Auth check (#270)

* Added check for no auth methods left. Added test. * Updated coveragerc * Added logging * Fixed libssh client agent authentication, added tests * Bumped gevent requirements * Updated changelog
ParallelSSH · Jan 6, 2021 · 59ad4b8 · 59ad4b8
1 parent aab7caf
commit 59ad4b8
Show file tree

Hide file tree

Showing 9 changed files with 84 additions and 19 deletions.
diff --git a/.coveragerc b/.coveragerc
@@ -3,21 +3,8 @@ source = pssh
 
 [report]
 omit =
-    */python?.?/*
-    */site-packages/nose/*
-    fake_server/*
-    */test*
-    eggs/*
-    pssh_local.py
-    setup.py
-    /home/travis/virtualenv/python*/lib/python*/*
     */_version.py
-    *.pyx
 exclude_lines =
     pragma: no cover
     def __repr__
-    raise AssertionError
     raise NotImplementedError
-    if __name__ == .__main__.:
-    logger.debug
-    continue
diff --git a/Changelog.rst b/Changelog.rst
@@ -1,6 +1,16 @@
 Change Log
 ============
 
+2.5.2
++++++
+
+Fixes
+-----
+
+* Agent authentication would not work for the libssh clients under ``pssh.clients.ssh`` - #267.
+* Password authentication would be attempted if all other methods failed even when no password was provided.
+* Gevent minimum version was too low - #269.
+
 2.5.1
 +++++
 

diff --git a/pssh/clients/base/single.py b/pssh/clients/base/single.py
@@ -330,10 +330,10 @@ def auth(self):
                 self._agent_auth()
             except (AgentAuthenticationError, AgentConnectionError, AgentGetIdentityError,
                     AgentListIdentitiesError) as ex:
-                logger.debug("Agent auth failed with %s"
-                             "continuing with other authentication methods", ex)
+                logger.debug("Agent auth failed with %s "
+                             "continuing with other authentication methods", repr(ex))
             except Exception as ex:
-                logger.error("Agent auth failed with - %s", ex)
+                logger.error("Agent auth failed with - %s", repr(ex))
             else:
                 logger.debug("Authentication with SSH Agent succeeded")
                 return
@@ -343,9 +343,16 @@ def auth(self):
             except AuthenticationError:
                 if self.password is None:
                     raise
+        if self.password is None:
+            msg = "No remaining authentication methods"
+            logger.error(msg)
+            raise AuthenticationError(msg)
         logger.debug("Private key auth failed, trying password")
         self._password_auth()
 
+    def _agent_auth(self):
+        raise NotImplementedError
+
     def _password_auth(self):
         raise NotImplementedError
 

diff --git a/pssh/clients/native/single.py b/pssh/clients/native/single.py
@@ -221,7 +221,7 @@ def _pkey_auth(self, pkey_file, password=None):
         self.session.userauth_publickey_fromfile(
             self.user,
             pkey_file,
-            passphrase=password if password is not None else '')
+            passphrase=password if password is not None else b'')
 
     def _password_auth(self):
         try:

diff --git a/pssh/clients/ssh/single.py b/pssh/clients/ssh/single.py
@@ -120,6 +120,9 @@ def disconnect(self):
         if self.sock is not None and not self.sock.closed:
             self.sock.close()
 
+    def _agent_auth(self):
+        self.session.userauth_agent(self.user)
+
     def _keepalive(self):
         pass
 

diff --git a/requirements.txt b/requirements.txt
@@ -1,3 +1,3 @@
-gevent>=1.1
+gevent>=1.3.0
 ssh2-python>=0.22.0
 ssh-python>=0.9.0
diff --git a/setup.py b/setup.py
@@ -38,7 +38,7 @@
                         '*.tests', '*.tests.*')
       ),
       install_requires=[
-          'gevent>=1.1', 'ssh2-python>=0.22.0', 'ssh-python>=0.9.0'],
+          'gevent>=1.3.0', 'ssh2-python>=0.22.0', 'ssh-python>=0.9.0'],
       classifiers=[
           'Development Status :: 5 - Production/Stable',
           'License :: OSI Approved :: GNU Lesser General Public License v2 (LGPLv2)',

diff --git a/tests/native/test_single_client.py b/tests/native/test_single_client.py
@@ -198,6 +198,17 @@ class _SSHClient(SSHClient):
                             allow_agent=False)
         self.assertIsInstance(client, SSHClient)
 
+    def test_no_auth(self):
+        self.assertRaises(
+            AuthenticationError,
+            SSHClient,
+            self.host,
+            port=self.port,
+            num_retries=1,
+            allow_agent=False,
+            identity_auth=False,
+        )
+
     def test_agent_auth_failure(self):
         class UnknownError(Exception):
             pass

diff --git a/tests/ssh/test_single_client.py b/tests/ssh/test_single_client.py
@@ -22,6 +22,7 @@
 
 from gevent import sleep, Timeout as GTimeout, spawn
 from ssh.session import Session
+from ssh.exceptions import AuthenticationDenied
 from pssh.exceptions import AuthenticationException, ConnectionErrorException, \
     SessionError, SFTPIOError, SFTPError, SCPError, PKeyFileError, Timeout, \
     AuthenticationError
@@ -238,5 +239,51 @@ def _session():
     def test_invalid_mkdir(self):
         self.assertRaises(OSError, self.client._make_local_dir, '/my_new_dir')
 
+    def test_no_auth(self):
+        self.assertRaises(
+            AuthenticationError,
+            SSHClient,
+            self.host,
+            port=self.port,
+            num_retries=1,
+            allow_agent=False,
+            identity_auth=False,
+        )
+
+    def test_agent_auth_failure(self):
+        class UnknownError(Exception):
+            pass
+        def _agent_auth_unk():
+            raise UnknownError
+        def _agent_auth_agent_err():
+            raise AuthenticationDenied
+        client = SSHClient(self.host, port=self.port,
+                           pkey=self.user_key,
+                           num_retries=1,
+                           allow_agent=True,
+                           identity_auth=False)
+        client.session.disconnect()
+        client.pkey = None
+        client._connect(self.host, self.port)
+        self.assertRaises(AuthenticationDenied, client._agent_auth)
+        client._agent_auth = _agent_auth_unk
+        self.assertRaises(AuthenticationError, client.auth)
+        client._agent_auth = _agent_auth_agent_err
+        self.assertRaises(AuthenticationError, client.auth)
+
+    def test_agent_auth_fake_success(self):
+        def _agent_auth():
+            return
+        client = SSHClient(self.host, port=self.port,
+                           pkey=self.user_key,
+                           num_retries=1,
+                           allow_agent=True,
+                           identity_auth=False)
+        client.session.disconnect()
+        client.pkey = None
+        client._connect(self.host, self.port)
+        client._agent_auth = _agent_auth
+        self.assertIsNone(client.auth())
+
     # TODO:
     # * disconnect exc