From 32a7d72f9a92222a1e22a3ce4aa422114c5da6d8 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 7 Oct 2024 23:02:30 +0100 Subject: [PATCH] Use bcrypt rather than crypt in simple_server example `crypt` was removed from Python 3.13. `bcrypt` isn't ideal, but it has acceptable password hashing, is simple to use, and is already an optional dependency of asyncssh. --- examples/simple_server.py | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/examples/simple_server.py b/examples/simple_server.py index f891bfa..6930adf 100755 --- a/examples/simple_server.py +++ b/examples/simple_server.py @@ -24,11 +24,11 @@ # private key in it to use as a server host key. An SSH host certificate # can optionally be provided in the file ``ssh_host_key-cert.pub``. -import asyncio, asyncssh, crypt, sys +import asyncio, asyncssh, bcrypt, sys from typing import Optional -passwords = {'guest': '', # guest account with no password - 'user123': 'qV2iEadIGV2rw' # password of 'secretpw' +passwords = {'guest': b'', # guest account with no password + 'user123': bcrypt.hashpw(b'secretpw', bcrypt.gensalt()), } def handle_client(process: asyncssh.SSHServerProcess) -> None: @@ -49,14 +49,18 @@ def connection_lost(self, exc: Optional[Exception]) -> None: def begin_auth(self, username: str) -> bool: # If the user's password is the empty string, no auth is required - return passwords.get(username) != '' + return passwords.get(username) != b'' def password_auth_supported(self) -> bool: return True def validate_password(self, username: str, password: str) -> bool: - pw = passwords.get(username, '*') - return crypt.crypt(password, pw) == pw + if username not in passwords: + return False + pw = passwords[username] + if not password and not pw: + return True + return bcrypt.checkpw(password.encode('utf-8'), pw) async def start_server() -> None: await asyncssh.create_server(MySSHServer, '', 8022,