1.. module:: asyncssh 2 3.. _API: 4 5API Documentation 6***************** 7 8Overview 9======== 10 11The AsyncSSH API is modeled after the new Python ``asyncio`` framework, with 12a :func:`create_connection` coroutine to create an SSH client and a 13:func:`create_server` coroutine to create an SSH server. Like the 14``asyncio`` framework, these calls take a parameter of a factory which 15creates protocol objects to manage the connections once they are open. 16For AsyncSSH, :func:`create_connection` should be passed a ``client_factory`` 17which returns objects derived from :class:`SSHClient` and :func:`create_server` 18should be passed a ``server_factory`` which returns objects derived from 19:class:`SSHServer`. In addition, each connection will have an associated 20:class:`SSHClientConnection` or :class:`SSHServerConnection` object passed 21to the protocol objects which can be used to perform actions on the connection. 22 23For client connections, authentication can be performed by passing in a 24username and password or SSH keys as arguments to :func:`create_connection` 25or by implementing handler methods on the :class:`SSHClient` object which 26return credentials when the server requests them. If no credentials are 27provided, AsyncSSH automatically attempts to send the username of the 28local user and the keys found in their :file:`.ssh` subdirectory. A list of 29expected server host keys can also be specified, with AsyncSSH defaulting 30to looking for matching lines in the user's :file:`.ssh/known_hosts` file. 31 32For server connections, handlers can be implemented on the :class:`SSHServer` 33object to return which authentication methods are supported and to validate 34credentials provided by clients. 35 36Once an SSH client connection is established and authentication is successful, 37multiple simultaneous channels can be opened on it. This is accomplished 38calling methods such as :meth:`create_session() 39<SSHClientConnection.create_session>`, :meth:`create_connection() 40<SSHClientConnection.create_connection>`, and :meth:`create_unix_connection() 41<SSHClientConnection.create_unix_connection>` on the 42:class:`SSHClientConnection` object. The client can also set up listeners on 43remote TCP ports and UNIX domain sockets by calling :meth:`create_server() 44<SSHClientConnection.create_server>` and :meth:`create_unix_server() 45<SSHClientConnection.create_unix_server>`. All of these methods take 46``session_factory`` arguments that return :class:`SSHClientSession`, 47:class:`SSHTCPSession`, or :class:`SSHUNIXSession` objects used to manage 48the channels once they are open. Alternately, channels can be opened using 49:meth:`open_session() <SSHClientConnection.open_session>`, 50:meth:`open_connection() <SSHClientConnection.open_connection>`, or 51:meth:`open_unix_connection() <SSHClientConnection.open_unix_connection>`, 52which return :class:`SSHReader` and :class:`SSHWriter` objects that can be 53used to perform I/O on the channel. The methods :meth:`start_server() 54<SSHClientConnection.start_server>` and :meth:`start_unix_server() 55<SSHClientConnection.start_unix_server>` can be used to set up listeners on 56remote TCP ports or UNIX domain sockets and get back these :class:`SSHReader` 57and :class:`SSHWriter` objects in a callback when new connections are opened. 58 59SSH client sessions can also be opened by calling :meth:`create_process() 60<SSHClientConnection.create_process>`. This returns a :class:`SSHClientProcess` 61object which has members ``stdin``, ``stdout``, and ``stderr`` which are 62:class:`SSHReader` and :class:`SSHWriter` objects. This API also makes 63it very easy to redirect input and output from the remote process to local 64files, pipes, sockets, or other :class:`SSHReader` and :class:`SSHWriter` 65objects. In cases where you just want to run a remote process to completion 66and get back an object containing captured output and exit status, the 67:meth:`run() <SSHClientConnection.run>` method can be used. It returns an 68:class:`SSHCompletedProcess` with the results of the run, or can be set up 69to raise :class:`ProcessError` if the process exits with a non-zero exit 70status. It can also raise :class:`TimeoutError` if a specified timeout 71expires before the process exits. 72 73The client can also set up TCP port forwarding by calling 74:meth:`forward_local_port() <SSHClientConnection.forward_local_port>` or 75:meth:`forward_remote_port() <SSHClientConnection.forward_remote_port>` and 76UNIX domain socket forwarding by calling :meth:`forward_local_path() 77<SSHClientConnection.forward_local_path>` or :meth:`forward_remote_path() 78<SSHClientConnection.forward_remote_path>`. In these cases, data transfer on 79the channels is managed automatically by AsyncSSH whenever new connections 80are opened, so custom session objects are not required. 81 82Dynamic TCP port forwarding can be set up by calling :meth:`forward_socks() 83<SSHClientConnection.forward_socks>`. The SOCKS listener set up by 84AsyncSSH on the requested port accepts SOCKS connect requests and is 85compatible with SOCKS versions 4, 4a, and 5. 86 87When an SSH server receives a new connection and authentication is successful, 88handlers such as :meth:`session_requested() <SSHServer.session_requested>`, 89:meth:`connection_requested() <SSHServer.connection_requested>`, 90:meth:`unix_connection_requested() <SSHServer.unix_connection_requested>`, 91:meth:`server_requested() <SSHServer.server_requested>`, and 92:meth:`unix_server_requested() <SSHServer.unix_server_requested>` on the 93associated :class:`SSHServer` object will be called when clients attempt to 94open channels or set up listeners. These methods return coroutines which can 95set up the requested sessions or connections, returning 96:class:`SSHServerSession` or :class:`SSHTCPSession` objects or handler 97functions that accept :class:`SSHReader` and :class:`SSHWriter` objects 98as arguments which manage the channels once they are open. 99 100To better support interactive server applications, AsyncSSH defaults to 101providing echoing of input and basic line editing capabilities when an 102inbound SSH session requests a pseudo-terminal. This behavior can be 103disabled by setting the ``line_editor`` argument to ``False`` when 104starting up an SSH server. When this feature is enabled, server sessions 105can enable or disable line mode using the :meth:`set_line_mode() 106<SSHLineEditorChannel.set_line_mode>` method of :class:`SSHLineEditorChannel`. 107They can also enable or disable input echoing using the :meth:`set_echo() 108<SSHLineEditorChannel.set_echo>` method. Handling of specific keys during 109line editing can be customized using the :meth:`register_key() 110<SSHLineEditorChannel.register_key>` and :meth:`unregister_key() 111<SSHLineEditorChannel.unregister_key>` methods. 112 113Each session object also has an associated :class:`SSHClientChannel`, 114:class:`SSHServerChannel`, or :class:`SSHTCPChannel` object passed to it 115which can be used to perform actions on the channel. These channel objects 116provide a superset of the functionality found in ``asyncio`` transport 117objects. 118 119In addition to the above functions and classes, helper functions for importing 120public and private keys can be found below under :ref:`PublicKeySupport`, 121exceptions can be found under :ref:`Exceptions`, supported algorithms can 122be found under :ref:`SupportedAlgorithms`, and some useful constants can be 123found under :ref:`Constants`. 124 125Main Functions 126============== 127 128connect 129------- 130 131.. autofunction:: connect 132 133connect_reverse 134--------------- 135 136.. autofunction:: connect_reverse 137 138listen 139------ 140 141.. autofunction:: listen 142 143listen_reverse 144-------------- 145 146.. autofunction:: listen_reverse 147 148create_connection 149----------------- 150 151.. autofunction:: create_connection 152 153create_server 154------------- 155 156.. autofunction:: create_server 157 158get_server_host_key 159------------------- 160 161.. autofunction:: get_server_host_key 162 163scp 164--- 165 166.. autofunction:: scp 167 168Main Classes 169============ 170 171SSHClient 172--------- 173 174.. autoclass:: SSHClient 175 176 ================================== = 177 General connection handlers 178 ================================== = 179 .. automethod:: connection_made 180 .. automethod:: connection_lost 181 .. automethod:: debug_msg_received 182 ================================== = 183 184 ======================================== = 185 Host key validation handlers 186 ======================================== = 187 .. automethod:: validate_host_public_key 188 .. automethod:: validate_host_ca_key 189 ======================================== = 190 191 ==================================== = 192 General authentication handlers 193 ==================================== = 194 .. automethod:: auth_banner_received 195 .. automethod:: auth_completed 196 ==================================== = 197 198 ========================================= = 199 Public key authentication handlers 200 ========================================= = 201 .. automethod:: public_key_auth_requested 202 ========================================= = 203 204 ========================================= = 205 Password authentication handlers 206 ========================================= = 207 .. automethod:: password_auth_requested 208 .. automethod:: password_change_requested 209 .. automethod:: password_changed 210 .. automethod:: password_change_failed 211 ========================================= = 212 213 ============================================ = 214 Keyboard-interactive authentication handlers 215 ============================================ = 216 .. automethod:: kbdint_auth_requested 217 .. automethod:: kbdint_challenge_received 218 ============================================ = 219 220SSHServer 221--------- 222 223.. autoclass:: SSHServer 224 225 ================================== = 226 General connection handlers 227 ================================== = 228 .. automethod:: connection_made 229 .. automethod:: connection_lost 230 .. automethod:: debug_msg_received 231 ================================== = 232 233 =============================== = 234 General authentication handlers 235 =============================== = 236 .. automethod:: begin_auth 237 .. automethod:: auth_completed 238 =============================== = 239 240 ====================================== = 241 GSSAPI authentication handlers 242 ====================================== = 243 .. automethod:: validate_gss_principal 244 ====================================== = 245 246 ========================================= = 247 Host-based authentication handlers 248 ========================================= = 249 .. automethod:: host_based_auth_supported 250 .. automethod:: validate_host_public_key 251 .. automethod:: validate_host_ca_key 252 .. automethod:: validate_host_based_user 253 ========================================= = 254 255 ========================================= = 256 Public key authentication handlers 257 ========================================= = 258 .. automethod:: public_key_auth_supported 259 .. automethod:: validate_public_key 260 .. automethod:: validate_ca_key 261 ========================================= = 262 263 ======================================= = 264 Password authentication handlers 265 ======================================= = 266 .. automethod:: password_auth_supported 267 .. automethod:: validate_password 268 .. automethod:: change_password 269 ======================================= = 270 271 ============================================ = 272 Keyboard-interactive authentication handlers 273 ============================================ = 274 .. automethod:: kbdint_auth_supported 275 .. automethod:: get_kbdint_challenge 276 .. automethod:: validate_kbdint_response 277 ============================================ = 278 279 ========================================= = 280 Channel session open handlers 281 ========================================= = 282 .. automethod:: session_requested 283 .. automethod:: connection_requested 284 .. automethod:: unix_connection_requested 285 .. automethod:: server_requested 286 .. automethod:: unix_server_requested 287 ========================================= = 288 289Connection Classes 290================== 291 292SSHClientConnection 293------------------- 294 295.. autoclass:: SSHClientConnection() 296 297 ========================= = 298 Connection attributes 299 ========================= = 300 .. autoattribute:: logger 301 ========================= = 302 303 =================================== = 304 General connection methods 305 =================================== = 306 .. automethod:: get_extra_info 307 .. automethod:: set_extra_info 308 .. automethod:: set_keepalive 309 .. automethod:: get_server_host_key 310 .. automethod:: send_debug 311 =================================== = 312 313 ====================================================================================================================================================== = 314 Client session open methods 315 ====================================================================================================================================================== = 316 .. automethod:: create_session 317 .. automethod:: open_session 318 .. automethod:: create_process(*args, bufsize=io.DEFAULT_BUFFER_SIZE, input=None, stdin=PIPE, stdout=PIPE, stderr=PIPE, **kwargs) 319 .. automethod:: create_subprocess(protocol_factory, *args, bufsize=io.DEFAULT_BUFFER_SIZE, input=None, stdin=PIPE, stdout=PIPE, stderr=PIPE, **kwargs) 320 .. automethod:: run(*args, check=False, timeout=None, **kwargs) 321 .. automethod:: start_sftp_client 322 .. automethod:: create_ssh_connection 323 .. automethod:: connect_ssh 324 .. automethod:: connect_reverse_ssh 325 .. automethod:: listen_ssh 326 .. automethod:: listen_reverse_ssh 327 ====================================================================================================================================================== = 328 329 ====================================== = 330 Client connection open methods 331 ====================================== = 332 .. automethod:: create_connection 333 .. automethod:: open_connection 334 .. automethod:: create_server 335 .. automethod:: start_server 336 .. automethod:: create_unix_connection 337 .. automethod:: open_unix_connection 338 .. automethod:: create_unix_server 339 .. automethod:: start_unix_server 340 ====================================== = 341 342 =================================== = 343 Client forwarding methods 344 =================================== = 345 .. automethod:: forward_connection 346 .. automethod:: forward_local_port 347 .. automethod:: forward_local_path 348 .. automethod:: forward_remote_port 349 .. automethod:: forward_remote_path 350 .. automethod:: forward_socks 351 =================================== = 352 353 =========================== = 354 Connection close methods 355 =========================== = 356 .. automethod:: abort 357 .. automethod:: close 358 .. automethod:: disconnect 359 .. automethod:: wait_closed 360 =========================== = 361 362SSHServerConnection 363------------------- 364 365.. autoclass:: SSHServerConnection() 366 367 ========================= = 368 Connection attributes 369 ========================= = 370 .. autoattribute:: logger 371 ========================= = 372 373 ============================== = 374 General connection methods 375 ============================== = 376 .. automethod:: get_extra_info 377 .. automethod:: set_extra_info 378 .. automethod:: set_keepalive 379 .. automethod:: send_debug 380 ============================== = 381 382 ============================================ = 383 Server authentication methods 384 ============================================ = 385 .. automethod:: send_auth_banner 386 .. automethod:: set_authorized_keys 387 .. automethod:: get_key_option 388 .. automethod:: check_key_permission 389 .. automethod:: get_certificate_option 390 .. automethod:: check_certificate_permission 391 ============================================ = 392 393 ====================================== = 394 Server connection open methods 395 ====================================== = 396 .. automethod:: create_connection 397 .. automethod:: open_connection 398 .. automethod:: create_unix_connection 399 .. automethod:: open_unix_connection 400 ====================================== = 401 402 ======================================= = 403 Server forwarding methods 404 ======================================= = 405 .. automethod:: forward_connection 406 .. automethod:: forward_unix_connection 407 ======================================= = 408 409 ===================================== = 410 Server channel creation methods 411 ===================================== = 412 .. automethod:: create_server_channel 413 .. automethod:: create_tcp_channel 414 .. automethod:: create_unix_channel 415 ===================================== = 416 417 =========================== = 418 Connection close methods 419 =========================== = 420 .. automethod:: abort 421 .. automethod:: close 422 .. automethod:: disconnect 423 .. automethod:: wait_closed 424 =========================== = 425 426SSHClientConnectionOptions 427-------------------------- 428 429.. autoclass:: SSHClientConnectionOptions() 430 431SSHServerConnectionOptions 432-------------------------- 433 434.. autoclass:: SSHServerConnectionOptions() 435 436Process Classes 437=============== 438 439SSHClientProcess 440---------------- 441 442.. autoclass:: SSHClientProcess 443 444 ============================== = 445 Client process attributes 446 ============================== = 447 .. autoattribute:: channel 448 .. autoattribute:: logger 449 .. autoattribute:: env 450 .. autoattribute:: command 451 .. autoattribute:: subsystem 452 .. autoattribute:: stdin 453 .. autoattribute:: stdout 454 .. autoattribute:: stderr 455 .. autoattribute:: exit_status 456 .. autoattribute:: exit_signal 457 .. autoattribute:: returncode 458 ============================== = 459 460 ==================================== = 461 Other client process methods 462 ==================================== = 463 .. automethod:: get_extra_info 464 .. automethod:: redirect 465 .. automethod:: collect_output 466 .. automethod:: communicate 467 .. automethod:: wait 468 .. automethod:: change_terminal_size 469 .. automethod:: send_break 470 .. automethod:: send_signal 471 ==================================== = 472 473 ============================ = 474 Client process close methods 475 ============================ = 476 .. automethod:: terminate 477 .. automethod:: kill 478 .. automethod:: close 479 .. automethod:: is_closing 480 .. automethod:: wait_closed 481 ============================ = 482 483SSHServerProcess 484---------------- 485 486.. autoclass:: SSHServerProcess 487 488 ============================== = 489 Server process attributes 490 ============================== = 491 .. autoattribute:: channel 492 .. autoattribute:: logger 493 .. autoattribute:: command 494 .. autoattribute:: subsystem 495 .. autoattribute:: env 496 .. autoattribute:: term_type 497 .. autoattribute:: term_size 498 .. autoattribute:: term_modes 499 .. autoattribute:: stdin 500 .. autoattribute:: stdout 501 .. autoattribute:: stderr 502 ============================== = 503 504 ============================== = 505 Other server process methods 506 ============================== = 507 .. automethod:: get_extra_info 508 .. automethod:: redirect 509 ============================== = 510 511 ================================ = 512 Server process close methods 513 ================================ = 514 .. automethod:: exit 515 .. automethod:: exit_with_signal 516 .. automethod:: close 517 .. automethod:: is_closing 518 .. automethod:: wait_closed 519 ================================ = 520 521SSHCompletedProcess 522------------------- 523 524.. autoclass:: SSHCompletedProcess() 525 526SSHSubprocessReadPipe 527--------------------- 528 529.. autoclass:: SSHSubprocessReadPipe() 530 531 ==================================== = 532 General subprocess pipe info methods 533 ==================================== = 534 .. automethod:: get_extra_info 535 ==================================== = 536 537 ============================== = 538 Subprocess pipe read methods 539 ============================== = 540 .. automethod:: pause_reading 541 .. automethod:: resume_reading 542 ============================== = 543 544 ===================================== = 545 General subprocess pipe close methods 546 ===================================== = 547 .. automethod:: close 548 ===================================== = 549 550SSHSubprocessWritePipe 551---------------------- 552 553.. autoclass:: SSHSubprocessWritePipe() 554 555 ==================================== = 556 General subprocess pipe info methods 557 ==================================== = 558 .. automethod:: get_extra_info 559 ==================================== = 560 561 ======================================= = 562 Subprocess pipe write methods 563 ======================================= = 564 .. automethod:: can_write_eof 565 .. automethod:: get_write_buffer_size 566 .. automethod:: set_write_buffer_limits 567 .. automethod:: write 568 .. automethod:: writelines 569 .. automethod:: write_eof 570 ======================================= = 571 572 ===================================== = 573 General subprocess pipe close methods 574 ===================================== = 575 .. automethod:: abort 576 .. automethod:: close 577 ===================================== = 578 579SSHSubprocessProtocol 580--------------------- 581 582.. autoclass:: SSHSubprocessProtocol 583 584 ==================================== = 585 General subprocess protocol handlers 586 ==================================== = 587 .. automethod:: connection_made 588 .. automethod:: pipe_connection_lost 589 ==================================== = 590 591 ================================== = 592 Subprocess protocol read handlers 593 ================================== = 594 .. automethod:: pipe_data_received 595 ================================== = 596 597 ================================== = 598 Other subprocess protocol handlers 599 ================================== = 600 .. automethod:: process_exited 601 ================================== = 602 603SSHSubprocessTransport 604---------------------- 605 606.. autoclass:: SSHSubprocessTransport 607 608 ==================================== = 609 General subprocess transport methods 610 ==================================== = 611 .. automethod:: get_extra_info 612 .. automethod:: get_pid 613 .. automethod:: get_pipe_transport 614 .. automethod:: get_returncode 615 .. automethod:: change_terminal_size 616 .. automethod:: send_break 617 .. automethod:: send_signal 618 ==================================== = 619 620 ================================== = 621 Subprocess transport close methods 622 ================================== = 623 .. automethod:: terminate 624 .. automethod:: kill 625 .. automethod:: close 626 .. automethod:: is_closing 627 .. automethod:: wait_closed 628 ================================== = 629 630Session Classes 631=============== 632 633SSHClientSession 634---------------- 635 636.. autoclass:: SSHClientSession 637 638 =============================== = 639 General session handlers 640 =============================== = 641 .. automethod:: connection_made 642 .. automethod:: connection_lost 643 .. automethod:: session_started 644 =============================== = 645 646 ============================= = 647 General session read handlers 648 ============================= = 649 .. automethod:: data_received 650 .. automethod:: eof_received 651 ============================= = 652 653 ============================== = 654 General session write handlers 655 ============================== = 656 .. automethod:: pause_writing 657 .. automethod:: resume_writing 658 ============================== = 659 660 ==================================== = 661 Other client session handlers 662 ==================================== = 663 .. automethod:: xon_xoff_requested 664 .. automethod:: exit_status_received 665 .. automethod:: exit_signal_received 666 ==================================== = 667 668SSHServerSession 669---------------- 670 671.. autoclass:: SSHServerSession 672 673 =============================== = 674 General session handlers 675 =============================== = 676 .. automethod:: connection_made 677 .. automethod:: connection_lost 678 .. automethod:: session_started 679 =============================== = 680 681 =================================== = 682 Server session open handlers 683 =================================== = 684 .. automethod:: pty_requested 685 .. automethod:: shell_requested 686 .. automethod:: exec_requested 687 .. automethod:: subsystem_requested 688 =================================== = 689 690 ============================= = 691 General session read handlers 692 ============================= = 693 .. automethod:: data_received 694 .. automethod:: eof_received 695 ============================= = 696 697 ============================== = 698 General session write handlers 699 ============================== = 700 .. automethod:: pause_writing 701 .. automethod:: resume_writing 702 ============================== = 703 704 ===================================== = 705 Other server session handlers 706 ===================================== = 707 .. automethod:: break_received 708 .. automethod:: signal_received 709 .. automethod:: terminal_size_changed 710 ===================================== = 711 712SSHTCPSession 713------------- 714 715.. autoclass:: SSHTCPSession 716 717 =============================== = 718 General session handlers 719 =============================== = 720 .. automethod:: connection_made 721 .. automethod:: connection_lost 722 .. automethod:: session_started 723 =============================== = 724 725 ============================= = 726 General session read handlers 727 ============================= = 728 .. automethod:: data_received 729 .. automethod:: eof_received 730 ============================= = 731 732 ============================== = 733 General session write handlers 734 ============================== = 735 .. automethod:: pause_writing 736 .. automethod:: resume_writing 737 ============================== = 738 739SSHUNIXSession 740-------------- 741 742.. autoclass:: SSHUNIXSession 743 744 =============================== = 745 General session handlers 746 =============================== = 747 .. automethod:: connection_made 748 .. automethod:: connection_lost 749 .. automethod:: session_started 750 =============================== = 751 752 ============================= = 753 General session read handlers 754 ============================= = 755 .. automethod:: data_received 756 .. automethod:: eof_received 757 ============================= = 758 759 ============================== = 760 General session write handlers 761 ============================== = 762 .. automethod:: pause_writing 763 .. automethod:: resume_writing 764 ============================== = 765 766Channel Classes 767=============== 768 769SSHClientChannel 770---------------- 771 772.. autoclass:: SSHClientChannel() 773 774 ========================= = 775 Channel attributes 776 ========================= = 777 .. autoattribute:: logger 778 ========================= = 779 780 =============================== = 781 General channel info methods 782 =============================== = 783 .. automethod:: get_extra_info 784 .. automethod:: set_extra_info 785 .. automethod:: get_environment 786 .. automethod:: get_command 787 .. automethod:: get_subsystem 788 =============================== = 789 790 ============================== = 791 Client channel read methods 792 ============================== = 793 .. automethod:: pause_reading 794 .. automethod:: resume_reading 795 ============================== = 796 797 ======================================= = 798 Client channel write methods 799 ======================================= = 800 .. automethod:: can_write_eof 801 .. automethod:: get_write_buffer_size 802 .. automethod:: set_write_buffer_limits 803 .. automethod:: write 804 .. automethod:: writelines 805 .. automethod:: write_eof 806 ======================================= = 807 808 ===================================== = 809 Other client channel methods 810 ===================================== = 811 .. automethod:: get_exit_status 812 .. automethod:: get_exit_signal 813 .. automethod:: get_returncode 814 .. automethod:: change_terminal_size 815 .. automethod:: send_break 816 .. automethod:: send_signal 817 .. automethod:: kill 818 .. automethod:: terminate 819 ===================================== = 820 821 ============================= = 822 General channel close methods 823 ============================= = 824 .. automethod:: abort 825 .. automethod:: close 826 .. automethod:: is_closing 827 .. automethod:: wait_closed 828 ============================= = 829 830SSHServerChannel 831---------------- 832 833.. autoclass:: SSHServerChannel() 834 835 ========================= = 836 Channel attributes 837 ========================= = 838 .. autoattribute:: logger 839 ========================= = 840 841 =============================== = 842 General channel info methods 843 =============================== = 844 .. automethod:: get_extra_info 845 .. automethod:: set_extra_info 846 .. automethod:: get_environment 847 .. automethod:: get_command 848 .. automethod:: get_subsystem 849 =============================== = 850 851 ================================== = 852 Server channel info methods 853 ================================== = 854 .. automethod:: get_terminal_type 855 .. automethod:: get_terminal_size 856 .. automethod:: get_terminal_mode 857 .. automethod:: get_terminal_modes 858 .. automethod:: get_x11_display 859 .. automethod:: get_agent_path 860 ================================== = 861 862 ============================== = 863 Server channel read methods 864 ============================== = 865 .. automethod:: pause_reading 866 .. automethod:: resume_reading 867 ============================== = 868 869 ======================================= = 870 Server channel write methods 871 ======================================= = 872 .. automethod:: can_write_eof 873 .. automethod:: get_write_buffer_size 874 .. automethod:: set_write_buffer_limits 875 .. automethod:: write 876 .. automethod:: writelines 877 .. automethod:: write_stderr 878 .. automethod:: writelines_stderr 879 .. automethod:: write_eof 880 ======================================= = 881 882 ================================= = 883 Other server channel methods 884 ================================= = 885 .. automethod:: set_xon_xoff 886 .. automethod:: exit 887 .. automethod:: exit_with_signal 888 ================================= = 889 890 ============================= = 891 General channel close methods 892 ============================= = 893 .. automethod:: abort 894 .. automethod:: close 895 .. automethod:: is_closing 896 .. automethod:: wait_closed 897 ============================= = 898 899SSHLineEditorChannel 900-------------------- 901 902.. autoclass:: SSHLineEditorChannel() 903 904 ============================== = 905 Line editor methods 906 ============================== = 907 .. automethod:: register_key 908 .. automethod:: unregister_key 909 .. automethod:: set_line_mode 910 .. automethod:: set_echo 911 ============================== = 912 913SSHTCPChannel 914------------- 915 916.. autoclass:: SSHTCPChannel() 917 918 ========================= = 919 Channel attributes 920 ========================= = 921 .. autoattribute:: logger 922 ========================= = 923 924 ============================== = 925 General channel info methods 926 ============================== = 927 .. automethod:: get_extra_info 928 .. automethod:: set_extra_info 929 ============================== = 930 931 ============================== = 932 General channel read methods 933 ============================== = 934 .. automethod:: pause_reading 935 .. automethod:: resume_reading 936 ============================== = 937 938 ======================================= = 939 General channel write methods 940 ======================================= = 941 .. automethod:: can_write_eof 942 .. automethod:: get_write_buffer_size 943 .. automethod:: set_write_buffer_limits 944 .. automethod:: write 945 .. automethod:: writelines 946 .. automethod:: write_eof 947 ======================================= = 948 949 ============================= = 950 General channel close methods 951 ============================= = 952 .. automethod:: abort 953 .. automethod:: close 954 .. automethod:: is_closing 955 .. automethod:: wait_closed 956 ============================= = 957 958SSHUNIXChannel 959-------------- 960 961.. autoclass:: SSHUNIXChannel() 962 963 ========================= = 964 Channel attributes 965 ========================= = 966 .. autoattribute:: logger 967 ========================= = 968 969 ============================== = 970 General channel info methods 971 ============================== = 972 .. automethod:: get_extra_info 973 .. automethod:: set_extra_info 974 ============================== = 975 976 ============================== = 977 General channel read methods 978 ============================== = 979 .. automethod:: pause_reading 980 .. automethod:: resume_reading 981 ============================== = 982 983 ======================================= = 984 General channel write methods 985 ======================================= = 986 .. automethod:: can_write_eof 987 .. automethod:: get_write_buffer_size 988 .. automethod:: set_write_buffer_limits 989 .. automethod:: write 990 .. automethod:: writelines 991 .. automethod:: write_eof 992 ======================================= = 993 994 ============================= = 995 General channel close methods 996 ============================= = 997 .. automethod:: abort 998 .. automethod:: close 999 .. automethod:: is_closing 1000 .. automethod:: wait_closed 1001 ============================= = 1002 1003Listener Classes 1004================ 1005 1006SSHAcceptor 1007----------- 1008 1009.. autoclass:: SSHAcceptor() 1010 1011 ====================== = 1012 .. automethod:: update 1013 ====================== = 1014 1015 1016SSHListener 1017----------- 1018.. autoclass:: SSHListener() 1019 1020 =========================== = 1021 .. automethod:: get_port 1022 .. automethod:: close 1023 .. automethod:: wait_closed 1024 =========================== = 1025 1026Stream Classes 1027============== 1028 1029SSHReader 1030--------- 1031 1032.. autoclass:: SSHReader() 1033 1034 ============================== = 1035 .. autoattribute:: channel 1036 .. autoattribute:: logger 1037 .. automethod:: get_extra_info 1038 .. automethod:: feed_data 1039 .. automethod:: feed_eof 1040 .. automethod:: at_eof 1041 .. automethod:: read 1042 .. automethod:: readline 1043 .. automethod:: readuntil 1044 .. automethod:: readexactly 1045 ============================== = 1046 1047SSHWriter 1048--------- 1049 1050.. autoclass:: SSHWriter() 1051 1052 ============================== = 1053 .. autoattribute:: channel 1054 .. autoattribute:: logger 1055 .. automethod:: get_extra_info 1056 .. automethod:: can_write_eof 1057 .. automethod:: drain 1058 .. automethod:: write 1059 .. automethod:: writelines 1060 .. automethod:: write_eof 1061 .. automethod:: close 1062 .. automethod:: is_closing 1063 .. automethod:: wait_closed 1064 ============================== = 1065 1066SFTP Support 1067============ 1068 1069SFTPClient 1070---------- 1071 1072.. autoclass:: SFTPClient() 1073 1074 ========================= = 1075 SFTP client attributes 1076 ========================= = 1077 .. autoattribute:: logger 1078 ========================= = 1079 1080 ===================== = 1081 File transfer methods 1082 ===================== = 1083 .. automethod:: get 1084 .. automethod:: put 1085 .. automethod:: copy 1086 .. automethod:: mget 1087 .. automethod:: mput 1088 .. automethod:: mcopy 1089 ===================== = 1090 1091 ============================================================================================================================== = 1092 File access methods 1093 ============================================================================================================================== = 1094 .. automethod:: open(path, mode='r', attrs=SFTPAttrs(), encoding='utf-8', errors='strict', block_size=16384, max_requests=128) 1095 .. automethod:: truncate 1096 .. automethod:: rename 1097 .. automethod:: posix_rename 1098 .. automethod:: remove 1099 .. automethod:: unlink 1100 .. automethod:: readlink 1101 .. automethod:: symlink 1102 .. automethod:: link 1103 .. automethod:: realpath 1104 ============================================================================================================================== = 1105 1106 ============================= = 1107 File attribute access methods 1108 ============================= = 1109 .. automethod:: stat 1110 .. automethod:: lstat 1111 .. automethod:: setstat 1112 .. automethod:: statvfs 1113 .. automethod:: chown 1114 .. automethod:: chmod 1115 .. automethod:: utime 1116 .. automethod:: exists 1117 .. automethod:: lexists 1118 .. automethod:: getatime 1119 .. automethod:: getmtime 1120 .. automethod:: getsize 1121 .. automethod:: isdir 1122 .. automethod:: isfile 1123 .. automethod:: islink 1124 ============================= = 1125 1126 ================================================= = 1127 Directory access methods 1128 ================================================= = 1129 .. automethod:: chdir 1130 .. automethod:: getcwd 1131 .. automethod:: mkdir(path, attrs=SFTPAttrs()) 1132 .. automethod:: makedirs(path, attrs=SFTPAttrs()) 1133 .. automethod:: rmdir 1134 .. automethod:: rmtree 1135 .. automethod:: scandir 1136 .. automethod:: readdir 1137 .. automethod:: listdir 1138 .. automethod:: glob 1139 ================================================= = 1140 1141 =========================== = 1142 Cleanup methods 1143 =========================== = 1144 .. automethod:: exit 1145 .. automethod:: wait_closed 1146 =========================== = 1147 1148SFTPClientFile 1149-------------- 1150 1151.. autoclass:: SFTPClientFile() 1152 1153 ================================================ = 1154 .. automethod:: read 1155 .. automethod:: write 1156 .. automethod:: seek(offset, from_what=SEEK_SET) 1157 .. automethod:: tell 1158 .. automethod:: stat 1159 .. automethod:: setstat 1160 .. automethod:: statvfs 1161 .. automethod:: truncate 1162 .. automethod:: chown 1163 .. automethod:: chmod 1164 .. automethod:: utime 1165 .. automethod:: fsync 1166 .. automethod:: close 1167 ================================================ = 1168 1169SFTPServer 1170---------- 1171 1172.. autoclass:: SFTPServer 1173 1174 ============================= = 1175 SFTP server attributes 1176 ============================= = 1177 .. autoattribute:: channel 1178 .. autoattribute:: connection 1179 .. autoattribute:: env 1180 .. autoattribute:: logger 1181 ============================= = 1182 1183 ================================== = 1184 Path remapping and display methods 1185 ================================== = 1186 .. automethod:: format_user 1187 .. automethod:: format_group 1188 .. automethod:: format_longname 1189 .. automethod:: map_path 1190 .. automethod:: reverse_map_path 1191 ================================== = 1192 1193 ============================ = 1194 File access methods 1195 ============================ = 1196 .. automethod:: open 1197 .. automethod:: close 1198 .. automethod:: read 1199 .. automethod:: write 1200 .. automethod:: rename 1201 .. automethod:: posix_rename 1202 .. automethod:: remove 1203 .. automethod:: readlink 1204 .. automethod:: symlink 1205 .. automethod:: link 1206 .. automethod:: realpath 1207 ============================ = 1208 1209 ============================= = 1210 File attribute access methods 1211 ============================= = 1212 .. automethod:: stat 1213 .. automethod:: lstat 1214 .. automethod:: fstat 1215 .. automethod:: setstat 1216 .. automethod:: fsetstat 1217 .. automethod:: statvfs 1218 .. automethod:: fstatvfs 1219 ============================= = 1220 1221 ======================== = 1222 Directory access methods 1223 ======================== = 1224 .. automethod:: listdir 1225 .. automethod:: mkdir 1226 .. automethod:: rmdir 1227 ======================== = 1228 1229 ===================== = 1230 Cleanup methods 1231 ===================== = 1232 .. automethod:: exit 1233 ===================== = 1234 1235SFTPAttrs 1236--------- 1237 1238.. autoclass:: SFTPAttrs() 1239 1240SFTPVFSAttrs 1241------------ 1242 1243.. autoclass:: SFTPVFSAttrs() 1244 1245SFTPName 1246-------- 1247 1248.. autoclass:: SFTPName() 1249 1250.. index:: Public key and certificate support 1251.. _PublicKeySupport: 1252 1253Public Key Support 1254================== 1255 1256AsyncSSH has extensive public key and certificate support. 1257 1258Supported public key types include DSA, RSA, and ECDSA. In addition, Ed25519 1259and Ed448 keys are supported if OpenSSL 1.1.1b or later is installed. 1260Alternately, Ed25519 support is available when the libnacl package and 1261libsodium library are installed. 1262 1263Supported certificate types include OpenSSH version 01 certificates for 1264DSA, RSA, ECDSA, Ed25519, and Ed448 keys and X.509 certificates for DSA, 1265RSA, and ECDSA keys. 1266 1267Support is also available for the certificate critical options of 1268force-command and source-address and the extensions permit-X11-forwarding, 1269permit-agent-forwarding, permit-port-forwarding, and permit-pty in 1270OpenSSH certificates. 1271 1272Several public key and certificate formats are supported including 1273PKCS#1 and PKCS#8 DER and PEM, OpenSSH, RFC4716, and X.509 DER and 1274PEM formats. 1275 1276PEM and PKCS#8 password-based encryption of private keys is supported, as 1277is OpenSSH private key encryption when the bcrypt package is installed. 1278 1279.. index:: Specifying private keys 1280.. _SpecifyingPrivateKeys: 1281 1282Specifying private keys 1283----------------------- 1284 1285Private keys may be passed into AsyncSSH in a variety of forms. The 1286simplest option is to pass the name of a file to read one or more 1287private keys from. 1288 1289An alternate form involves passing in a list of values which can be 1290either a reference to a private key or a tuple containing a reference 1291to a private key and a reference to a corresponding certificate or 1292certificate chain. 1293 1294Key references can either be the name of a file to load a key from, 1295a byte string to import as a key, or an already loaded :class:`SSHKey` 1296private key. See the function :func:`import_private_key` for the list 1297of supported private key formats. 1298 1299Certificate references can be the name of a file to load a certificate 1300from, a byte string to import as a certificate, an already loaded 1301:class:`SSHCertificate`, or ``None`` if no certificate should be 1302associated with the key. 1303 1304Whenever a filename is provided to read the private key from, an attempt 1305is made to load a corresponding certificate or certificate chain from a 1306file constructed by appending '-cert.pub' to the end of the name. X.509 1307certificates may also be provided in the same file as the private key, 1308when using DER or PEM format. 1309 1310When using X.509 certificates, a list of certificates can also be 1311provided. These certificates should form a trust chain from a user or 1312host certificate up to some self-signed root certificate authority 1313which is trusted by the remote system. 1314 1315Instead of passing tuples of keys and certificates or relying on file 1316naming conventions for certificates, you also have the option of 1317providing a list of keys and a seperate list of certificates. In this 1318case, AsyncSSH will automatically match up the keys with their 1319associated certificates when they are present. 1320 1321New private keys can be generated using the :func:`generate_private_key` 1322function. The resulting :class:`SSHKey` objects have methods which can 1323then be used to export the generated keys in several formats for 1324consumption by other tools, as well as methods for generating new 1325OpenSSH or X.509 certificates. 1326 1327.. index:: Specifying public keys 1328.. _SpecifyingPublicKeys: 1329 1330Specifying public keys 1331---------------------- 1332 1333Public keys may be passed into AsyncSSH in a variety of forms. The 1334simplest option is to pass the name of a file to read one or more 1335public keys from. 1336 1337An alternate form involves passing in a list of values each of which 1338can be either the name of a file to load a key from, a byte string 1339to import it from, or an already loaded :class:`SSHKey` public key. 1340See the function :func:`import_public_key` for the list of supported 1341public key formats. 1342 1343.. index:: Specifying certificates 1344.. _SpecifyingCertificates: 1345 1346Specifying certificates 1347----------------------- 1348 1349Certificates may be passed into AsyncSSH in a variety of forms. The 1350simplest option is to pass the name of a file to read one or more 1351certificates from. 1352 1353An alternate form involves passing in a list of values each of which 1354can be either the name of a file to load a certificate from, a byte string 1355to import it from, or an already loaded :class:`SSHCertificate` object. 1356See the function :func:`import_certificate` for the list of supported 1357certificate formats. 1358 1359.. index:: Specifying X.509 subject names 1360.. _SpecifyingX509Subjects: 1361 1362Specifying X.509 subject names 1363------------------------------ 1364 1365X.509 certificate subject names may be specified in place of public keys 1366or certificates in authorized_keys and known_hosts files, allowing any 1367X.509 certificate which matches that subject name to be considered a 1368known host or authorized key. The syntax supported for this is compatible 1369with PKIX-SSH, which adds X.509 certificate support to OpenSSH. 1370 1371To specify a subject name pattern instead of a specific certificate, 1372base64-encoded certificate data should be replaced with the string 1373'Subject:' followed by a a comma-separated list of X.509 relative 1374distinguished name components. 1375 1376AsyncSSH extends the PKIX-SSH syntax to also support matching on a 1377prefix of a subject name. To indicate this, a partial subject name 1378can be specified which ends in ',*'. Any subject which matches the 1379relative distinguished names listed before the ",*" will be treated 1380as a match, even if the certificate provided has additional relative 1381distinguished names following what was matched. 1382 1383.. index:: Specifying X.509 purposes 1384.. _SpecifyingX509Purposes: 1385 1386Specifying X.509 purposes 1387------------------------- 1388 1389When performing X.509 certificate authentication, AsyncSSH can be 1390passed in an allowed set of ExtendedKeyUsage purposes. Purposes are 1391matched in X.509 certificates as OID values, but AsyncSSH also allows 1392the following well-known purpose values to be specified by name: 1393 1394 ================= ================== 1395 Name OID 1396 ================= ================== 1397 serverAuth 1.3.6.1.5.5.7.3.1 1398 clientAuth 1.3.6.1.5.5.7.3.2 1399 secureShellClient 1.3.6.1.5.5.7.3.20 1400 secureShellServer 1.3.6.1.5.5.7.3.21 1401 ================= ================== 1402 1403Values not in the list above can be specified directly by OID as a 1404dotted numeric string value. Either a single value or a list of values 1405can be provided. 1406 1407The check succeeds if any of the specified values are present in the 1408certificate's ExtendedKeyUsage. It will also succeed if the certificate 1409does not contain an ExtendedKeyUsage or if the ExtendedKeyUsage contains 1410the OID 2.5.29.37.0, which indicates the certificate can be used for any 1411purpose. 1412 1413This check defaults to requiring a purpose of 'secureShellCient' for 1414client certificates and 'secureShellServer' for server certificates 1415and should not normally need to be changed. However, certificates which 1416contain other purposes can be supported by providing alternate values to 1417match against, or by passing in the purpose 'any' to disable this checking. 1418 1419.. index:: Specifying time values 1420.. _SpecifyingTimeValues: 1421 1422Specifying time values 1423---------------------- 1424 1425When generating certificates, an optional validity interval can be 1426specified using the ``valid_after`` and ``valid_before`` parameters 1427to the :meth:`generate_user_certificate() <SSHKey.generate_user_certificate>` 1428and :meth:`generate_host_certificate() <SSHKey.generate_host_certificate>` 1429methods. These values can be specified in any of the following ways: 1430 1431 * An int or float UNIX epoch time, such as what is returned by 1432 :func:`time.time`. 1433 * A :class:`datetime.datetime` value. 1434 * A string value of ``now`` to request the current time. 1435 * A string value in the form ``YYYYMMDD`` to specify an absolute date. 1436 * A string value in the form ``YYYYMMDDHHMMSS`` to specify an 1437 absolute date and time. 1438 * A time interval described in :ref:`SpecifyingTimeIntervals` which is 1439 interpreted as a relative time from now. This value can be negative 1440 to refer to times in the past or positive to refer to times in the 1441 future. 1442 1443SSHKey 1444------ 1445 1446.. autoclass:: SSHKey() 1447 1448 ============================================== = 1449 .. automethod:: get_algorithm 1450 .. automethod:: get_comment_bytes 1451 .. automethod:: get_comment 1452 .. automethod:: set_comment 1453 .. automethod:: get_fingerprint 1454 .. automethod:: convert_to_public 1455 .. automethod:: generate_user_certificate 1456 .. automethod:: generate_host_certificate 1457 .. automethod:: generate_x509_user_certificate 1458 .. automethod:: generate_x509_host_certificate 1459 .. automethod:: generate_x509_ca_certificate 1460 .. automethod:: export_private_key 1461 .. automethod:: export_public_key 1462 .. automethod:: write_private_key 1463 .. automethod:: write_public_key 1464 .. automethod:: append_private_key 1465 .. automethod:: append_public_key 1466 ============================================== = 1467 1468SSHKeyPair 1469---------- 1470 1471.. autoclass:: SSHKeyPair() 1472 1473 ================================= = 1474 .. automethod:: get_key_type 1475 .. automethod:: get_algorithm 1476 .. automethod:: set_certificate 1477 .. automethod:: get_comment_bytes 1478 .. automethod:: get_comment 1479 .. automethod:: set_comment 1480 ================================= = 1481 1482SSHCertificate 1483-------------- 1484 1485.. autoclass:: SSHCertificate() 1486 1487 ================================== = 1488 .. automethod:: get_algorithm 1489 .. automethod:: get_comment_bytes 1490 .. automethod:: get_comment 1491 .. automethod:: set_comment 1492 .. automethod:: export_certificate 1493 .. automethod:: write_certificate 1494 .. automethod:: append_certificate 1495 ================================== = 1496 1497generate_private_key 1498-------------------- 1499 1500.. autofunction:: generate_private_key 1501 1502import_private_key 1503------------------ 1504 1505.. autofunction:: import_private_key 1506 1507import_public_key 1508----------------- 1509 1510.. autofunction:: import_public_key 1511 1512import_certificate 1513------------------ 1514 1515.. autofunction:: import_certificate 1516 1517read_private_key 1518---------------- 1519 1520.. autofunction:: read_private_key 1521 1522read_public_key 1523--------------- 1524 1525.. autofunction:: read_public_key 1526 1527read_certificate 1528---------------- 1529 1530.. autofunction:: read_certificate 1531 1532read_private_key_list 1533--------------------- 1534 1535.. autofunction:: read_private_key_list 1536 1537read_public_key_list 1538-------------------- 1539 1540.. autofunction:: read_public_key_list 1541 1542read_certificate_list 1543--------------------- 1544 1545.. autofunction:: read_certificate_list 1546 1547load_keypairs 1548------------- 1549 1550.. autofunction:: load_keypairs 1551 1552load_public_keys 1553---------------- 1554 1555.. autofunction:: load_public_keys 1556 1557load_certificates 1558----------------- 1559 1560.. autofunction:: load_certificates 1561 1562load_pkcs11_keys 1563---------------- 1564 1565.. autofunction:: load_pkcs11_keys 1566 1567load_resident_keys 1568------------------ 1569 1570.. autofunction:: load_resident_keys 1571 1572.. index:: SSH agent support 1573 1574SSH Agent Support 1575================= 1576 1577AsyncSSH supports the ability to use private keys managed by the OpenSSH 1578ssh-agent on UNIX systems. It can connect via a UNIX domain socket to 1579the agent and offload all private key operations to it, avoiding the need 1580to read these keys into AsyncSSH itself. An ssh-agent is automatically 1581used in :func:`create_connection` when a valid ``SSH_AUTH_SOCK`` is set 1582in the environment. An alternate path to the agent can be specified via 1583the ``agent_path`` argument to this function. 1584 1585An ssh-agent can also be accessed directly from AsyncSSH by calling 1586:func:`connect_agent`. When successful, this function returns an 1587:class:`SSHAgentClient` which can be used to get a list of available 1588keys, add and remove keys, and lock and unlock access to this agent. 1589 1590SSH agent forwarding may be enabled when making outbound SSH connections 1591by specifying the ``agent_forwarding`` argument when calling 1592:func:`create_connection`, allowing processes running on the server 1593to tunnel requests back over the SSH connection to the client's ssh-agent. 1594 1595Agent forwarding can be enabled when starting an SSH server by 1596specifying the ``agent_forwarding`` argument when calling 1597:func:`create_server`. In this case, the client's ssh-agent can be 1598accessed from the server by passing the :class:`SSHServerConnection` as 1599the argument to :func:`connect_agent` instead of a local path. Alternately, 1600when an :class:`SSHServerChannel` has been opened, the :meth:`get_agent_path() 1601<SSHServerChannel.get_agent_path>` method may be called on it to get a 1602path to a UNIX domain socket which can be passed as the ``SSH_AUTH_SOCK`` 1603to local applications which need this access. Any requests sent to this 1604socket are forwarded over the SSH connection to the client's ssh-agent. 1605 1606SSHAgentClient 1607-------------- 1608 1609.. autoclass:: SSHAgentClient() 1610 1611 ===================================== = 1612 .. automethod:: get_keys 1613 .. automethod:: add_keys 1614 .. automethod:: add_smartcard_keys 1615 .. automethod:: remove_keys 1616 .. automethod:: remove_smartcard_keys 1617 .. automethod:: remove_all 1618 .. automethod:: lock 1619 .. automethod:: unlock 1620 .. automethod:: query_extensions 1621 .. automethod:: close 1622 .. automethod:: wait_closed 1623 ===================================== = 1624 1625SSHAgentKeyPair 1626--------------- 1627 1628.. autoclass:: SSHAgentKeyPair() 1629 1630 ================================= = 1631 .. automethod:: get_key_type 1632 .. automethod:: get_algorithm 1633 .. automethod:: get_comment_bytes 1634 .. automethod:: get_comment 1635 .. automethod:: set_comment 1636 .. automethod:: remove 1637 ================================= = 1638 1639connect_agent 1640------------- 1641 1642.. autofunction:: connect_agent 1643 1644.. index:: Config file support 1645.. _ConfigFileSupport: 1646 1647Config File Support 1648=================== 1649 1650AsyncSSH has partial support for parsing OpenSSH client and server 1651configuration files (documented in the "ssh_config" and "sshd_config" 1652UNIX man pages, respectively). Not all OpenSSH configuration options 1653are applicable, so unsupported options are simply ignored. See below 1654for the OpenSSH config options that AsyncSSH supports. 1655 1656AsyncSSH also supports "Host" and "Match" conditional blocks. As with 1657the config options themselves, not all match criteria are supported, 1658but the supported criteria should function similar to OpenSSH. 1659 1660AsyncSSH also supports the "Include" directive, to allow one config 1661file trigger the loading of others. 1662 1663.. index:: Supported client config options 1664.. _SupportedClientConfigOptions: 1665 1666Supported client config options 1667------------------------------- 1668 1669The following OpenSSH client config options are currently supported: 1670 1671 | AddressFamily 1672 | BindAddress 1673 | CASignatureAlgorithms 1674 | CertificateFile 1675 | ChallengeResponseAuthentication 1676 | Ciphers 1677 | Compression 1678 | ConnectTimeout 1679 | EnableSSHKeySign 1680 | ForwardAgent 1681 | ForwardX11Trusted 1682 | GlobalKnownHostsFile 1683 | GSSAPIAuthentication 1684 | GSSAPIDelegateCredentials 1685 | GSSAPIKeyExchange 1686 | HostbasedAuthentication 1687 | HostKeyAlgorithms 1688 | HostKeyAlias 1689 | Hostname 1690 | IdentityAgent 1691 | IdentityFile 1692 | KbdInteractiveAuthentication 1693 | KexAlgorithms 1694 | MACs 1695 | PasswordAuthentication 1696 | PreferredAuthentications 1697 | Port 1698 | ProxyCommand 1699 | ProxyJump 1700 | PubkeyAuthentication 1701 | RekeyLimit 1702 | RemoteCommand 1703 | RequestTTY 1704 | SendEnv 1705 | ServerAliveCountMax 1706 | ServerAliveInterval 1707 | SetEnv 1708 | TCPKeepAlive 1709 | User 1710 | UserKnownHostsFile 1711 1712For the "Match" conditional, the following criteria are currently supported: 1713 1714 | All 1715 | Host 1716 | LocalUser 1717 | OriginalHost 1718 | User 1719 1720The following client config token expansions are currently supported: 1721 1722 ===== ============================================================ 1723 Token Expansion 1724 ===== ============================================================ 1725 %% Literal '%' 1726 %C SHA-1 Hash of connection info (local host, host, port, user) 1727 %d Local user's home directory 1728 %h Remote host 1729 %i Local uid (UNIX-only) 1730 %L Short local hostname (without the domain) 1731 %l Local hostname (including the domain) 1732 %n Original remote host 1733 %p Remote port 1734 %r Remote username 1735 %u Local username 1736 ===== ============================================================ 1737 1738These expansions are available in the values of the following config options: 1739 1740 | CertificateFile 1741 | IdentityAgent 1742 | IdentityFile 1743 | RemoteCommand 1744 1745.. index:: Supported server config options 1746.. _SupportedServerConfigOptions: 1747 1748Supported server config options 1749------------------------------- 1750 1751The following OpenSSH server config options are currently supported: 1752 1753 | AddressFamily 1754 | AuthorizedKeysFile 1755 | AllowAgentForwarding 1756 | BindAddress 1757 | CASignatureAlgorithms 1758 | ChallengeResponseAuthentication 1759 | Ciphers 1760 | ClientAliveCountMax 1761 | ClientAliveInterval 1762 | Compression 1763 | GSSAPIAuthentication 1764 | GSSAPIKeyExchange 1765 | HostbasedAuthentication 1766 | HostCertificate 1767 | HostKey 1768 | KbdInteractiveAuthentication 1769 | KexAlgorithms 1770 | LoginGraceTime 1771 | MACs 1772 | PasswordAuthentication 1773 | PermitTTY 1774 | Port 1775 | ProxyCommand 1776 | PubkeyAuthentication 1777 | RekeyLimit 1778 | TCPKeepAlive 1779 | UseDNS 1780 1781For the "Match" conditional, the following criteria are currently supported: 1782 1783 | All 1784 | Address 1785 | Host 1786 | LocalAddress 1787 | LocalPort 1788 | User 1789 1790The following server config token expansions are currently supported: 1791 1792 ===== =========== 1793 Token Expansion 1794 ===== =========== 1795 %% Literal '%' 1796 %u Username 1797 ===== =========== 1798 1799These expansions are available in the values of the following config options: 1800 1801 | AuthorizedKeysFile 1802 1803.. index:: Specifying byte counts 1804.. _SpecifyingByteCounts: 1805 1806Specifying byte counts 1807---------------------- 1808 1809A byte count may be passed into AsyncSSH as an integer value, or as a 1810string made up of a mix of numbers followed by an optional letter of 1811'k', 'm', or 'g', indicating kilobytes, megabytes, or gigabytes, 1812respectively. Multiple of these values can be included. For instance, 1813'2.5m' means 2.5 megabytes. This could also be expressed as '2m512k' 1814or '2560k'. 1815 1816.. index:: Specifying time intervals 1817.. _SpecifyingTimeIntervals: 1818 1819Specifying time intervals 1820------------------------- 1821 1822A time interval may be passed into AsyncSSH as an integer or float value, 1823or as a string made up of a mix of positive or negative numbers and the 1824letters 'w', 'd', 'h', 'm', and 's', indicating weeks, days, hours, 1825minutes, or seconds, respectively. Multiple of these values can be 1826included. For instance, '1w2d3h' means 1 week, 2 days, and 3 hours. 1827 1828.. index:: Known hosts 1829.. _KnownHosts: 1830 1831Known Hosts 1832=========== 1833 1834AsyncSSH supports OpenSSH-style known_hosts files, including both 1835plain and hashed host entries. Regular and negated host patterns are 1836supported in plain entries. AsyncSSH also supports the ``@cert_authority`` 1837marker to indicate keys and certificates which should be trusted as 1838certificate authorities and the ``@revoked`` marker to indicate keys and 1839certificates which should be explicitly reported as no longer trusted. 1840 1841.. index:: Specifying known hosts 1842.. _SpecifyingKnownHosts: 1843 1844Specifying known hosts 1845---------------------- 1846 1847Known hosts may be passed into AsyncSSH via the ``known_hosts`` argument 1848to :func:`create_connection`. This can be the name of a file or list of files 1849containing known hosts, a byte string containing data in known hosts format, 1850or an :class:`SSHKnownHosts` object which was previously imported from a 1851string by calling :func:`import_known_hosts` or read from files by calling 1852:func:`read_known_hosts`. In all of these cases, the host patterns in the 1853list will be compared against the target host, address, and port being 1854connected to and the matching trusted host keys, trusted CA keys, revoked 1855keys, trusted X.509 certificates, revoked X.509 certificates, trusted 1856X.509 subject names, and revoked X.509 subject names will be returned. 1857 1858Alternately, a function can be passed in as the ``known_hosts`` argument 1859that accepts a target host, address, and port and returns lists containing 1860trusted host keys, trusted CA keys, revoked keys, trusted X.509 certificates, 1861revoked X.509 certificates, trusted X.509 subject names, and revoked X.509 1862subject names. 1863 1864If no matching is required and the caller already knows exactly what the 1865above values should be, these seven lists can also be provided directly in 1866the ``known_hosts`` argument. 1867 1868See :ref:`SpecifyingPublicKeys` for the allowed form of public key values 1869which can be provided, :ref:`SpecifyingCertificates` for the allowed form 1870of certificates, and :ref:`SpecifyingX509Subjects` for the allowed form 1871of X.509 subject names. 1872 1873SSHKnownHosts 1874------------- 1875 1876.. autoclass:: SSHKnownHosts() 1877 1878 ===================== = 1879 .. automethod:: match 1880 ===================== = 1881 1882import_known_hosts 1883------------------ 1884 1885.. autofunction:: import_known_hosts 1886 1887read_known_hosts 1888---------------- 1889 1890.. autofunction:: read_known_hosts 1891 1892 1893match_known_hosts 1894----------------- 1895 1896.. autofunction:: match_known_hosts 1897 1898.. index:: Authorized keys 1899.. _AuthorizedKeys: 1900 1901Authorized Keys 1902=============== 1903 1904AsyncSSH supports OpenSSH-style authorized_keys files, including the 1905cert-authority option to validate user certificates, enforcement of 1906from and principals options to restrict key matching, enforcement 1907of no-X11-forwarding, no-agent-forwarding, no-pty, no-port-forwarding, 1908and permitopen options, and support for command and environment options. 1909 1910.. index:: Specifying authorized keys 1911.. _SpecifyingAuthorizedKeys: 1912 1913Specifying authorized keys 1914-------------------------- 1915 1916Authorized keys may be passed into AsyncSSH via the 1917``authorized_client_keys`` argument to :func:`create_server` or by calling 1918:meth:`set_authorized_keys() <SSHServerConnection.set_authorized_keys>` 1919on the :class:`SSHServerConnection` from within the :meth:`begin_auth() 1920<SSHServer.begin_auth>` method in :class:`SSHServer`. 1921 1922Authorized keys can be provided as either the name of a file or list of 1923files to read authorized keys from or an :class:`SSHAuthorizedKeys` object 1924which was previously imported from a string by calling 1925:func:`import_authorized_keys` or read from files by calling 1926:func:`read_authorized_keys`. 1927 1928An authorized keys file may contain public keys or X.509 certificates 1929in OpenSSH format or X.509 certificate subject names. See 1930:ref:`SpecifyingX509Subjects` for more information on using subject names 1931in place of specific X.509 certificates. 1932 1933SSHAuthorizedKeys 1934----------------- 1935 1936.. autoclass:: SSHAuthorizedKeys() 1937 1938import_authorized_keys 1939---------------------- 1940 1941.. autofunction:: import_authorized_keys 1942 1943read_authorized_keys 1944-------------------- 1945 1946.. autofunction:: read_authorized_keys 1947 1948.. index:: Logging 1949.. _Logging: 1950 1951Logging 1952======= 1953 1954AsyncSSH supports logging through the standard Python `logging` package. 1955Logging is done under the logger named `'asyncssh'` as well as a child 1956logger named `'asyncssh.sftp'` to allow different log levels to be set 1957for SFTP related log messages. 1958 1959The base AsyncSSH log level can be set using the :func:`set_log_level` 1960function and the SFTP log level can be set using the :func:`set_sftp_log_level` 1961function. In addition, when either of these loggers is set to level DEBUG, 1962AsyncSSH provides fine-grained control over the level of debug logging 1963via the :func:`set_debug_level` function. 1964 1965AsyncSSH also provides logger objects as members of connection, channel, 1966stream, and process objects that automatically log additional context about 1967the connection or channel the logger is a member of. These objects can 1968be used by application code to output custom log information associated 1969with a particular connection or channel. Logger objects are also provided 1970as members of SFTP client and server objects. 1971 1972set_log_level 1973------------- 1974 1975.. autofunction:: set_log_level 1976 1977set_sftp_log_level 1978------------------ 1979 1980.. autofunction:: set_sftp_log_level 1981 1982set_debug_level 1983--------------- 1984 1985.. autofunction:: set_debug_level 1986 1987.. index:: Exceptions 1988.. _Exceptions: 1989 1990Exceptions 1991========== 1992 1993PasswordChangeRequired 1994---------------------- 1995 1996.. autoexception:: PasswordChangeRequired 1997 1998BreakReceived 1999------------- 2000 2001.. autoexception:: BreakReceived 2002 2003SignalReceived 2004-------------- 2005 2006.. autoexception:: SignalReceived 2007 2008TerminalSizeChanged 2009------------------- 2010 2011.. autoexception:: TerminalSizeChanged 2012 2013DisconnectError 2014--------------- 2015 2016.. autoexception:: DisconnectError 2017.. autoexception:: CompressionError 2018.. autoexception:: ConnectionLost 2019.. autoexception:: HostKeyNotVerifiable 2020.. autoexception:: IllegalUserName 2021.. autoexception:: KeyExchangeFailed 2022.. autoexception:: MACError 2023.. autoexception:: PermissionDenied 2024.. autoexception:: ProtocolError 2025.. autoexception:: ProtocolNotSupported 2026.. autoexception:: ServiceNotAvailable 2027 2028ChannelOpenError 2029---------------- 2030 2031.. autoexception:: ChannelOpenError 2032 2033ChannelListenError 2034------------------ 2035 2036.. autoexception:: ChannelListenError 2037 2038ProcessError 2039------------ 2040 2041.. autoexception:: ProcessError 2042 2043TimeoutError 2044------------ 2045 2046.. autoexception:: TimeoutError 2047 2048SFTPError 2049--------- 2050 2051.. autoexception:: SFTPError 2052.. autoexception:: SFTPEOFError 2053.. autoexception:: SFTPNoSuchFile 2054.. autoexception:: SFTPPermissionDenied 2055.. autoexception:: SFTPFailure 2056.. autoexception:: SFTPBadMessage 2057.. autoexception:: SFTPNoConnection 2058.. autoexception:: SFTPConnectionLost 2059.. autoexception:: SFTPOpUnsupported 2060 2061KeyImportError 2062-------------- 2063 2064.. autoexception:: KeyImportError 2065 2066KeyExportError 2067-------------- 2068 2069.. autoexception:: KeyExportError 2070 2071KeyEncryptionError 2072------------------ 2073 2074.. autoexception:: KeyEncryptionError 2075 2076KeyGenerationError 2077------------------ 2078 2079.. autoexception:: KeyGenerationError 2080 2081ConfigParseError 2082---------------- 2083 2084.. autoexception:: ConfigParseError 2085 2086.. index:: Supported algorithms 2087.. _SupportedAlgorithms: 2088 2089Supported Algorithms 2090==================== 2091 2092Algorithms can be specified as either an list of exact algorithm names 2093or as a string of comma-separated algorithm names that may optionally 2094include wildcards. A '*' in a name matches zero or more characters and 2095a '?' matches exactly one character. 2096 2097When specifying algorithms as a string, it can also be prefixed with '^' 2098to insert the matching algorithms in front of the default algorithms of 2099that type, a '+' to insert the matching algorithms after the default 2100algorithms, or a '-' to return the default algorithms with the matching 2101algorithms removed. 2102 2103.. index:: Key exchange algorithms 2104.. _KexAlgs: 2105 2106Key exchange algorithms 2107----------------------- 2108 2109The following are the default key exchange algorithms currently supported 2110by AsyncSSH: 2111 2112 | gss-curve25519-sha256 2113 | gss-curve448-sha512 2114 | gss-nistp521-sha512 2115 | gss-nistp384-sha256 2116 | gss-nistp256-sha256 2117 | gss-1.3.132.0.10-sha256 2118 | gss-gex-sha256 2119 | gss-group14-sha256 2120 | gss-group15-sha512 2121 | gss-group16-sha512 2122 | gss-group17-sha512 2123 | gss-group18-sha512 2124 | gss-group14-sha1 2125 | curve25519-sha256 2126 | curve25519-sha256\@libssh.org 2127 | curve448-sha512 2128 | ecdh-sha2-nistp521 2129 | ecdh-sha2-nistp384 2130 | ecdh-sha2-nistp256 2131 | ecdh-sha2-1.3.132.0.10 2132 | diffie-hellman-group-exchange-sha256 2133 | diffie-hellman-group14-sha256 2134 | diffie-hellman-group15-sha512 2135 | diffie-hellman-group16-sha512 2136 | diffie-hellman-group17-sha512 2137 | diffie-hellman-group18-sha512 2138 | diffie-hellman-group14-sha256\@ssh.com 2139 | diffie-hellman-group14-sha1 2140 | rsa2048-sha256 2141 2142The following key exchange algorithms are supported by AsyncSSH, but 2143disabled by default: 2144 2145 | gss-gex-sha1 2146 | gss-group1-sha1 2147 | diffie-hellman-group-exchange-sha224\@ssh.com 2148 | diffie-hellman-group-exchange-sha384\@ssh.com 2149 | diffie-hellman-group-exchange-sha512\@ssh.com 2150 | diffie-hellman-group-exchange-sha1 2151 | diffie-hellman-group14-sha224\@ssh.com 2152 | diffie-hellman-group15-sha256\@ssh.com 2153 | diffie-hellman-group15-sha384\@ssh.com 2154 | diffie-hellman-group16-sha384\@ssh.com 2155 | diffie-hellman-group16-sha512\@ssh.com 2156 | diffie-hellman-group18-sha512\@ssh.com 2157 | diffie-hellman-group1-sha1 2158 | rsa1024-sha1 2159 2160GSS authentication support is only available when the gssapi package is 2161installed on UNIX or the pywin32 package is installed on Windows. 2162 2163Curve25519 and Curve448 support is available when OpenSSL 1.1.1 or 2164later is installed. Alternately, Curve25519 is available when the 2165libnacl package and libsodium library are installed. 2166 2167.. index:: Encryption algorithms 2168.. _EncryptionAlgs: 2169 2170Encryption algorithms 2171--------------------- 2172 2173The following are the default encryption algorithms currently supported 2174by AsyncSSH: 2175 2176 | chacha20-poly1305\@openssh.com 2177 | aes256-gcm\@openssh.com 2178 | aes128-gcm\@openssh.com 2179 | aes256-ctr 2180 | aes192-ctr 2181 | aes128-ctr 2182 2183The following encryption algorithms are supported by AsyncSSH, but 2184disabled by default: 2185 2186 | aes256-cbc 2187 | aes192-cbc 2188 | aes128-cbc 2189 | 3des-cbc 2190 | blowfish-cbc 2191 | cast128-cbc 2192 | seed-cbc\@ssh.com 2193 | arcfour256 2194 | arcfour128 2195 | arcfour 2196 2197Chacha20-Poly1305 support is available when either OpenSSL 1.1.1b or later 2198or the libnacl package and libsodium library are installed. 2199 2200.. index:: MAC algorithms 2201.. _MACAlgs: 2202 2203MAC algorithms 2204-------------- 2205 2206The following are the default MAC algorithms currently supported by AsyncSSH: 2207 2208 | umac-64-etm\@openssh.com 2209 | umac-128-etm\@openssh.com 2210 | hmac-sha2-256-etm\@openssh.com 2211 | hmac-sha2-512-etm\@openssh.com 2212 | hmac-sha1-etm\@openssh.com 2213 | umac-64\@openssh.com 2214 | umac-128\@openssh.com 2215 | hmac-sha2-256 2216 | hmac-sha2-512 2217 | hmac-sha1 2218 | hmac-sha256-2\@ssh.com 2219 | hmac-sha224\@ssh.com 2220 | hmac-sha256\@ssh.com 2221 | hmac-sha384\@ssh.com 2222 | hmac-sha512\@ssh.com 2223 2224The following MAC algorithms are supported by AsyncSSH, but disabled 2225by default: 2226 2227 | hmac-md5-etm\@openssh.com 2228 | hmac-sha2-256-96-etm\@openssh.com 2229 | hmac-sha2-512-96-etm\@openssh.com 2230 | hmac-sha1-96-etm\@openssh.com 2231 | hmac-md5-96-etm\@openssh.com 2232 | hmac-md5 2233 | hmac-sha2-256-96 2234 | hmac-sha2-512-96 2235 | hmac-sha1-96 2236 | hmac-md5-96 2237 2238UMAC support is only available when the nettle library is installed. 2239 2240.. index:: Compression algorithms 2241.. _CompressionAlgs: 2242 2243Compression algorithms 2244---------------------- 2245 2246The following are the default compression algorithms currently supported 2247by AsyncSSH: 2248 2249 | zlib\@openssh.com 2250 | none 2251 2252The following compression algorithms are supported by AsyncSSH, but disabled 2253by default: 2254 2255 | zlib 2256 2257.. index:: Signature algorithms 2258.. _SignatureAlgs: 2259 2260Signature algorithms 2261-------------------- 2262 2263The following are the default public key signature algorithms currently 2264supported by AsyncSSH: 2265 2266 | x509v3-ssh-ed25519 2267 | x509v3-ssh-ed448 2268 | x509v3-ecdsa-sha2-nistp521 2269 | x509v3-ecdsa-sha2-nistp384 2270 | x509v3-ecdsa-sha2-nistp256 2271 | x509v3-ecdsa-sha2-1.3.132.0.10 2272 | x509v3-rsa2048-sha256 2273 | x509v3-ssh-rsa 2274 | sk-ssh-ed25519\@openssh.com 2275 | sk-ecdsa-sha2-nistp256\@openssh.com 2276 | ssh-ed25519 2277 | ssh-ed448 2278 | ecdsa-sha2-nistp521 2279 | ecdsa-sha2-nistp384 2280 | ecdsa-sha2-nistp256 2281 | ecdsa-sha2-1.3.132.0.10 2282 | rsa-sha2-256 2283 | rsa-sha2-512 2284 | ssh-rsa-sha224\@ssh.com 2285 | ssh-rsa-sha256\@ssh.com 2286 | ssh-rsa-sha384\@ssh.com 2287 | ssh-rsa-sha512\@ssh.com 2288 | ssh-rsa 2289 2290The following public key signature algorithms are supported by AsyncSSH, 2291but disabled by default: 2292 2293 | x509v3-ssh-dss 2294 | ssh-dss 2295 2296.. index:: Public key & certificate algorithms 2297.. _PublicKeyAlgs: 2298 2299Public key & certificate algorithms 2300----------------------------------- 2301 2302The following are the default public key and certificate algorithms 2303currently supported by AsyncSSH: 2304 2305 | x509v3-ssh-ed25519 2306 | x509v3-ssh-ed448 2307 | x509v3-ecdsa-sha2-nistp521 2308 | x509v3-ecdsa-sha2-nistp384 2309 | x509v3-ecdsa-sha2-nistp256 2310 | x509v3-ecdsa-sha2-1.3.132.0.10 2311 | x509v3-rsa2048-sha256 2312 | x509v3-ssh-rsa 2313 | sk-ssh-ed25519-cert-v01\@openssh.com 2314 | sk-ecdsa-sha2-nistp256-cert-v01\@openssh.com 2315 | ssh-ed25519-cert-v01\@openssh.com 2316 | ssh-ed448-cert-v01\@openssh.com 2317 | ecdsa-sha2-nistp521-cert-v01\@openssh.com 2318 | ecdsa-sha2-nistp384-cert-v01\@openssh.com 2319 | ecdsa-sha2-nistp256-cert-v01\@openssh.com 2320 | ecdsa-sha2-1.3.132.0.10-cert-v01\@openssh.com 2321 | ssh-rsa-cert-v01\@openssh.com 2322 | sk-ssh-ed25519\@openssh.com 2323 | sk-ecdsa-sha2-nistp256\@openssh.com 2324 | ssh-ed25519 2325 | ssh-ed448 2326 | ecdsa-sha2-nistp521 2327 | ecdsa-sha2-nistp384 2328 | ecdsa-sha2-nistp256 2329 | ecdsa-sha2-1.3.132.0.10 2330 | rsa-sha2-256 2331 | rsa-sha2-512 2332 | ssh-rsa-sha224\@ssh.com 2333 | ssh-rsa-sha256\@ssh.com 2334 | ssh-rsa-sha384\@ssh.com 2335 | ssh-rsa-sha512\@ssh.com 2336 | ssh-rsa 2337 2338The following public key and certificate algorithms are supported by 2339AsyncSSH, but disabled by default: 2340 2341 | x509v3-ssh-dss 2342 | ssh-dss-cert-v01\@openssh.com 2343 | ssh-dss 2344 2345Ed25519 and Ed448 support is available when OpenSSL 1.1.1b or later is 2346installed. Alternately, Ed25519 is available when the libnacl package 2347and libsodium library are installed. 2348 2349.. index:: Constants 2350.. _Constants: 2351 2352Constants 2353========= 2354 2355.. index:: Disconnect reasons 2356.. _DisconnectReasons: 2357 2358Disconnect reasons 2359------------------ 2360 2361The following values defined in section 11.1 of :rfc:`4253#section-11.1` 2362can be specified as disconnect reason codes: 2363 2364 | DISC_HOST_NOT_ALLOWED_TO_CONNECT 2365 | DISC_PROTOCOL_ERROR 2366 | DISC_KEY_EXCHANGE_FAILED 2367 | DISC_RESERVED 2368 | DISC_MAC_ERROR 2369 | DISC_COMPRESSION_ERROR 2370 | DISC_SERVICE_NOT_AVAILABLE 2371 | DISC_PROTOCOL_VERSION_NOT_SUPPORTED 2372 | DISC_HOST_KEY_NOT_VERIFIABLE 2373 | DISC_CONNECTION_LOST 2374 | DISC_BY_APPLICATION 2375 | DISC_TOO_MANY_CONNECTIONS 2376 | DISC_AUTH_CANCELLED_BY_USER 2377 | DISC_NO_MORE_AUTH_METHODS_AVAILABLE 2378 | DISC_ILLEGAL_USER_NAME 2379 2380.. index:: Channel open failure reasons 2381.. _ChannelOpenFailureReasons: 2382 2383Channel open failure reasons 2384---------------------------- 2385 2386The following values defined in section 5.1 of :rfc:`4254#section-5.1` can 2387be specified as channel open failure reason codes: 2388 2389 | OPEN_ADMINISTRATIVELY_PROHIBITED 2390 | OPEN_CONNECT_FAILED 2391 | OPEN_UNKNOWN_CHANNEL_TYPE 2392 | OPEN_RESOURCE_SHORTAGE 2393 2394In addition, AsyncSSH defines the following channel open failure reason codes: 2395 2396 | OPEN_REQUEST_X11_FORWARDING_FAILED 2397 | OPEN_REQUEST_PTY_FAILED 2398 | OPEN_REQUEST_SESSION_FAILED 2399 2400.. index:: SFTP error codes 2401.. _SFTPErrorCodes: 2402 2403SFTP error codes 2404---------------- 2405 2406The following values defined in the `SSH File Transfer Internet Draft 2407<http://www.openssh.com/txt/draft-ietf-secsh-filexfer-02.txt>`_ can be 2408specified as SFTP error codes: 2409 2410 | FX_OK 2411 | FX_EOF 2412 | FX_NO_SUCH_FILE 2413 | FX_PERMISSION_DENIED 2414 | FX_FAILURE 2415 | FX_BAD_MESSAGE 2416 | FX_NO_CONNECTION 2417 | FX_CONNECTION_LOST 2418 | FX_OP_UNSUPPORTED 2419 2420.. index:: Extended data types 2421.. _ExtendedDataTypes: 2422 2423Extended data types 2424------------------- 2425 2426The following values defined in section 5.2 of :rfc:`4254#section-5.2` can 2427be specified as SSH extended channel data types: 2428 2429 | EXTENDED_DATA_STDERR 2430 2431.. index:: POSIX terminal modes 2432.. _PTYModes: 2433 2434POSIX terminal modes 2435-------------------- 2436 2437The following values defined in section 8 of :rfc:`4254#section-8` can be 2438specified as PTY mode opcodes: 2439 2440 | PTY_OP_END 2441 | PTY_VINTR 2442 | PTY_VQUIT 2443 | PTY_VERASE 2444 | PTY_VKILL 2445 | PTY_VEOF 2446 | PTY_VEOL 2447 | PTY_VEOL2 2448 | PTY_VSTART 2449 | PTY_VSTOP 2450 | PTY_VSUSP 2451 | PTY_VDSUSP 2452 | PTY_VREPRINT 2453 | PTY_WERASE 2454 | PTY_VLNEXT 2455 | PTY_VFLUSH 2456 | PTY_VSWTCH 2457 | PTY_VSTATUS 2458 | PTY_VDISCARD 2459 | PTY_IGNPAR 2460 | PTY_PARMRK 2461 | PTY_INPCK 2462 | PTY_ISTRIP 2463 | PTY_INLCR 2464 | PTY_IGNCR 2465 | PTY_ICRNL 2466 | PTY_IUCLC 2467 | PTY_IXON 2468 | PTY_IXANY 2469 | PTY_IXOFF 2470 | PTY_IMAXBEL 2471 | PTY_ISIG 2472 | PTY_ICANON 2473 | PTY_XCASE 2474 | PTY_ECHO 2475 | PTY_ECHOE 2476 | PTY_ECHOK 2477 | PTY_ECHONL 2478 | PTY_NOFLSH 2479 | PTY_TOSTOP 2480 | PTY_IEXTEN 2481 | PTY_ECHOCTL 2482 | PTY_ECHOKE 2483 | PTY_PENDIN 2484 | PTY_OPOST 2485 | PTY_OLCUC 2486 | PTY_ONLCR 2487 | PTY_OCRNL 2488 | PTY_ONOCR 2489 | PTY_ONLRET 2490 | PTY_CS7 2491 | PTY_CS8 2492 | PTY_PARENB 2493 | PTY_PARODD 2494 | PTY_OP_ISPEED 2495 | PTY_OP_OSPEED 2496