0

I playing around with the sftp example from here: Stackoverflow: twisted conch filetransfer

I am using this here to connect. So I can use a key from a string instead of a password or the keys in ~/.shh. Now I want to deliver a hostkey or a fingerprint from a hostkey to avoid to prompt the user to verify the hostkey

def sftp(user, host, port, key, hostkey):
    options = ClientOptions()
    options['key'] = keys.Key.fromString(key.strip()).keyObject
    options['host'] = host
    options['port'] = port
    conn = SFTPConnection()
    conn._sftp = Deferred()
    auth = SSHUserAuthClient(user, options, conn)
    connect(host, port, options, verifyHostKey, auth)
    return conn._sftp

I tried to give some arguments to verifyHostkey, as you can read in it's source the param fingerprint is not used and I haven't found a valid value for transport.

def verifyHostKey(transport, host, pubKey, fingerprint):
     """        
     Verify a host's key.
     ....

Any ideas how I can omit the user to be prompted to verify a hostkey without writing the hostkey to ~/.shh/known_hosts?

Okay, I have wrote a function based on the answer of Jean-Paul Calderone. I is quite naive but does it job nice. The goal was to omit the need for an known-host file. I want all the keys only to live in memory.

def verifyHostKey(transport, host, pubKey, fingerprint):
    keytype, key = transport.factory.options['hostkey'].split(" ")[1:]
    hostkey = keytype + " " + key
    key = Key.fromString(hostkey)
    if key.fingerprint() == fingerprint:
       return succeed(True)
    else:
       raise BadKeyError
Community
  • 1
  • 1
daccle
  • 207
  • 3
  • 8

1 Answers1

3

I tried to give some arguments to verifyHostkey

Are you saying you tried calling verifyHostKey yourself? It sounds like that's not going to help you avoid prompting the user for unknown host keys. Instead, you want to pass a different function for that parameter to connect. Instead of using the verifyHostKey function supplied by twisted.conch.client.default, use one something like this:

from twisted.internet.defer import succeed

def verifyHostKey(transport, host, pubKey, fingerprint):
    return succeed(True)

Or, if you want to implement your own checking, not just accept any host key, define a function that has that checking in it. Return a Deferred, and if the check succeeds, fire that Deferred with True. If the check fails, fire it with False.

Jean-Paul Calderone
  • 47,755
  • 6
  • 94
  • 122