switch Transport.connect() to using a Pkey object for the host key
i suddenly realized that passing "hostkeytype" and "hostkey" as strings to
Transport.connect() was pretty silly since i went to all the effort of making
a class specifically for holding keys. so Transport.connect() now just takes
host-key argument: "hostkey" as a PKey object.
updated the demos to use PKey objects when reading the host key file, and to
use the new "hostkey" argument.
clean up pkey interface
change the pkey interface so that it's no longer possible to have a pkey
that doesn't represent a valid key. (ie: no more "blank" key objects.)
also add "get_bits" and "can_sign" methods to determine the key bit length
and whether it can sign things (contains the "private parts") respectively.
add get_username() method for remembering who you auth'd as
add get_username() method for remembering who you auth'd as. also, fix these
bugs:
* "continue" auth response counted as a failure (in server mode).
* try to import 'logging' in py22 before falling back to the fake logger,
in case they have a backported version of 'logger'
* raise the right exception when told to read a private key from a file that
isn't a private key file
* tell channels to close when the transport dies
fix encrypted private key files
the random byte padding on private key files' BER data was confusing openssh,
so switch to null-byte padding, which is slightly less secure but works with
crappy old openssh. also, enforce the mode when writing the private key
file. we really really want it to be 0600. (python seems to ignore the
mode normally.)
add dss key generation too, and fix some bugs
added the ability to generate dss keys and write private dss key files,
similar to rsa. in the process, fixed a couple of bugs with ber encoding
and writing password-encrypted key files. the key has to be padded to the
iblock size of the cipher -- it's very difficult to determine how the others
do this, so i just add random bytes to the end.
fixed the simple demo to use Transport's (host, port) constructor for
simplicity, and fixed a bug where the standard demo's DSS login wouldn't
work.
also, move the common logfile setup crap into util so all the demos can just
call that one.
can now generate rsa keys (not dss yet)
added functionality to ber to create ber streams. added some common methods
to PKey to allow dumping the key to base64 (the format used by openssh for
public key files and host key lists), and a factory for creating a key from
a private key file, and a common way to save private keys. RSAKey luckily
didn't have to change that much.
also added a factory method to RSAKey to generate a new key.
pkey no longer raises binascii.Error
catch binascii.Error in the private key decoder and convert it into an
SSHException. there's no reason people should have to care that it was a
decoding error vs. any of the other million things that could be wrong in
a corrupt key file.
fix MANIFEST.in, change version numbers to 0.9-doduo, fix LPGL notices
fixed MANIFEST.in to include the demo scripts, LICENSE, and ChangeLog.
upped everything to version 0.9-doduo.
fixed the copyright notice, and added the LGPL banner to the top of every
python file.
more docs, and password-protected key files can now be read
lots more documentation, some of it moved out of the README file, which is
now much smaller and less rambling.
repr(Transport) now reports the number of bits used in the cipher.
cleaned up BER to use util functions, and throw a proper exception (the new
BERException) on error. it doesn't ever have to be a full BER decoder, but
it can at least comb its hair and tuck in its shirt.
lots of stuff added to PKey.read_private_key_file so it can try to decode
password-protected key files. right now it only understands "DES-EDE3-CBC"
format, but this is the only format i've seen openssh make so far. if the
key is password-protected, but no password was given, a new exception
(PasswordRequiredException) is raised so an outer layer can ask for a password
and try again.
added public-key support to server mode, more docs
added public-key support to server mode (it can now verify a client signature)
and added a demo of that to the demo_server.py script (user_rsa_key). in the
process, cleaned up the API of PKey so that now it only has to know about
signing and verifying ssh2 blobs, and can be hashed and compared with other
keys (comparing & hashing only the public parts of the key). keys can also
be created from strings now too.
some more documentation and hiding private methods.
lots more documentation, and added Transport.connect()
renamed demo_host_key to demo_rsa_key. moved changelog to a separate file,
and indicated that future changelog entries should be fetched from tla.
tried to clean up "__all__" in a way that makes epydoc still work.
added lots more documentation, and renamed many methods and vars to hide
them as private non-exported API.
Transport's ModulusPack is now a static member, so it only has to be loaded
once, and can then be used by any future Transport object.
added Transport.connect(), which tries to wrap all the SSH2 negotiation and
authentication into one method. you should be able to create a Transport,
call connect(), and then create channels.
Olle Lundberg
Jeff Forcier
Robey Pointer
tehfink
Gary van der Merwe
Robey Pointer
Robey Pointer