Hi Paul, Thanks for that quick response!
On Thu, Jan 20, 2011 at 1:06 AM, Paul Swartz <[email protected]> wrote: > On Wed, Jan 19, 2011 at 6:55 PM, Saúl Ibarra Corretgé <[email protected]> > wrote: >> Hi all, >> >> I'm experiencing something weird while writing a simple SSH server, >> and I wonder if anyone did run into this before: >> >> On every snippet I see around regarding public key authentication, the >> signature is checked as follows: >> >> # if not credentials.signature: >> # return failure.Failure(ValidPublicKey()) >> # try: >> # public_key = keys.Key.fromString(data=credentials.blob) >> # except (keys.BadKeyError, keys.EncryptedKeyError): >> # return failure.Failure(ConchError("Public key error")) > > If it's not continuing, that's a problem with the other side. What > happens with the SSH protocol is: > > C: sends a message asking 'if this public key okay?' without sending > any signed data > S: says either "no it's not valid for this account" or "yes it is > valid, please prove you have the private key" > C: if yes, sign some data and send the signature; otherwise try a > different key or different authentication mechanism > > The 'if not credentials.signature: return > failure.Failure(ValidPublicKey())' code is how the server tells the > client it's a valid key, but needs to prove it also has the public > key. > My test was done wrong, my bad :-S I tested again and finally found the issue: I'm searching for the user's key in a DB and errors are handled in a errback. So ValidPublicKey was also handled there, incorrectly. I fixed it by doing the following: def _got_keys_error(self, error, credentials): if not error.check(ValidPublicKey): return failure.Failure(ConchError(error.getErrorMessage())) So now it does work :-) Thanks and regards, -- /Saúl http://saghul.net | http://sipdoc.net _______________________________________________ Twisted-Python mailing list [email protected] http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
