stackoom
  简体   繁体   中英

twisted conch, overriding authentication

 原文  2011-03-06 15:54:00       python/ ssh/ twisted

Question

I have been trying to override the default authentication scheme in a twisted conch module. Something that I thought I understood how to do. The script itself is the answer to this question. I am subclassing SSHUserAuthClient in the following way: 

class ClientUserAuth(SSHUserAuthClient):
    def getPassword(self, prompt = None):
        return defer.succeed("*****")

and I am obviously replacing the SSHUserAuthClient call with a call to my class in the script. For reasons I can't understand the script is not executing the getPassword method in my class but the superclass getPassword method. Does anyone know what I am doing wrong? The only other change to the script I made is I added the following module import 

from twisted.internet import defer

Thanks!

EDIT: Strangely the subclass method getPublicKey is being called correctly. It is just the getPassword method that is acting weird.

2 answers

solution1
 3 ACCPTED  2011-03-06 23:20:31

You're probably actually seeing keyboard-interactive authentication taking place. This is like password authentication, but separate. The reason you see different behavior between Linux and OS X is just that your Linux and OS X SSH servers are configured differently.

Override getGenericAnswers to handle this one.

solution2
 3  2011-09-06 20:42:11

Some additional details of how to implement a keyboard-interactive authentication.

I thought I had this working the first time, but my server sends two interactive requests. The first requests contains a prompt = [('Password: ', False)] .
The second contains an empty prompt = []

The code below works with every server I've tested so far (Redhat, Ubuntu, OpenSUSE)

from twisted.conch.ssh import keys, userauth 

 class ClientUserAuth(userauth.SSHUserAuthClient): def getPassword(self, prompt = None): #normal password authentication print "PASSWORD AUTH" return defer.succeed('*****') # <-- YOUR PASSWORD def getGenericAnswers(self, name, instruction, prompts): #interactive password authentication print "INTERACTIVE AUTH" response = ['']*len(prompts) for i, p in enumerate(prompts): try: if('password' in p[0].lower()): response[i] = '*****' # <-- YOUR PASSWORD except: pass #The response is always a sequence, and the length of it is always #identical to the length of prompts return defer.succeed(response)

Enabling Logging in Twisted was helpful for debugging what Conch was doing under the hood as well. 

from twisted.python import log
log.msg('Started Logging for A Conch Program')
log.startLogging(sys.stdout)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Twisted Conch - Flow control twisted conch filetransfer Twisted Conch - Server/Client Twisted Conch Packet Integrity Error Python Twisted: twisted conch filetransfer verifyHostKey Twisted Conch MockSSH: implement 'stty -echo' Error while connecting via ssh with Twisted Conch Python SSH server (twisted.conch) command filtering and port forwarding Python SSH Server(twisted.conch) change the password prompt Python Twisted Conch - How to stop Reactor with multiple Connections?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM