PKI

This module provides SSH certificate signing functionality.

class paramiko_cloud.pki.CertificateBlob(type_, blob, comment=None)

Bases: paramiko.pkey.PublicBlob

A signed SSH certificate

cert_string(comment: Optional[str] = None) str

Render a string suitable for OpenSSH authorized_keys files

Parameters

comment – an optional comment, defaulting to the current date and time in ISO format

Returns

The public key string

class paramiko_cloud.pki.CertificateCriticalOptions(value)

Bases: enum.Enum

Certificate critical options

FORCE_COMMAND = 'force-command'
SOURCE_ADDRESS = 'source-address'
classmethod from_pb_enum(value: int) paramiko_cloud.pki.CertificateCriticalOptions

Deserializes the enum value

Parameters

value – the serialized enum value

Returns

The original enum value

pb_enum() int

Converts the enum into the correct protobuf value for serialization

Returns

The serialized enum value

class paramiko_cloud.pki.CertificateExtensions(value)

Bases: enum.Enum

Certificate extensions

NO_TOUCH_REQUIRED = 'no-touch-required'
PERMIT_AGENT_FORWARDING = 'permit-agent-forwarding'
PERMIT_PORT_FORWARDING = 'permit-port-forwarding'
PERMIT_PTY = 'permit-pty'
PERMIT_USER_RC = 'permit-user-rc'
PERMIT_X11_FORWARDING = 'permit-X11-forwarding'
classmethod from_pb_enum(value: int) paramiko_cloud.pki.CertificateExtensions

Deserializes the enum value

Parameters

value – the serialized enum value

Returns

The original enum value

pb_enum() int

Converts the enum into the correct protobuf value for serialization

Returns

The serialized enum value

classmethod permit_all() Dict[paramiko_cloud.pki.CertificateExtensions, str]

Convenience method to return a dict enabling all extensions

Returns

All available extensions

class paramiko_cloud.pki.CertificateParameters(valid_for: Optional[datetime.timedelta] = datetime.timedelta(seconds=3600), **kwargs)

Bases: object

All certificate parameters needed for signing

Parameters

valid_for – duration of certificate validity, overridden by valid_before

Keyword Arguments
class paramiko_cloud.pki.CertificateSigningKeyMixin(msg=None, data=None)

Bases: paramiko.pkey.PKey

Mixin that allows a key to act as a certificate authority

sign_certificate(pub_key: paramiko.pkey.PKey, principals: List[str], extensions: Optional[Dict[paramiko_cloud.pki.CertificateExtensions, str]] = None, **kwargs) paramiko_cloud.pki.CertificateBlob

Signs a public key to produce a certificate

Parameters
Returns

A PublicBlob object containing the signed certificate

class paramiko_cloud.pki.CertificateSigningRequest(public_key: paramiko.pkey.PKey, cert_params: paramiko_cloud.pki.CertificateParameters)

Bases: object

Combines the key to be signed and the certificate parameters

Parameters

  • public_key – key to sign

  • cert_params – certificate parameters

classmethod from_proto(csr: csr_pb2.CSR) paramiko_cloud.pki.CertificateSigningRequest

Deserializes the certificate signing request from a protobuf object

Returns

The original certificate signing request

sign(signing_key: paramiko.pkey.PKey) paramiko_cloud.pki.CertificateBlob

Signs the public key using the signing key

Parameters

signing_key – CA key used for signing

Returns

The signed certificate

to_proto() csr_pb2.CSR

Serializes the certificate signing request into a protobuf object

Returns

Certificate signing request protobuf object

class paramiko_cloud.pki.CertificateType(value)

Bases: enum.Enum

The type of certificate to issue

HOST = 2
USER = 1
classmethod from_pb_enum(value: int) paramiko_cloud.pki.CertificateType

Deserializes the enum value

Parameters

value – the serialized enum value

Returns

The original enum value

pb_enum() int

Converts the enum into the correct protobuf value for serialization

Returns

The serialized enum value