SSHDaemon Class
Properties Methods Events Configuration Settings Errors
The SSHDaemon class is used to create Secure Shell (SSH) servers. The class handles multiple simultaneous connections on the same TCP/IP port (service port). It is designed to balance the load between connections for a fast, powerful server.
Syntax
class ipworksssh.SSHDaemon
Remarks
The SSHDaemon class is the SSH-enabled equivalent of the IPWorks IPDaemon class, extended by a set of new properties and events that deal with SSH security. The ssh_compression_algorithms and ssh_encryption_algorithms properties determine which protocols are enabled for the SSH handshake. The ssh_cert* properties are used to select a certificate for the server (please note that a valid certificate MUST be selected before the server can function). The on_ssh_user_auth_request event will allow you to use authenticate clients using digital certificates or passwords. Finally, the on_ssh_status event provides information about the SSH handshake and underlying protocol notifications.
By default, each instance of SSHDaemon can handle up to 1000 simultaneous incoming connections (this number may be increased up to 100,000, or decreased to a lower value by using the MaxConnections configuration setting).
SSH connections are identified by a ConnectionId. Events relating to these connections as a whole will use the ConnectionId to identify the specific connection. Connections may also contained one or more multiplexed channels, which are identified by a ChannelId. Channel-level events will specify the ChannelId to which they relate.
SSHDaemon can start to listen on a port by setting the listening property to True. When a remote host asks for a connection, the on_connection_request event is fired. At that point, the connection can either be accepted or rejected. If the connection is accepted, a ConnectionId is assigned, and communication can start. From this point on, the operation is very similar to SSHClient. Data can be sent to an individual SSHChannel using send_channel_data. The address and port of the incoming connection can be found by querying the client_remote_host and client_remote_port properties.
Note: Server components are designed to process events as they occur. To ensure events are processed in a timely manner do_events should be called in a loop after the server is started.
Property List
The following is the full list of the properties of the class with short descriptions. Click on the links for further details.
| ssh_channel_count | The number of records in the arrays. |
| bytes_sent | The number of bytes actually sent after a sending channel data. |
| channel_id | An id generated by the class to identify the current SSH channel. |
| data_to_send | A string of data to be sent to the remote host. |
| ready_to_send | This property is True when data can be sent over the SSH Channel. |
| record_length | The length of received data records. |
| service | This property holds the channel type that was requested when opening the channel. |
| connection_backlog | The maximum number of pending connections maintained by the TCP/IP subsystem. |
| ssh_connection_count | The number of records in the SSHConnection arrays. |
| ssh_connection_connected | Used to disconnect individual connections and/or show their status. |
| ssh_connection_local_address | This property shows the IP address of the interface through which the connection is passing. |
| ssh_connection_remote_host | The RemoteHost shows the IP address of the remote host through which the connection is coming. |
| ssh_connection_remote_port | The RemotePort shows the TCP port on the remote host through which the connection is coming. |
| ssh_connection_timeout | A timeout for the class. |
| default_auth_methods | Specifies the supported authentication methods. |
| default_timeout | An initial timeout value to be used by incoming connections. |
| keyboard_interactive_message | The instructions to send to the client during keyboard-interactive authentication. |
| keyboard_interactive_prompt_count | The number of records in the KeyboardInteractivePrompt arrays. |
| keyboard_interactive_prompt_echo | Specifies if the client should echo the value entered by the user or not. |
| keyboard_interactive_prompt_prompt | The prompt label/text the client should present to the user. |
| listening | If True, the class accepts incoming connections on LocalPort. |
| local_host | The name of the local host or user-assigned IP interface through which connections are initiated or accepted. |
| local_port | The TCP port in the local host where the class listens. |
| ssh_cert_encoded | The certificate (PEM/base64 encoded). |
| ssh_cert_store | The name of the certificate store for the client certificate. |
| ssh_cert_store_password | If the certificate store is of a type that requires a password, this property is used to specify that password in order to open the certificate store. |
| ssh_cert_store_type | The type of certificate store for this certificate. |
| ssh_cert_subject | The subject of the certificate used for client authentication. |
| ssh_compression_algorithms | A comma-separated list containing all allowable compression algorithms. |
| ssh_encryption_algorithms | A comma-separated list containing all allowable encryption algorithms. |
Method List
The following is the full list of the methods of the class with short descriptions. Click on the links for further details.
| close_channel | Closes a existing SSHChannel . |
| config | Sets or retrieves a configuration setting. |
| disconnect | Disconnect the specified client. |
| do_events | Processes events from the internal message queue. |
| exchange_keys | Causes the class to exchange a new set of session keys on the specified connection. |
| get_ssh_param | Used to read a field from an SSH packet's payload. |
| get_ssh_param_bytes | Used to read a field from an SSH packet's payload. |
| open_channel | Opens a new SSHChannel . |
| reset | Reset the class. |
| send_channel_data | Used to send regular data over an SSH channel. |
| send_ssh_packet | Used to send an encoded SSH packet to the server. |
| set_ssh_param | Used to write a field to the end of a payload. |
| shutdown | Shuts down the server. |
Event List
The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.
| on_connected | Fired immediately after a connection completes (or fails). |
| on_connection_request | Fired when a request for connection comes from a remote host. |
| on_disconnected | Fired when a connection is closed. |
| on_error | Information about errors during data delivery. |
| on_log | Fires once for each log message. |
| on_ssh_channel_closed | Fired when a channel is closed. |
| on_ssh_channel_data_in | Fired when data is received on an SSH channel. |
| on_ssh_channel_eof | Fired when the remote peer signals the end of the data stream for the channel. |
| on_ssh_channel_opened | Fired when a channel is successfully opened. |
| on_ssh_channel_open_request | Fired when a client attempts to open a new channel. |
| on_ssh_channel_ready_to_send | Fired when the class is ready to send data. |
| on_ssh_channel_request | Fired when the SSHHost sends a channel request to the client. |
| on_ssh_channel_requested | Fired if the SSHChannelRequest was successful, any further processing for the channel request should be done here. |
| on_ssh_service_request | Fired when a client requests a service to be started. |
| on_ssh_status | Shows the progress of the secure connection. |
| on_ssh_user_auth_request | Fires when a client attempts to authenticate a connection. |
Configuration Settings
The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.
| AltSSHCertCount | The number of records in the AltSSHCert configuration settings. |
| AltSSHCertStore[i] | The name of the certificate store. |
| AltSSHCertStorePassword[i] | The password used to open the certificate store. |
| AltSSHCertStoreType[i] | The type of certificate store. |
| AltSSHCertSubject[i] | The alternative certificate subject. |
| ClientSSHVersionString[ConnectionId] | The client's version string. |
| DefaultIdleTimeout | Specifies the default idle timeout for inactive clients. |
| KeyboardInteractivePrompts[ConnectionId] | Specifies custom keyboard-interactive prompts for particular connections. |
| KeyRenegotiationThreshold | Sets the threshold for the SSH Key Renegotiation. |
| LogLevel | Specifies the level of detail that is logged. |
| MaxAuthAttempts | The maximum authentication attempts allowed before forcing a disconnect. |
| ServerSSHVersionString | The SSH version string sent to connecting clients. |
| SSHKeepAliveCountMax | The maximum number of keep alive packets to send without a response. |
| SSHKeepAliveInterval | The interval between keep alive packets. |
| SSHKeyExchangeAlgorithms | Specifies the supported key exchange algorithms. |
| SSHMacAlgorithms | Specifies the supported Mac algorithms. |
| SSHPubKeyAuthSigAlgorithms | Specifies the allowed signature algorithms used by a client performing public key authentication. |
| SSHPublicKeyAlgorithms | Specifies the supported public key algorithms. |
| SSHVersionPattern | The pattern used to match the remote host's version string. |
| UserAuthBanner[ConnectionId] | A custom user authentication banner. |
| AllowedClients | A comma-separated list of host names or IP addresses that can access the class. |
| BindExclusively | Whether or not the class considers a local port reserved for exclusive use. |
| ConnectionUID | The unique connectionId for a connection. |
| DefaultConnectionTimeout | The inactivity timeout applied to the SSL handshake. |
| InBufferSize | The size in bytes of the incoming queue of the socket. |
| KeepAliveInterval | The retry interval, in milliseconds, to be used when a TCP keep-alive packet is sent and no response is received. |
| KeepAliveRetryCount | The number of keep-alive packets to be sent before the remotehost is considered disconnected. |
| KeepAliveTime | The inactivity time in milliseconds before a TCP keep-alive packet is sent. |
| MaxConnections | The maximum number of connections available. |
| OutBufferSize | The size in bytes of the outgoing queue of the socket. |
| TcpNoDelay | Whether or not to delay when sending packets. |
| UseIOCP | Whether to use the completion port I/O model. |
| UseIPv6 | Whether to use IPv6. |
| UseWindowsMessages | Whether to use the WSAAsyncSelect I/O model. |
| BuildInfo | Information about the product's build. |
| CodePage | The system code page used for Unicode to Multibyte translations. |
| LicenseInfo | Information about the current license. |
| ProcessIdleEvents | Whether the class uses its internal event loop to process events when the main thread is idle. |
| SelectWaitMillis | The length of time in milliseconds the class will wait when DoEvents is called if there are no events to process. |
| UseInternalSecurityAPI | Tells the class whether or not to use the system security libraries or an internal implementation. |