (
SSHKeypublic key) – The public key sent by the client
- Returns
A bool indicating if the specified key is a valid client key for the user being authenticated
-