~jk0/nova/xs-ipv6

<?xml version="1.0" encoding="utf-8"?><!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'><html lang="en" xmlns="http://www.w3.org/1999/xhtml">

<head>

<title>Twisted Documentation: Writing a client with Twisted.Conch</title>

</head>

<h1 class="title">Writing a client with Twisted.Conch</h1>

<div class="toc"><ol><li><a href="#auto0">Introduction</a></li><li><a href="#auto1">Writing a client</a></li><li><a href="#auto2">The Transport</a></li><li><a href="#auto3">The Authorization Client</a></li><li><a href="#auto4">The Connection</a></li><li><a href="#auto5">The Channel</a></li><li><a href="#auto6">The main() function</a></li></ol></div>

<h2>Introduction<a name="auto0"/></h2>

In the original days of computing, rsh/rlogin were used to connect to

remote computers and execute commands. These commands had the problem

that the passwords and commands were sent in the clear. To solve this

problem, the SSH protocol was created. Twisted.Conch implements the

second version of this protocol.

<h2>Writing a client<a name="auto1"/></h2>

Writing a client with Conch involves sub-classing 4 classes: <code class="API"><a href="http://twistedmatrix.com/documents/10.0.0/api/twisted.conch.ssh.transport.SSHClientTransport.html" title="twisted.conch.ssh.transport.SSHClientTransport">twisted.conch.ssh.transport.SSHClientTransport</a></code>, <code class="API"><a href="http://twistedmatrix.com/documents/10.0.0/api/twisted.conch.ssh.userauth.SSHUserAuthClient.html" title="twisted.conch.ssh.userauth.SSHUserAuthClient">twisted.conch.ssh.userauth.SSHUserAuthClient</a></code>, <code class="API"><a href="http://twistedmatrix.com/documents/10.0.0/api/twisted.conch.ssh.connection.SSHConnection.html" title="twisted.conch.ssh.connection.SSHConnection">twisted.conch.ssh.connection.SSHConnection</a></code>, and <code class="API"><a href="http://twistedmatrix.com/documents/10.0.0/api/twisted.conch.ssh.channel.SSHChannel.html" title="twisted.conch.ssh.channel.SSHChannel">twisted.conch.ssh.channel.SSHChannel</a></code>. We'll start out

with <code class="python">SSHClientTransport</code> because it's the base

of the client.

<h2>The Transport<a name="auto2"/></h2>

<pre class="python"> 1

from twisted.conch import error

from twisted.conch.ssh import transport

from twisted.internet import defer

class ClientTransport(transport.SSHClientTransport):

def verifyHostKey(self, pubKey, fingerprint):

if fingerprint != 'b1:94:6a:c9:24:92:d2:34:7c:62:35:b4:d2:61:11:84':

return defer.fail(error.ConchError('bad key'))

else:

return defer.succeed(1)

def connectionSecure(self):

self.requestService(ClientUserAuth('user', ClientConnection()))

</pre>

See how easy it is? <code class="python">SSHClientTransport</code>

handles the negotiation of encryption and the verification of keys

for you. The one security element that you as a client writer need to

implement is <code class="python">verifyHostKey()</code>. This method

is called with two strings: the public key sent by the server and its

fingerprint. You should verify the host key the server sends, either

by checking against a hard-coded value as in the example, or by asking

the user. <code class="python">verifyHostKey</code> returns a <code class="API"><a href="http://twistedmatrix.com/documents/10.0.0/api/twisted.internet.defer.Deferred.html" title="twisted.internet.defer.Deferred">twisted.internet.defer.Deferred</a></code> which gets a callback

if the host key is valid, or an errback if it is not. Note that in the

above, replace 'user' with the username you're attempting to ssh with,

for instance a call to <code class="python">os.getlogin()</code> for the

current user.

The second method you need to implement is <code class="python">connectionSecure()</code>. It is called when the

encryption is set up and other services can be run. The example requests

that the <code class="python">ClientUserAuth</code> service be started.

This service will be discussed next.

<h2>The Authorization Client<a name="auto3"/></h2>

<pre class="python"> 1

100

101

102

103

104

105

106

107

108

109

110

111

from twisted.conch.ssh import keys, userauth

112

113

# these are the public/private keys from test_conch

114

115

publicKey = 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAGEArzJx8OYOnJmzf4tfBEvLi8DVPrJ3\

116

/c9k2I/Az64fxjHf9imyRJbixtQhlH9lfNjUIx+4LmrJH5QNRsFporcHDKOTwTTYLh5KmRpslkYHR\

117

ivcJSkbh/C+BR3utDS555mV'

118

119

privateKey = """-----BEGIN RSA PRIVATE KEY-----

120

MIIByAIBAAJhAK8ycfDmDpyZs3+LXwRLy4vA1T6yd/3PZNiPwM+uH8Yx3/YpskSW

121

4sbUIZR/ZXzY1CMfuC5qyR+UDUbBaaK3Bwyjk8E02C4eSpkabJZGB0Yr3CUpG4fw

122

vgUd7rQ0ueeZlQIBIwJgbh+1VZfr7WftK5lu7MHtqE1S1vPWZQYE3+VUn8yJADyb

123

Z4fsZaCrzW9lkIqXkE3GIY+ojdhZhkO1gbG0118sIgphwSWKRxK0mvh6ERxKqIt1

124

xJEJO74EykXZV4oNJ8sjAjEA3J9r2ZghVhGN6V8DnQrTk24Td0E8hU8AcP0FVP+8

125

PQm/g/aXf2QQkQT+omdHVEJrAjEAy0pL0EBH6EVS98evDCBtQw22OZT52qXlAwZ2

126

gyTriKFVoqjeEjt3SZKKqXHSApP/AjBLpF99zcJJZRq2abgYlf9lv1chkrWqDHUu

127

DZttmYJeEfiFBBavVYIF1dOlZT0G8jMCMBc7sOSZodFnAiryP+Qg9otSBjJ3bQML

128

pSTqy7c3a2AScC/YyOwkDaICHnnD3XyjMwIxALRzl0tQEKMXs6hH8ToUdlLROCrP

129

EhQ0wahUTCk1gKA4uPD6TMTChavbh4K63OvbKg==

130

-----END RSA PRIVATE KEY-----"""

131

132

class ClientUserAuth(userauth.SSHUserAuthClient):

133

134

def getPassword(self, prompt = None):

135

return

136

# this says we won't do password authentication

137

138

def getPublicKey(self):

139

return keys.getPublicKeyString(data = publicKey)

140

141

def getPrivateKey(self):

142

return defer.succeed(keys.getPrivateKeyObject(data = privateKey))

143

</pre>

144

145

Again, fairly simple. The <code class="python">SSHUserAuthClient</code> takes care of most

146

of the work, but the actual authentication data needs to be

147

supplied. <code class="python">getPassword()</code> asks for a

148

password, <code class="python">getPublicKey()</code> and <code class="python">getPrivateKey()</code> get public and private keys,

149

respectively. <code class="python">getPassword()</code> returns

150

a <code class="python">Deferred</code> that is called back with

151

the password to use. <code class="python">getPublicKey()</code>

152

returns the SSH key data for the public key to use. <code class="python">keys.getPublicKeyString()</code> will take

153

keys in OpenSSH and LSH format, and convert them to the

154

required format. <code class="python">getPrivateKey()</code>

155

returns a <code class="python">Deferred</code> which is

156

called back with the key object (as used in PyCrypto) for

157

the private key. <code class="python">getPassword()</code>

158

and <code class="python">getPrivateKey()</code> return <code class="python">Deferreds</code> because they may need to ask the user

159

for input.

160

161

Once the authentication is complete, <code class="python">SSHUserAuthClient</code> takes care of starting the code

162

<code class="python">SSHConnection</code> object given to it. Next, we'll

163

look at how to use the <code class="python">SSHConnection</code>

164

165

<h2>The Connection<a name="auto4"/></h2>

166

167

<pre class="python">1

168

169

170

171

172

173

174

175

class ClientConnection(connection.SSHConnection):

176

177

def serviceStarted(self):

178

self.openChannel(CatChannel(conn = self))

179

</pre>

180

181

<code class="python">SSHConnection</code> is the easiest,

182

as it's only responsible for starting the channels. It has

183

other methods, those will be examined when we look at <code class="python">SSHChannel</code>.

184

185

<h2>The Channel<a name="auto5"/></h2>

186

187

<pre class="python"> 1

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

from twisted.conch.ssh import channel, common

210

211

class CatChannel(channel.SSHChannel):

212

213

name = 'session'

214

215

def channelOpen(self, data):

216

d = self.conn.sendRequest(self, 'exec', common.NS('cat'),

217

wantReply = 1)

218

d.addCallback(self._cbSendRequest)

219

self.catData = ''

220

221

def _cbSendRequest(self, ignored):

222

self.write('This data will be echoed back to us by "cat."\r\n')

223

self.conn.sendEOF(self)

224

self.loseConnection()

225

226

def dataReceived(self, data):

227

self.catData += data

228

229

def closed(self):

230

print 'We got this from "cat":', self.catData

231

</pre>

232

233

Now that we've spent all this time getting the server and

234

client connected, here is where that work pays off. <code class="python">SSHChannel</code> is the interface between you and the

235

other side. This particular channel opens a session and plays with the

236

'cat' program, but your channel can implement anything, so long as the

237

server supports it.

238

239

The <code class="python">channelOpen()</code> method is

240

where everything gets started. It gets passed a chunk of data;

241

however, this chunk is usually nothing and can be ignored.

242

Our <code class="python">channelOpen()</code> initializes our

243

channel, and sends a request to the other side, using the

244

<code class="python">sendRequest()</code> method of the <code class="python">SSHConnection</code> object. Requests are used to send

245

events to the other side. We pass the method self so that it knows to

246

send the request for this channel. The 2nd argument of 'exec' tells the

247

server that we want to execute a command. The third argument is the data

248

that accompanies the request. <code class="API"><a href="http://twistedmatrix.com/documents/10.0.0/api/common.NS.html" title="common.NS">common.NS</a></code> encodes

249

the data as a length-prefixed string, which is how the server expects

250

the data. We also say that we want a reply saying that the process has a

251

been started. <code class="python">sendRequest()</code> then returns a

252

<code class="python">Deferred</code> which we add a callback for.

253

254

Once the callback fires, we send the data. <code class="python">SSHChannel</code> supports the <code class="API"><a href="http://twistedmatrix.com/documents/10.0.0/api/

255

.html" title="

256

257

twisted.internet.interface.Transport</a></code> interface, so

258

it can be given to Protocols to run them over the secure

259

connection. In our case, we just write the data directly. <code class="python">sendEOF()</code> does not follow the interface,

260

but Conch uses it to tell the other side that we will write no

261

more data. <code class="python">loseConnection()</code> shuts

262

down our side of the connection, but we will still receive data

263

through <code class="python">dataReceived()</code>. The <code class="python">closed()</code> method is called when both sides of the

264

connection are closed, and we use it to display the data we received

265

(which should be the same as the data we sent.)

266

267

Finally, let's actually invoke the code we've set up.

268

269

<h2>The main() function<a name="auto6"/></h2>

270

<pre class="python"> 1

271

272

273

274

275

276

277

278

279

280

from twisted.internet import protocol, reactor

281

282

def main():

283

factory = protocol.ClientFactory()

284

factory.protocol = ClientTransport

285

reactor.connectTCP('localhost', 22, factory)

286

reactor.run()

287

288

if __name__ == "__main__":

289

main()

290

</pre>

291

292

We call <code class="python">connectTCP()</code> to connect to

293

localhost, port 22 (the standard port for ssh), and pass it an instance

294

of <code class="API"><a href="http://twistedmatrix.com/documents/10.0.0/api/twisted.internet.protocol.ClientFactory.html" title="twisted.internet.protocol.ClientFactory">twisted.internet.protocol.ClientFactory</a></code>.

295

This instance has the attribute <code class="python">protocol</code>

296

set to our earlier <code class="python">ClientTransport</code>

297

class. Note that the protocol attribute is set to the class <code class="python">ClientTransport</code>, not an instance of

298

<code class="python">ClientTransport</code>! When the <code class="python">connectTCP</code> call completes, the protocol will be

299

called to create a <code class="python">ClientTransport()</code> object

300

- this then invokes all our previous work.

301

302

It's worth noting that in the example <code class="python">main()</code>

303

routine, the <code class="python">reactor.run()</code> call never returns.

304

If you want to make the program exit, call

305

<code class="python">reactor.stop()</code> in the earlier

306

<code class="python">closed()</code> method.

307

308

If you wish to observe the interactions in more detail, adding a call

309

to <code class="python">log.startLogging(sys.stdout, setStdout=0)</code>

310

before the <code class="python">reactor.run()</code> call will send all

311

logging to stdout.

312

313

</div>

314

315

<a href="index.html">Index</a>

316

Version: 10.0.0

317

</body>

318

</html>

b'\\ No newline at end of file'

Older »