trezor-agent/libagent/ssh/__init__.py

"""SSH-agent implementation using hardware authentication devices."""
import contextlib
import functools
import io
import logging
import os
import re
import subprocess
import sys
import tempfile
import threading

import configargparse
import pkg_resources

from .. import device, formats, server, util
from . import client, protocol

log = logging.getLogger(__name__)

UNIX_SOCKET_TIMEOUT = 0.1


def ssh_args(label):
    """Create SSH command for connecting specified server."""
    identity = device.interface.string_to_identity(label)

    args = []
    if 'port' in identity:
        args += ['-p', identity['port']]
    if 'user' in identity:
        args += ['-l', identity['user']]

    return args + [identity['host']]


def mosh_args(label):
    """Create SSH command for connecting specified server."""
    identity = device.interface.string_to_identity(label)

    args = []
    if 'port' in identity:
        args += ['-p', identity['port']]
    if 'user' in identity:
        args += [identity['user']+'@'+identity['host']]
    else:
        args += [identity['host']]

    return args


def _to_unicode(s):
    try:
        return unicode(s, 'utf-8')
    except NameError:
        return s


def create_agent_parser(device_type):
    """Create an ArgumentParser for this tool."""
    p = configargparse.ArgParser(default_config_files=['~/.ssh/agent.config'])
    p.add_argument('-v', '--verbose', default=0, action='count')

    agent_package = device_type.package_name()
    resources_map = {r.key: r for r in pkg_resources.require(agent_package)}
    resources = [resources_map[agent_package], resources_map['libagent']]
    versions = '\n'.join('{}={}'.format(r.key, r.version) for r in resources)
    p.add_argument('--version', help='print the version info',
                   action='version', version=versions)

    curve_names = [name for name in formats.SUPPORTED_CURVES]
    curve_names = ', '.join(sorted(curve_names))
    p.add_argument('-e', '--ecdsa-curve-name', metavar='CURVE',
                   default=formats.CURVE_NIST256,
                   help='specify ECDSA curve name: ' + curve_names)
    p.add_argument('--timeout',
                   default=UNIX_SOCKET_TIMEOUT, type=float,
                   help='timeout for accepting SSH client connections')
    p.add_argument('--debug', default=False, action='store_true',
                   help='log SSH protocol messages for debugging.')

    g = p.add_mutually_exclusive_group()
    g.add_argument('-s', '--shell', default=False, action='store_true',
                   help='run ${SHELL} as subprocess under SSH agent')
    g.add_argument('-c', '--connect', default=False, action='store_true',
                   help='connect to specified host via SSH')
    g.add_argument('--mosh', default=False, action='store_true',
                   help='connect to specified host via using Mosh')

    p.add_argument('identity', type=_to_unicode, default=None,
                   help='proto://[user@]host[:port][/path]')
    p.add_argument('command', type=str, nargs='*', metavar='ARGUMENT',
                   help='command to run under the SSH agent')
    return p


@contextlib.contextmanager
def serve(handler, sock_path=None, timeout=UNIX_SOCKET_TIMEOUT):
    """
    Start the ssh-agent server on a UNIX-domain socket.

    If no connection is made during the specified timeout,
    retry until the context is over.
    """
    ssh_version = subprocess.check_output(['ssh', '-V'],
                                          stderr=subprocess.STDOUT)
    log.debug('local SSH version: %r', ssh_version)
    if sock_path is None:
        sock_path = tempfile.mktemp(prefix='trezor-ssh-agent-')

    environ = {'SSH_AUTH_SOCK': sock_path, 'SSH_AGENT_PID': str(os.getpid())}
    device_mutex = threading.Lock()
    with server.unix_domain_socket_server(sock_path) as sock:
        sock.settimeout(timeout)
        quit_event = threading.Event()
        handle_conn = functools.partial(server.handle_connection,
                                        handler=handler,
                                        mutex=device_mutex)
        kwargs = dict(sock=sock,
                      handle_conn=handle_conn,
                      quit_event=quit_event)
        with server.spawn(server.server_thread, kwargs):
            try:
                yield environ
            finally:
                log.debug('closing server')
                quit_event.set()


def run_server(conn, command, debug, timeout):
    """Common code for run_agent and run_git below."""
    try:
        handler = protocol.Handler(conn=conn, debug=debug)
        with serve(handler=handler, timeout=timeout) as env:
            return server.run_process(command=command, environ=env)
    except KeyboardInterrupt:
        log.info('server stopped')


def handle_connection_error(func):
    """Fail with non-zero exit code."""
    @functools.wraps(func)
    def wrapper(*args, **kwargs):
        try:
            return func(*args, **kwargs)
        except device.interface.NotFoundError as e:
            log.error('Connection error (try unplugging and replugging your device): %s', e)
            return 1
    return wrapper


def parse_config(contents):
    """Parse config file into a list of Identity objects."""
    for identity_str, curve_name in re.findall(r'\<(.*?)\|(.*?)\>', contents):
        yield device.interface.Identity(identity_str=identity_str,
                                        curve_name=curve_name)


def import_public_keys(contents):
    """Load (previously exported) SSH public keys from a file's contents."""
    for line in io.StringIO(contents):
        # Verify this line represents valid SSH public key
        formats.import_public_key(line)
        yield line


class JustInTimeConnection(object):
    """Connect to the device just before the needed operation."""

    def __init__(self, conn_factory, identities, public_keys=None):
        """Create a JIT connection object."""
        self.conn_factory = conn_factory
        self.identities = identities
        self.public_keys_cache = public_keys

    def public_keys(self):
        """Return a list of SSH public keys (in textual format)."""
        if not self.public_keys_cache:
            conn = self.conn_factory()
            self.public_keys_cache = conn.export_public_keys(self.identities)
        return self.public_keys_cache

    def parse_public_keys(self):
        """Parse SSH public keys into dictionaries."""
        public_keys = [formats.import_public_key(pk)
                       for pk in self.public_keys()]
        for pk, identity in zip(public_keys, self.identities):
            pk['identity'] = identity
        return public_keys

    def sign(self, blob, identity):
        """Sign a given blob using the specified identity on the device."""
        conn = self.conn_factory()
        return conn.sign_ssh_challenge(blob=blob, identity=identity)


@handle_connection_error
def main(device_type):
    """Run ssh-agent using given hardware client factory."""
    args = create_agent_parser(device_type=device_type).parse_args()
    util.setup_logging(verbosity=args.verbose)

    public_keys = None
    if args.identity.startswith('/'):
        filename = args.identity
        contents = open(filename, 'rb').read().decode('utf-8')
        # Allow loading previously exported SSH public keys
        if filename.endswith('.pub'):
            public_keys = list(import_public_keys(contents))
        identities = list(parse_config(contents))
    else:
        identities = [device.interface.Identity(
            identity_str=args.identity, curve_name=args.ecdsa_curve_name)]
    for index, identity in enumerate(identities):
        identity.identity_dict['proto'] = u'ssh'
        log.info('identity #%d: %s', index, identity.to_string())

    if args.connect:
        command = ['ssh'] + ssh_args(args.identity) + args.command
    elif args.mosh:
        command = ['mosh'] + mosh_args(args.identity) + args.command
    else:
        command = args.command

    use_shell = bool(args.shell)
    if use_shell:
        command = os.environ['SHELL']
        sys.stdin.close()

    conn = JustInTimeConnection(
        conn_factory=lambda: client.Client(device_type()),
        identities=identities, public_keys=public_keys)
    if command:
        return run_server(conn=conn, command=command, debug=args.debug,
                          timeout=args.timeout)
    else:
        for pk in conn.public_keys():
            sys.stdout.write(pk)
        return 0  # success exit code
main: add docstrings 2016-02-19 09:35:16 +00:00			`"""SSH-agent implementation using hardware authentication devices."""`
ssh: move related code to a separate subdirectory 2017-05-05 08:22:00 +00:00			`import contextlib`
agent: handle connection errors 2016-06-11 17:26:10 +00:00			`import functools`
Allow loading previously exported SSH public keys from a file 2017-05-13 09:47:48 +00:00			`import io`
Fix a few pylint issues 2016-01-04 17:17:08 +00:00			`import logging`
sort imports using isort tool 2016-01-09 14:06:47 +00:00			`import os`
gpg: fixup imports 2016-04-23 19:08:18 +00:00			`import re`
main: add git identity via "origin" remote 2016-02-19 18:48:16 +00:00			`import subprocess`
sort imports using isort tool 2016-01-09 14:06:47 +00:00			`import sys`
ssh: move related code to a separate subdirectory 2017-05-05 08:22:00 +00:00			`import tempfile`
			`import threading`
split main script code into __main__.py 2015-06-15 13:37:16 +00:00
ssh: allow configuration from a file 2017-12-01 18:43:45 +00:00			`import configargparse`
Support multiple devices 2018-01-05 18:53:25 +00:00			`import pkg_resources`
ssh: move related code to a separate subdirectory 2017-05-05 08:22:00 +00:00
			`from .. import device, formats, server, util`
			`from . import client, protocol`
split main script code into __main__.py 2015-06-15 13:37:16 +00:00
fix PEP8 2015-06-16 07:20:11 +00:00			`log = logging.getLogger(__name__)`

ssh: move related code to a separate subdirectory 2017-05-05 08:22:00 +00:00			`UNIX_SOCKET_TIMEOUT = 0.1`

sshagent: add spaces between functions 2015-06-16 07:03:48 +00:00
Fix SSH connection arguments handling 2015-11-27 07:59:06 +00:00			`def ssh_args(label):`
main: add docstrings 2016-02-19 09:35:16 +00:00			`"""Create SSH command for connecting specified server."""`
ssh: use new device package (instead of factory) 2016-10-28 07:53:53 +00:00			`identity = device.interface.string_to_identity(label)`
Fix SSH connection arguments handling 2015-11-27 07:59:06 +00:00
			`args = []`
			`if 'port' in identity:`
			`args += ['-p', identity['port']]`
			`if 'user' in identity:`
			`args += ['-l', identity['user']]`

main: add '--mosh' for better SSH client 2016-11-11 20:26:22 +00:00			`return args + [identity['host']]`
Fix SSH connection arguments handling 2015-11-27 07:59:06 +00:00

Mosh doesn't support "-l" for user, only user@host for args 2016-12-15 05:59:45 +00:00			`def mosh_args(label):`
			`"""Create SSH command for connecting specified server."""`
			`identity = device.interface.string_to_identity(label)`

			`args = []`
			`if 'port' in identity:`
			`args += ['-p', identity['port']]`
			`if 'user' in identity:`
			`args += [identity['user']+'@'+identity['host']]`
			`else:`
			`args += [identity['host']]`

			`return args`


ssh: fix unicode identity handling for Python 2 2017-09-22 11:11:21 +00:00			`def _to_unicode(s):`
			`try:`
			`return unicode(s, 'utf-8')`
			`except NameError:`
			`return s`


Support multiple devices 2018-01-05 18:53:25 +00:00			`def create_agent_parser(device_type):`
ssh: simplify argparse creation 2017-05-06 17:55:38 +00:00			`"""Create an ArgumentParser for this tool."""`
ssh: allow configuration from a file 2017-12-01 18:43:45 +00:00			`p = configargparse.ArgParser(default_config_files=['~/.ssh/agent.config'])`
agent: add --shell and --connect flags --shell: opens $SHELL as subprocess --connect: connect via SSH to specified identity's host 2015-07-04 08:22:44 +00:00			`p.add_argument('-v', '--verbose', default=0, action='count')`
agent: fix argument parser 2015-07-04 07:47:32 +00:00
Support multiple devices 2018-01-05 18:53:25 +00:00			`agent_package = device_type.package_name()`
			`resources_map = {r.key: r for r in pkg_resources.require(agent_package)}`
			`resources = [resources_map[agent_package], resources_map['libagent']]`
			`versions = '\n'.join('{}={}'.format(r.key, r.version) for r in resources)`
			`p.add_argument('--version', help='print the version info',`
			`action='version', version=versions)`
Implement #182 2017-12-29 16:23:06 +00:00
formats: curve name should be a string 2016-05-05 19:28:06 +00:00			`curve_names = [name for name in formats.SUPPORTED_CURVES]`
Fix a few pylint issues 2016-01-04 17:17:08 +00:00			`curve_names = ', '.join(sorted(curve_names))`
trezor: add support for Ed25519 SSH keys 2015-10-23 09:45:32 +00:00			`p.add_argument('-e', '--ecdsa-curve-name', metavar='CURVE',`
			`default=formats.CURVE_NIST256,`
Fix a few pylint issues 2016-01-04 17:17:08 +00:00			`help='specify ECDSA curve name: ' + curve_names)`
main: add command-line argument for setting UNIX socket timeout 2016-01-16 20:14:36 +00:00			`p.add_argument('--timeout',`
ssh: move related code to a separate subdirectory 2017-05-05 08:22:00 +00:00			`default=UNIX_SOCKET_TIMEOUT, type=float,`
Support multiple devices 2018-01-05 18:53:25 +00:00			`help='timeout for accepting SSH client connections')`
server: pass handler and add debug option 2016-01-26 19:14:52 +00:00			`p.add_argument('--debug', default=False, action='store_true',`
Support multiple devices 2018-01-05 18:53:25 +00:00			`help='log SSH protocol messages for debugging.')`
main: split argument parser 2016-03-05 08:46:36 +00:00
			`g = p.add_mutually_exclusive_group()`
			`g.add_argument('-s', '--shell', default=False, action='store_true',`
			`help='run ${SHELL} as subprocess under SSH agent')`
			`g.add_argument('-c', '--connect', default=False, action='store_true',`
			`help='connect to specified host via SSH')`
main: add '--mosh' for better SSH client 2016-11-11 20:26:22 +00:00			`g.add_argument('--mosh', default=False, action='store_true',`
			`help='connect to specified host via using Mosh')`
main: split git from ssh 2016-03-05 08:51:22 +00:00
ssh: fix unicode identity handling for Python 2 2017-09-22 11:11:21 +00:00			`p.add_argument('identity', type=_to_unicode, default=None,`
main: split git from ssh 2016-03-05 08:51:22 +00:00			`help='proto://[user@]host[:port][/path]')`
			`p.add_argument('command', type=str, nargs='*', metavar='ARGUMENT',`
			`help='command to run under the SSH agent')`
			`return p`


ssh: move related code to a separate subdirectory 2017-05-05 08:22:00 +00:00			`@contextlib.contextmanager`
			`def serve(handler, sock_path=None, timeout=UNIX_SOCKET_TIMEOUT):`
			`"""`
			`Start the ssh-agent server on a UNIX-domain socket.`

			`If no connection is made during the specified timeout,`
			`retry until the context is over.`
			`"""`
			`ssh_version = subprocess.check_output(['ssh', '-V'],`
			`stderr=subprocess.STDOUT)`
			`log.debug('local SSH version: %r', ssh_version)`
			`if sock_path is None:`
			`sock_path = tempfile.mktemp(prefix='trezor-ssh-agent-')`

			`environ = {'SSH_AUTH_SOCK': sock_path, 'SSH_AGENT_PID': str(os.getpid())}`
			`device_mutex = threading.Lock()`
			`with server.unix_domain_socket_server(sock_path) as sock:`
			`sock.settimeout(timeout)`
			`quit_event = threading.Event()`
			`handle_conn = functools.partial(server.handle_connection,`
			`handler=handler,`
			`mutex=device_mutex)`
			`kwargs = dict(sock=sock,`
			`handle_conn=handle_conn,`
			`quit_event=quit_event)`
			`with server.spawn(server.server_thread, kwargs):`
			`try:`
			`yield environ`
			`finally:`
			`log.debug('closing server')`
			`quit_event.set()`


ssh: allow "just-in-time" connection for agent-like behaviour This would allow launching trezor-agent into the background during the system startup, and the connecting the device when the cryptographic operations are required. 2017-01-07 16:29:12 +00:00			`def run_server(conn, command, debug, timeout):`
main: add `trezor-git` entry point 2016-03-05 09:15:23 +00:00			`"""Common code for run_agent and run_git below."""`
			`try:`
ssh: allow "just-in-time" connection for agent-like behaviour This would allow launching trezor-agent into the background during the system startup, and the connecting the device when the cryptographic operations are required. 2017-01-07 16:29:12 +00:00			`handler = protocol.Handler(conn=conn, debug=debug)`
ssh: move related code to a separate subdirectory 2017-05-05 08:22:00 +00:00			`with serve(handler=handler, timeout=timeout) as env:`
main: add `trezor-git` entry point 2016-03-05 09:15:23 +00:00			`return server.run_process(command=command, environ=env)`
			`except KeyboardInterrupt:`
			`log.info('server stopped')`


agent: handle connection errors 2016-06-11 17:26:10 +00:00			`def handle_connection_error(func):`
			`"""Fail with non-zero exit code."""`
			`@functools.wraps(func)`
			`def wrapper(args, *kwargs):`
			`try:`
			`return func(args, *kwargs)`
ssh: fix exception type for missing device 2017-11-18 14:50:08 +00:00			`except device.interface.NotFoundError as e:`
Connection error is confusing (#105) Hi, I ran into this connection error: ```` > trezor-agent timothy@localhost 2017-04-10 00:22:01,818 ERROR Connection error: open failed [__main__.py:130] ```` I didn't know what was going on, whether there was a problem connecting to localhost or what. I eventually logged into trezor wallet and found that there too, my device was not recognized (probably because I did not unplug it/replug it after updating the HID settings.) Unplugging it and replugging it fixed everything. 2017-04-10 07:40:27 +00:00			`log.error('Connection error (try unplugging and replugging your device): %s', e)`
agent: handle connection errors 2016-06-11 17:26:10 +00:00			`return 1`
			`return wrapper`


Allow loading previously exported SSH public keys from a file 2017-05-13 09:47:48 +00:00			`def parse_config(contents):`
ssh: simple support for multiple public keys loading 2016-11-03 20:23:14 +00:00			`"""Parse config file into a list of Identity objects."""`
fix pylint and tests 2016-11-03 21:29:45 +00:00			`for identity_str, curve_name in re.findall(r'\<(.?)\\|(.?)\>', contents):`
ssh: simple support for multiple public keys loading 2016-11-03 20:23:14 +00:00			`yield device.interface.Identity(identity_str=identity_str,`
			`curve_name=curve_name)`


Allow loading previously exported SSH public keys from a file 2017-05-13 09:47:48 +00:00			`def import_public_keys(contents):`
			`"""Load (previously exported) SSH public keys from a file's contents."""`
			`for line in io.StringIO(contents):`
			`# Verify this line represents valid SSH public key`
			`formats.import_public_key(line)`
			`yield line`


ssh: allow "just-in-time" connection for agent-like behaviour This would allow launching trezor-agent into the background during the system startup, and the connecting the device when the cryptographic operations are required. 2017-01-07 16:29:12 +00:00			`class JustInTimeConnection(object):`
			`"""Connect to the device just before the needed operation."""`

Allow loading previously exported SSH public keys from a file 2017-05-13 09:47:48 +00:00			`def __init__(self, conn_factory, identities, public_keys=None):`
ssh: allow "just-in-time" connection for agent-like behaviour This would allow launching trezor-agent into the background during the system startup, and the connecting the device when the cryptographic operations are required. 2017-01-07 16:29:12 +00:00			`"""Create a JIT connection object."""`
			`self.conn_factory = conn_factory`
			`self.identities = identities`
Allow loading previously exported SSH public keys from a file 2017-05-13 09:47:48 +00:00			`self.public_keys_cache = public_keys`
ssh: allow "just-in-time" connection for agent-like behaviour This would allow launching trezor-agent into the background during the system startup, and the connecting the device when the cryptographic operations are required. 2017-01-07 16:29:12 +00:00
Allow loading previously exported SSH public keys from a file 2017-05-13 09:47:48 +00:00			`def public_keys(self):`
ssh: allow "just-in-time" connection for agent-like behaviour This would allow launching trezor-agent into the background during the system startup, and the connecting the device when the cryptographic operations are required. 2017-01-07 16:29:12 +00:00			`"""Return a list of SSH public keys (in textual format)."""`
Allow loading previously exported SSH public keys from a file 2017-05-13 09:47:48 +00:00			`if not self.public_keys_cache:`
			`conn = self.conn_factory()`
			`self.public_keys_cache = conn.export_public_keys(self.identities)`
			`return self.public_keys_cache`
ssh: allow "just-in-time" connection for agent-like behaviour This would allow launching trezor-agent into the background during the system startup, and the connecting the device when the cryptographic operations are required. 2017-01-07 16:29:12 +00:00
			`def parse_public_keys(self):`
			`"""Parse SSH public keys into dictionaries."""`
			`public_keys = [formats.import_public_key(pk)`
			`for pk in self.public_keys()]`
			`for pk, identity in zip(public_keys, self.identities):`
			`pk['identity'] = identity`
			`return public_keys`

			`def sign(self, blob, identity):`
			`"""Sign a given blob using the specified identity on the device."""`
			`conn = self.conn_factory()`
			`return conn.sign_ssh_challenge(blob=blob, identity=identity)`


agent: handle connection errors 2016-06-11 17:26:10 +00:00			`@handle_connection_error`
Split the package into a shared library and separate per-device packages 2017-04-27 13:31:17 +00:00			`def main(device_type):`
main: add docstrings 2016-02-19 09:35:16 +00:00			`"""Run ssh-agent using given hardware client factory."""`
Support multiple devices 2018-01-05 18:53:25 +00:00			`args = create_agent_parser(device_type=device_type).parse_args()`
gpg: use same logging configuration as in SSH 2016-10-18 18:02:49 +00:00			`util.setup_logging(verbosity=args.verbose)`
main: integration identity verification 2015-07-22 10:48:15 +00:00
Allow loading previously exported SSH public keys from a file 2017-05-13 09:47:48 +00:00			`public_keys = None`
ssh: simple support for multiple public keys loading 2016-11-03 20:23:14 +00:00			`if args.identity.startswith('/'):`
Allow loading previously exported SSH public keys from a file 2017-05-13 09:47:48 +00:00			`filename = args.identity`
Allow unicode in identity string for SSH and GPG 2017-06-24 10:45:25 +00:00			`contents = open(filename, 'rb').read().decode('utf-8')`
Allow loading previously exported SSH public keys from a file 2017-05-13 09:47:48 +00:00			`# Allow loading previously exported SSH public keys`
			`if filename.endswith('.pub'):`
			`public_keys = list(import_public_keys(contents))`
			`identities = list(parse_config(contents))`
ssh: simple support for multiple public keys loading 2016-11-03 20:23:14 +00:00			`else:`
			`identities = [device.interface.Identity(`
			`identity_str=args.identity, curve_name=args.ecdsa_curve_name)]`
			`for index, identity in enumerate(identities):`
ssh: fix unicode identity handling for Python 2 2017-09-22 11:11:21 +00:00			`identity.identity_dict['proto'] = u'ssh'`
ssh: fix identity stringification 2017-10-09 13:24:11 +00:00			`log.info('identity #%d: %s', index, identity.to_string())`
trezor-agent: automatic support for git identity The agent uses local 'git config', and chooses the url marked as "trezor = true". 2015-07-04 18:57:57 +00:00
ssh: use new device package (instead of factory) 2016-10-28 07:53:53 +00:00			`if args.connect:`
main: add '--mosh' for better SSH client 2016-11-11 20:26:22 +00:00			`command = ['ssh'] + ssh_args(args.identity) + args.command`
			`elif args.mosh:`
Mosh doesn't support "-l" for user, only user@host for args 2016-12-15 05:59:45 +00:00			`command = ['mosh'] + mosh_args(args.identity) + args.command`
main: add '--mosh' for better SSH client 2016-11-11 20:26:22 +00:00			`else:`
			`command = args.command`
agent: add --shell and --connect flags --shell: opens $SHELL as subprocess --connect: connect via SSH to specified identity's host 2015-07-04 08:22:44 +00:00
ssh: use new device package (instead of factory) 2016-10-28 07:53:53 +00:00			`use_shell = bool(args.shell)`
			`if use_shell:`
			`command = os.environ['SHELL']`
ssh: close stdin when running subshell 2017-08-31 14:00:27 +00:00			`sys.stdin.close()`
agent: add --shell and --connect flags --shell: opens $SHELL as subprocess --connect: connect via SSH to specified identity's host 2015-07-04 08:22:44 +00:00
ssh: allow "just-in-time" connection for agent-like behaviour This would allow launching trezor-agent into the background during the system startup, and the connecting the device when the cryptographic operations are required. 2017-01-07 16:29:12 +00:00			`conn = JustInTimeConnection(`
Split the package into a shared library and separate per-device packages 2017-04-27 13:31:17 +00:00			`conn_factory=lambda: client.Client(device_type()),`
Allow loading previously exported SSH public keys from a file 2017-05-13 09:47:48 +00:00			`identities=identities, public_keys=public_keys)`
ssh: allow "just-in-time" connection for agent-like behaviour This would allow launching trezor-agent into the background during the system startup, and the connecting the device when the cryptographic operations are required. 2017-01-07 16:29:12 +00:00			`if command:`
			`return run_server(conn=conn, command=command, debug=args.debug,`
			`timeout=args.timeout)`
			`else:`
			`for pk in conn.public_keys():`
ssh: decouple identity from device 2016-11-03 20:00:43 +00:00			`sys.stdout.write(pk)`
fix new pylint warning 2017-12-22 15:10:27 +00:00			`return 0 # success exit code`