Hello! I'm trying to implement the example in the Conch tutorial ( http://twistedmatrix.com/projects/conch/documentation/howto/conch_client.htm...). with some modifications.
I want to do the following:
1) Connect to a remote machine using a private key (no password) without knowing the public key 2) Transfer over some files 3) Issue a series of non-interactive commands (to fire up the scripts I transferred over) 4) Close the connection
Step 2) I can easily do with a single non-interactive subprocess.Popen() call to SCP; if there was a way to do it in pure Twisted-Python that would be great, but i'm not too worried about that.
Step 1) Is really bugging me here; I can't seem to strip the need for foreknowledge of the public key from the script. I can't easily programmatically access that information in my use case. I do however have ready access to the private key and fingerprint for verification. My modified tutorial scripts just vomit.
Step 3) Is a just a little annoying; The provided tutorial only issues one command and reads the stdout. I don't care about stdout in my use-case, but i do care about issuing a series of commands. i could just issue one long command with the indivudal subcommands seperated by semicolons (cat blah; start-script myscript; [etc]) but i'm wondering for curiosity/cleanliness' sake if there's a way of seperating the commands.
Any help would be much appreciated =]
Regards,
Pumpkin
On Wed, Jul 23, 2008 at 01:39:19AM -0700, Pump Kin wrote:
Step 1) Is really bugging me here; I can't seem to strip the need for foreknowledge of the public key from the script. I can't easily programmatically access that information in my use case. I do however have ready access to the private key and fingerprint for verification. My modified tutorial scripts just vomit.
I had the same problem. Some new key management features have been added to Conch recently, so you now only need the private key:
class ClientUserAuth(userauth.SSHUserAuthClient): def getPassword(self, prompt=None): return # this says we won't do password authentication
def getPublicKey(self): return self.__getKey().public().blob()
def getPrivateKey(self): return defer.succeed(self.__getKey().keyObject)
def __getKey(self): return keys.Key.fromString(data= """-----BEGIN RSA PRIVATE KEY----- ... etc... """)
(Although I still get a deprecation warning about signData if I do this..)
On Wed, Jul 23, 2008 at 6:00 AM, Jack Whitham jack-tp@cs.york.ac.uk wrote:
On Wed, Jul 23, 2008 at 01:39:19AM -0700, Pump Kin wrote:
Step 1) Is really bugging me here; I can't seem to strip the need for foreknowledge of the public key from the script. I can't easily programmatically access that information in my use case. I do however have ready access to the private key and fingerprint for verification. My modified tutorial scripts just vomit.
I had the same problem. Some new key management features have been added to Conch recently, so you now only need the private key:
class ClientUserAuth(userauth.SSHUserAuthClient): def getPrivateKey(self): return defer.succeed(self.__getKey().keyObject)
(Although I still get a deprecation warning about signData if I do this..)
You're getting the deprecation warning because you're not calling back the Deferred with a Key object; you're calling it back with a PyCrypto key object (that's what .keyObject is)
-p
On Thu, Jul 31, 2008 at 11:19:53AM -0400, Paul Swartz wrote:
On Wed, Jul 23, 2008 at 6:00 AM, Jack Whitham jack-tp@cs.york.ac.uk wrote:
On Wed, Jul 23, 2008 at 01:39:19AM -0700, Pump Kin wrote:
Step 1) Is really bugging me here; I can't seem to strip the need for foreknowledge of the public key from the script. I can't easily programmatically access that information in my use case. I do however have ready access to the private key and fingerprint for verification. My modified tutorial scripts just vomit.
I had the same problem. Some new key management features have been added to Conch recently, so you now only need the private key:
class ClientUserAuth(userauth.SSHUserAuthClient): def getPrivateKey(self): return defer.succeed(self.__getKey().keyObject)
(Although I still get a deprecation warning about signData if I do this..)
You're getting the deprecation warning because you're not calling back the Deferred with a Key object; you're calling it back with a PyCrypto key object (that's what .keyObject is)
Thanks, but this does not fix it. The deprecation warning is:
/usr/lib/python2.5/site-packages/twisted/conch/ssh/userauth.py:376: DeprecationWarning: signData is deprecated since Twisted Conch 0.9. Use Key(obj).sign(data). return keys.signData(privateKey, signData)
I still get this warning even if I change my code to remove ".keyObject" but authentication no longer works if I do that. It looks like this is actually a bug in my copy of userauth.py (although it is not a serious problem - just a deprecation warning). I could get around the problem by reimplementing the signData method in SSHUserAuthClient. I am using version 8.1.0 as distributed by Debian, i.e. http://packages.debian.org/lenny/python-twisted-conch
-
Jack Whitham -
Paul Swartz -
Pump Kin