app.contacts.tunnels namespace
Submodules
app.contacts.tunnels.tunnel_ssh module
- class app.contacts.tunnels.tunnel_ssh.SSHServerTunnel(services, user_name, user_password)
Bases:
SSHServer
- begin_auth(username)
Authentication has been requested by the client
This method will be called when authentication is attempted for the specified user. Applications should use this method to prepare whatever state they need to complete the authentication, such as loading in the set of authorized keys for that user. If no authentication is required for this user, this method should return False to cause the authentication to immediately succeed. Otherwise, it should return True to indicate that authentication should proceed.
If blocking operations need to be performed to prepare the state needed to complete the authentication, this method may be defined as a coroutine.
- Parameters:
username (str) – The name of the user being authenticated
- Returns:
A bool indicating whether authentication is required
- connection_lost(exc)
Called when a connection is lost or closed
This method is called when a connection is closed. If the connection is shut down cleanly, exc will be None. Otherwise, it will be an exception explaining the reason for the disconnect.
- connection_made(conn)
Called when a connection is made
This method is called when a new TCP connection is accepted. The conn parameter should be stored if needed for later use.
- Parameters:
conn (
SSHServerConnection
) – The connection which was successfully opened
- connection_requested(dest_host, dest_port, orig_host, orig_port)
Handle a direct TCP/IP connection request
This method is called when a direct TCP/IP connection request is received by the server. Applications wishing to accept such connections must override this method.
To allow standard port forwarding of data on the connection to the requested destination host and port, this method should return True.
To reject this request, this method should return False to send back a “Connection refused” response or raise an
ChannelOpenError
exception with the reason for the failure.If the application wishes to process the data on the connection itself, this method should return either an
SSHTCPSession
object which can be used to process the data received on the channel or a tuple consisting of of anSSHTCPChannel
object created withcreate_tcp_channel()
and anSSHTCPSession
, if the application wishes to pass non-default arguments when creating the channel.If blocking operations need to be performed before the session can be created, a coroutine which returns an
SSHTCPSession
object can be returned instead of the session itself. This can be either returned directly or as a part of a tuple with anSSHTCPChannel
object.By default, all connection requests are rejected.
- Parameters:
dest_host (str) – The address the client wishes to connect to
dest_port (int) – The port the client wishes to connect to
orig_host (str) – The address the connection was originated from
orig_port (int) – The port the connection was originated from
- Returns:
One of the following:
An
SSHTCPSession
object or a coroutine which returns anSSHTCPSession
A tuple consisting of an
SSHTCPChannel
and the aboveA callable or coroutine handler function which takes AsyncSSH stream objects for reading from and writing to the connection
A tuple consisting of an
SSHTCPChannel
and the aboveTrue to request standard port forwarding
False to refuse the connection
- Raises:
ChannelOpenError
if the connection shouldn’t be accepted
- password_auth_supported()
Return whether or not password authentication is supported
This method should return True if password authentication is supported. Applications wishing to support it must have this method return True and implement
validate_password()
to return whether or not the password provided by the client is valid for the user being authenticated.By default, this method returns False indicating that password authentication is not supported.
- Returns:
A bool indicating if password authentication is supported or not
- validate_password(username, password)
Return whether password is valid for this user
This method should return True if the specified password is a valid password for the user being authenticated. It must be overridden by applications wishing to support password authentication.
If the password provided is valid but expired, this method may raise
PasswordChangeRequired
to request that the client provide a new password before authentication is allowed to complete. In this case, the application must overridechange_password()
to handle the password change request.This method may be called multiple times with different passwords provided by the client. Applications may wish to limit the number of attempts which are allowed. This can be done by having
password_auth_supported()
begin returning False after the maximum number of attempts is exceeded.If blocking operations need to be performed to determine the validity of the password, this method may be defined as a coroutine.
By default, this method returns False for all passwords.
- Parameters:
username (str) – The user being authenticated
password (str) – The password sent by the client
- Returns:
A bool indicating if the specified password is valid for the user being authenticated
- Raises:
PasswordChangeRequired
if the password provided is expired and needs to be changed