Sftpd.Auth behaviour (Sftpd v0.1.1)

Copy Markdown View Source

Behaviour and helpers for SFTP authentication.

Applications can pass auth: {Module, opts} to Sftpd.start_server/1 or Sftpd.child_spec/1. The callbacks return an opaque session map that is threaded into backend operations for the authenticated SSH connection.

Summary

Types

session()

Opaque session context returned by application auth callbacks.

Callbacks

authenticate_password(username, password, peer, opts)
authorize_public_key(username, public_key, opts)

Functions

decode_authorized_key(line)

Decode one OpenSSH authorized-key line into an Erlang public key.

fingerprint(public_key, digest \\ :sha256)

Return an OpenSSH-style public-key fingerprint.

Types

session()

@type session() :: map()

Opaque session context returned by application auth callbacks.

Callbacks

authenticate_password(username, password, peer, opts)

@callback authenticate_password(
  username :: String.t(),
  password :: String.t(),
  peer :: term(),
  opts :: term()
) :: {:ok, session()} | :error | {:error, term()} | :disconnect

authorize_public_key(username, public_key, opts)

@callback authorize_public_key(
  username :: String.t(),
  public_key :: term(),
  opts :: term()
) :: {:ok, session()} | :error | {:error, term()}

Functions

decode_authorized_key(line)

@spec decode_authorized_key(binary()) :: {:ok, term()} | {:error, term()}

Decode one OpenSSH authorized-key line into an Erlang public key.

fingerprint(public_key, digest \\ :sha256)

@spec fingerprint(term(), atom()) :: String.t()

Return an OpenSSH-style public-key fingerprint.

SHA256 fingerprints are formatted as SHA256:<base64-no-padding>. MD5 fingerprints are formatted as MD5:<colon-separated-hex>.