ojarva / python-sshpubkeys

OpenSSH public key parser for Python
BSD 3-Clause "New" or "Revised" License
101 stars 42 forks source link
openssh parser publickey python ssh validator

OpenSSH Public Key Parser for Python

.. image:: https://github.com/ojarva/python-sshpubkeys/workflows/Run%20python%20tests/badge.svg

Major changes between versions 2 and 3

Usage

Native implementation for validating OpenSSH public keys.

Currently ssh-rsa, ssh-dss (DSA), ssh-ed25519 and ecdsa keys with NIST curves are supported.

Installation:

::

pip install sshpubkeys

or clone the repository <https://github.com/ojarva/sshpubkeys>_ and use

::

python setup.py install

Usage:

::

import sys from sshpubkeys import SSHKey

ssh = SSHKey("ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAYQCxO38tKAJXIs9ivPxt7AY" "dfybgtAR1ow3Qkb9GPQ6wkFHQqcFDe6faKCxH6iDRteo4D8L8B" "xwzN42uZSB0nfmjkIxFTcEU3mFSXEbWByg78aoddMrAAjatyrh" "H1pON6P0= ojarva@ojar-laptop", strict=True) try: ssh.parse() except InvalidKeyError as err: print("Invalid key:", err) sys.exit(1) except NotImplementedError as err: print("Invalid key type:", err) sys.exit(1)

print(ssh.bits) # 768 print(ssh.hash_md5()) # 56:84:1e:90:08:3b:60:c7:29:70:5f:5e:25:a6:3b:86 print(ssh.hash_sha256()) # SHA256:xk3IEJIdIoR9MmSRXTP98rjDdZocmXJje/28ohMQEwM print(ssh.hash_sha512()) # SHA512:1C3lNBhjpDVQe39hnyy+xvlZYU3IPwzqK1rVneGavy6O3/ebjEQSFvmeWoyMTplIanmUK1hmr9nA8Skmj516HA print(ssh.comment) # ojar@ojar-laptop print(ssh.options_raw) # None (string of optional options at the beginning of public key) print(ssh.options) # None (options as a dictionary, parsed and validated)

Parsing of authorized_keys files:

::

import os from sshpubkeys import AuthorizedKeysFile f = open(os.environ["HOME"] + "/.ssh/authorized_keys", "r") key_file = AuthorizedKeysFile(f, strict=False)

for key in key_file.keys: print(key.key_type, key.bits, key.hash_sha512())

Options

Set options in constructor as a keywords (i.e., SSHKey(None, strict=False))

Exceptions

Tests

See "tests/ <https://github.com/ojarva/sshpubkeys/tree/master/tests>_" folder for unit tests. Use

::

python setup.py test

or

::

python3 setup.py test

to run test suite. If you have keys that are not parsed properly, or malformed keys that raise incorrect exception, please send your public key to olli@jarva.fi, and I'll include it. Alternatively, create a new issue <https://github.com/ojarva/sshpubkeys/issues/new> or make a pull request <https://github.com/ojarva/sshpubkeys/compare> in github.