This module provides GSS-API / SSPI authentication as defined in RFC 4462.
Note
Credential delegation is not supported in server mode.
See also
New in version 1.15.
Provide SSH2 GSS-API / SSPI authentication.
Parameters: | |
---|---|
Returns: | Either an _SSH_GSSAPI (Unix) object or an _SSH_SSPI (Windows) object |
Return type: | Object |
Raises ImportError: | |
If no GSS-API / SSPI module could be imported. |
|
See: | |
Note: | Check for the available API and return either an _SSH_GSSAPI (MIT GSSAPI) object or an _SSH_SSPI (MS SSPI) object. If you get python-gssapi working on Windows, python-gssapi will be used and a _SSH_GSSAPI object will be returned. If there is no supported API available, None will be returned. |
Contains the shared variables and methods of _SSH_GSSAPI and _SSH_SSPI.
Parameters: |
---|
This is just a setter to use a non default service. I added this method, because RFC 4462 doesn’t specify “ssh-connection” as the only service value.
Parameters: | service (str) – The desired SSH service |
---|---|
Return type: | Void |
Setter for C{username}. If GSS-API Key Exchange is performed, the username is not set by C{ssh_init_sec_context}.
Parameters: | username (str) – The name of the user who attempts to login |
---|---|
Return type: | Void |
This method returns a single OID, because we only support the Kerberos V5 mechanism.
Parameters: | mode (str) – Client for client mode and server for server mode |
---|---|
Returns: | A byte sequence containing the number of supported OIDs, the length of the OID and the actual OID encoded with DER |
Return type: | Bytes |
Note: | In server mode we just return the OID length and the DER encoded OID. |
Check if the given OID is the Kerberos V5 OID (server mode).
Parameters: | desired_mech (str) – The desired GSS-API mechanism of the client |
---|---|
Returns: | True if the given OID is supported, otherwise C{False} |
Return type: | Boolean |
list of weak references to the object (if defined)
Implementation of the GSS-API MIT Kerberos Authentication for SSH2.
See: | GSSAuth |
---|
Parameters: |
---|
Initialize a GSS-API context.
Parameters: |
|
---|---|
Raises SSHException: | |
Is raised if the desired mechanism of the client is not supported |
|
Returns: | A String if the GSS-API has returned a token or None if no token was returned |
Return type: | String or None |
Create the MIC token for a SSH2 message.
Parameters: | |
---|---|
Returns: | gssapi-with-mic: Returns the MIC token from GSS-API for the message we created with _ssh_build_mic. gssapi-keyex: Returns the MIC token from GSS-API with the SSH session ID as message. |
Return type: | String |
See: | _ssh_build_mic |
Accept a GSS-API context (server mode).
Parameters: | |
---|---|
Returns: | A String if the GSS-API has returned a token or None if no token was returned |
Return type: | String or None |
Verify the MIC token for a SSH2 message.
Parameters: | |
---|---|
Returns: | 0 if the MIC check was successful and 1 if it fails |
Return type: | int |
Checks if credentials are delegated (server mode).
Returns: | True if credentials are delegated, otherwise False |
---|---|
Return type: | bool |
Save the Client token in a file. This is used by the SSH server to store the client credentials if credentials are delegated (server mode).
Parameters: | client_token (str) – The GSS-API token received form the client |
---|---|
Raises NotImplementedError: | |
Credential delegation is currently not supported in server mode |
Implementation of the Microsoft SSPI Kerberos Authentication for SSH2.
See: | GSSAuth |
---|
Parameters: |
---|
Initialize a SSPI context.
Parameters: | |
---|---|
Raises SSHException: | |
Is raised if the desired mechanism of the client is not supported |
|
Returns: | A String if the SSPI has returned a token or None if no token was returned |
Return type: | String or None |
Create the MIC token for a SSH2 message.
Parameters: | |
---|---|
Returns: | gssapi-with-mic: Returns the MIC token from SSPI for the message we created with _ssh_build_mic. gssapi-keyex: Returns the MIC token from SSPI with the SSH session ID as message. |
Return type: | String |
See: | _ssh_build_mic |
Accept a SSPI context (server mode).
Parameters: | |
---|---|
Returns: | A String if the SSPI has returned a token or None if no token was returned |
Return type: | String or None |
Verify the MIC token for a SSH2 message.
Parameters: | |
---|---|
Returns: | 0 if the MIC check was successful |
Return type: | int |
Checks if credentials are delegated (server mode).
Returns: | True if credentials are delegated, otherwise False |
---|---|
Return type: | Boolean |
Save the Client token in a file. This is used by the SSH server to store the client credentails if credentials are delegated (server mode).
Parameters: | client_token (str) – The SSPI token received form the client |
---|---|
Raises NotImplementedError: | |
Credential delegation is currently not supported in server mode |