OpenSSH Public Key Parser for Python
====================================
.. image:: https://github.com/ojarva/python-sshpubkeys/workflows/Run%20python%20tests/badge.svg
Major changes between versions 2 and 3
--------------------------------------
- Dropped support for Python 2.6 and 3.3
- Even in loose mode, DSA keys must be 1024, 2048, or 3072 bits (earlier this was looser)
- The interface (API) is exactly the same
Usage
-----
Native implementation for validating OpenSSH public keys.
Currently ssh-rsa, ssh-dss (DSA), ssh-ed25519 and ecdsa keys with NIST curves are supported.
Installation:
::
pip install sshpubkeys
or clone the `repository <https://github.com/ojarva/sshpubkeys>`_ and use
::
python setup.py install
Usage:
::
import sys
from sshpubkeys import SSHKey
ssh = SSHKey("ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAYQCxO38tKAJXIs9ivPxt7AY"
"dfybgtAR1ow3Qkb9GPQ6wkFHQqcFDe6faKCxH6iDRteo4D8L8B"
"xwzN42uZSB0nfmjkIxFTcEU3mFSXEbWByg78aoddMrAAjatyrh"
"H1pON6P0= ojarva@ojar-laptop", strict=True)
try:
ssh.parse()
except InvalidKeyError as err:
print("Invalid key:", err)
sys.exit(1)
except NotImplementedError as err:
print("Invalid key type:", err)
sys.exit(1)
print(ssh.bits) # 768
print(ssh.hash_md5()) # 56:84:1e:90:08:3b:60:c7:29:70:5f:5e:25:a6:3b:86
print(ssh.hash_sha256()) # SHA256:xk3IEJIdIoR9MmSRXTP98rjDdZocmXJje/28ohMQEwM
print(ssh.hash_sha512()) # SHA512:1C3lNBhjpDVQe39hnyy+xvlZYU3IPwzqK1rVneGavy6O3/ebjEQSFvmeWoyMTplIanmUK1hmr9nA8Skmj516HA
print(ssh.comment) # ojar@ojar-laptop
print(ssh.options_raw) # None (string of optional options at the beginning of public key)
print(ssh.options) # None (options as a dictionary, parsed and validated)
Parsing of `authorized_keys` files:
::
import os
from sshpubkeys import AuthorizedKeysFile
f = open(os.environ["HOME"] + "/.ssh/authorized_keys", "r")
key_file = AuthorizedKeysFile(f, strict=False)
for key in key_file.keys:
print(key.key_type, key.bits, key.hash_sha512())
Options
-------
Set options in constructor as a keywords (i.e., `SSHKey(None, strict=False)`)
- strict: defaults to True. Disallows keys OpenSSH's ssh-keygen refuses to create. For instance, this includes DSA keys where length != 1024 bits and RSA keys shorter than 1024-bit. If set to False, tries to allow all keys OpenSSH accepts, including highly insecure 1-bit DSA keys.
- skip_option_parsing: if set to True, options string is not parsed (ssh.options_raw is populated, but ssh.options is not).
- disallow_options: if set to True, options are not allowed and it will raise an
InvalidOptionsError.
Exceptions
----------
- NotImplementedError if invalid ecdsa curve or unknown key type is encountered.
- InvalidKeyError if any other error is encountered:
- TooShortKeyError if key is too short (<768 bits for RSA, <1024 for DSA, <256 for ED25519)
- TooLongKeyError if key is too long (>16384 for RSA, >1024 for DSA, >256 for ED25519)
- InvalidTypeError if key type ("ssh-rsa" in above example) does not match to what is included in base64 encoded data.
- MalformedDataError if decoding and extracting the data fails.
- InvalidOptionsError if options string is invalid.
- InvalidOptionNameError if option name contains invalid characters.
- UnknownOptionNameError if option name is not recognized.
- MissingMandatoryOptionValueError if option needs to have parameter, but it is absent.
Tests
-----
See "`tests/ <https://github.com/ojarva/sshpubkeys/tree/master/tests>`_" folder for unit tests. Use
::
python setup.py test
or
::
python3 setup.py test
to run test suite. If you have keys that are not parsed properly, or malformed keys that raise incorrect exception, please send your *public key* to olli@jarva.fi, and I'll include it. Alternatively, `create a new issue <https://github.com/ojarva/sshpubkeys/issues/new>`_ or make `a pull request <https://github.com/ojarva/sshpubkeys/compare>`_ in github.
Raw data
{
"_id": null,
"home_page": "https://github.com/ojarva/python-sshpubkeys",
"name": "py3sshpubkeys",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3",
"maintainer_email": null,
"keywords": "ssh pubkey public key openssh ssh-rsa ssh-dss ssh-ed25519",
"author": "Olli Jarva",
"author_email": "olli@jarva.fi",
"download_url": "https://files.pythonhosted.org/packages/0e/d7/0d034dc50326acf3903fbe4c20052ed828cabb18f310e1dea12dbced1fe3/py3sshpubkeys-3.4.0.tar.gz",
"platform": null,
"description": "OpenSSH Public Key Parser for Python\n====================================\n\n.. image:: https://github.com/ojarva/python-sshpubkeys/workflows/Run%20python%20tests/badge.svg\n\nMajor changes between versions 2 and 3\n--------------------------------------\n\n- Dropped support for Python 2.6 and 3.3\n- Even in loose mode, DSA keys must be 1024, 2048, or 3072 bits (earlier this was looser)\n- The interface (API) is exactly the same\n\n\nUsage\n-----\n\nNative implementation for validating OpenSSH public keys.\n\nCurrently ssh-rsa, ssh-dss (DSA), ssh-ed25519 and ecdsa keys with NIST curves are supported.\n\nInstallation:\n\n::\n\n pip install sshpubkeys\n\nor clone the `repository <https://github.com/ojarva/sshpubkeys>`_ and use\n\n::\n\n python setup.py install\n\nUsage:\n\n::\n\n import sys\n from sshpubkeys import SSHKey\n\n ssh = SSHKey(\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAYQCxO38tKAJXIs9ivPxt7AY\"\n \"dfybgtAR1ow3Qkb9GPQ6wkFHQqcFDe6faKCxH6iDRteo4D8L8B\"\n \"xwzN42uZSB0nfmjkIxFTcEU3mFSXEbWByg78aoddMrAAjatyrh\"\n \"H1pON6P0= ojarva@ojar-laptop\", strict=True)\n try:\n ssh.parse()\n except InvalidKeyError as err:\n print(\"Invalid key:\", err)\n sys.exit(1)\n except NotImplementedError as err:\n print(\"Invalid key type:\", err)\n sys.exit(1)\n\n print(ssh.bits) # 768\n print(ssh.hash_md5()) # 56:84:1e:90:08:3b:60:c7:29:70:5f:5e:25:a6:3b:86\n print(ssh.hash_sha256()) # SHA256:xk3IEJIdIoR9MmSRXTP98rjDdZocmXJje/28ohMQEwM\n print(ssh.hash_sha512()) # SHA512:1C3lNBhjpDVQe39hnyy+xvlZYU3IPwzqK1rVneGavy6O3/ebjEQSFvmeWoyMTplIanmUK1hmr9nA8Skmj516HA\n print(ssh.comment) # ojar@ojar-laptop\n print(ssh.options_raw) # None (string of optional options at the beginning of public key)\n print(ssh.options) # None (options as a dictionary, parsed and validated)\n\n\nParsing of `authorized_keys` files:\n\n::\n\n import os\n from sshpubkeys import AuthorizedKeysFile\n f = open(os.environ[\"HOME\"] + \"/.ssh/authorized_keys\", \"r\")\n key_file = AuthorizedKeysFile(f, strict=False)\n\n for key in key_file.keys:\n print(key.key_type, key.bits, key.hash_sha512())\n\n\nOptions\n-------\n\nSet options in constructor as a keywords (i.e., `SSHKey(None, strict=False)`)\n\n- strict: defaults to True. Disallows keys OpenSSH's ssh-keygen refuses to create. For instance, this includes DSA keys where length != 1024 bits and RSA keys shorter than 1024-bit. If set to False, tries to allow all keys OpenSSH accepts, including highly insecure 1-bit DSA keys.\n- skip_option_parsing: if set to True, options string is not parsed (ssh.options_raw is populated, but ssh.options is not).\n- disallow_options: if set to True, options are not allowed and it will raise an\n InvalidOptionsError.\n\nExceptions\n----------\n\n- NotImplementedError if invalid ecdsa curve or unknown key type is encountered.\n- InvalidKeyError if any other error is encountered:\n - TooShortKeyError if key is too short (<768 bits for RSA, <1024 for DSA, <256 for ED25519)\n - TooLongKeyError if key is too long (>16384 for RSA, >1024 for DSA, >256 for ED25519)\n - InvalidTypeError if key type (\"ssh-rsa\" in above example) does not match to what is included in base64 encoded data.\n - MalformedDataError if decoding and extracting the data fails.\n - InvalidOptionsError if options string is invalid.\n - InvalidOptionNameError if option name contains invalid characters.\n - UnknownOptionNameError if option name is not recognized.\n - MissingMandatoryOptionValueError if option needs to have parameter, but it is absent.\n\nTests\n-----\n\nSee \"`tests/ <https://github.com/ojarva/sshpubkeys/tree/master/tests>`_\" folder for unit tests. Use\n\n::\n\n python setup.py test\n\nor\n\n::\n\n python3 setup.py test\n\nto run test suite. If you have keys that are not parsed properly, or malformed keys that raise incorrect exception, please send your *public key* to olli@jarva.fi, and I'll include it. Alternatively, `create a new issue <https://github.com/ojarva/sshpubkeys/issues/new>`_ or make `a pull request <https://github.com/ojarva/sshpubkeys/compare>`_ in github.\n",
"bugtrack_url": null,
"license": "BSD",
"summary": "SSH public key parser",
"version": "3.4.0",
"project_urls": {
"Homepage": "https://github.com/ojarva/python-sshpubkeys"
},
"split_keywords": [
"ssh",
"pubkey",
"public",
"key",
"openssh",
"ssh-rsa",
"ssh-dss",
"ssh-ed25519"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "32b3a486c8ae9049ca67bfa47542628011bb5e3d6b9996ec31e3c447ed62b5ca",
"md5": "736b706259d60b2e67370dcdc42175b3",
"sha256": "a16047885e7d1fb624590b38d1ac4d7f29ebd81e4b1883e76f68180bb99571b0"
},
"downloads": -1,
"filename": "py3sshpubkeys-3.4.0-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "736b706259d60b2e67370dcdc42175b3",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": ">=3",
"size": 10958,
"upload_time": "2025-01-10T05:56:57",
"upload_time_iso_8601": "2025-01-10T05:56:57.810487Z",
"url": "https://files.pythonhosted.org/packages/32/b3/a486c8ae9049ca67bfa47542628011bb5e3d6b9996ec31e3c447ed62b5ca/py3sshpubkeys-3.4.0-py2.py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "0ed70d034dc50326acf3903fbe4c20052ed828cabb18f310e1dea12dbced1fe3",
"md5": "6689695f227d510d35fcc8b952faa70c",
"sha256": "d93a3759996f922ec3bd42b79771293255d640709e86255b6ef185637ff98e3b"
},
"downloads": -1,
"filename": "py3sshpubkeys-3.4.0.tar.gz",
"has_sig": false,
"md5_digest": "6689695f227d510d35fcc8b952faa70c",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3",
"size": 58876,
"upload_time": "2025-01-10T05:56:58",
"upload_time_iso_8601": "2025-01-10T05:56:58.985588Z",
"url": "https://files.pythonhosted.org/packages/0e/d7/0d034dc50326acf3903fbe4c20052ed828cabb18f310e1dea12dbced1fe3/py3sshpubkeys-3.4.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-01-10 05:56:58",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "ojarva",
"github_project": "python-sshpubkeys",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [
{
"name": "cryptography",
"specs": [
[
"==",
"3.3.2"
]
]
},
{
"name": "yapf",
"specs": [
[
"==",
"0.21.0"
]
]
}
],
"lcname": "py3sshpubkeys"
}
JSON
