Python Twisted: twisted conch filetransfer verifyHostKey
I playing around with the sftp example from here: Stackoverflow: twisted conch filetransfer
I am using this here to connect. So I can use a key from a string instead of a password or the keys in ~/.shh. Now I want to deliver a hostkey or a fingerprint from a hostkey to avoid to prompt the user to verify the hostkey
def sftp(user, host, port, key, hostkey):
options = ClientOptions()
options['key'] = keys.Key.fromString(key.strip()).keyObject
options['host'] = host
options['port'] = port
conn = SFTPConnection()
conn._sftp = Deferred()
auth = SSHUserAuthClient(user, options, conn)
connect(host, port, options, verifyHostKey, auth)
return conn._sftp
I tried to give some arguments to verifyHostkey, as you can read in it's source the param fingerprint is not used and I haven't found a valid value for transport.
def verifyHostKey(transport, host, pubKey, fingerprint):
"""
Verify a host's key.
....
Any ideas how I can omit the user to be prompted to verify a hostkey without writing the hostkey to ~/.shh/known_hosts?
Okay, I have wrote a function based on the answer of Jean-Paul Calderone. I is quite naive but does it job nice. The goal was to omit the need for an known-host file. I want all the keys only to live in memory.
def verifyHostKey(transport, host, pubKey, fingerprint):
keytype, key = transport.factory.options['hostkey'].split(" ")[1:]
hostkey = keytype + " 开发者_开发百科" + key
key = Key.fromString(hostkey)
if key.fingerprint() == fingerprint:
return succeed(True)
else:
raise BadKeyError
I tried to give some arguments to verifyHostkey
Are you saying you tried calling verifyHostKey
yourself? It sounds like that's not going to help you avoid prompting the user for unknown host keys. Instead, you want to pass a different function for that parameter to connect
. Instead of using the verifyHostKey
function supplied by twisted.conch.client.default
, use one something like this:
from twisted.internet.defer import succeed
def verifyHostKey(transport, host, pubKey, fingerprint):
return succeed(True)
Or, if you want to implement your own checking, not just accept any host key, define a function that has that checking in it. Return a Deferred, and if the check succeeds, fire that Deferred with True. If the check fails, fire it with False.
精彩评论