[Twisted-Python] twisted.conch.ssh.session.SSHSession.request_subsystem
Hi all, I've managed to come up with a minimal sftp server implementation which able to auth users using rsa_key the code is available at: http://gist.github.com/37446 The point is that I am missing the knowledge needed in order to add path control. That is, controlling which path(s) a user can access. at http://twisted.conch.ssh.session.SSHSession.html#request_subsystem it appears to be undocumented Would love to get some references, samples, etc. Thanks in advance, Tzury
On 01:45 pm, tzury.by@gmail.com wrote:
the code is available at: http://gist.github.com/37446
The point is that I am missing the knowledge needed in order to add path control. That is, controlling which path(s) a user can access.
UnixSSHRealm is a realm which returns SSH avatars that, like OpenSSH, can run arbitrary shell commands as the given UNIX user. The way you control which paths a user can access in this scenario is by setting the filesystem permissions on those directories. Sorry, but Twisted cannot magically change your UNIX filesystem so that arbitrary commands see a different view of it. If you want to write an SSH application server that does *not* allow running UNIX commands, you are going to have to write a lot more code; in effect, emulating a shell (or denying access to one entirely, as described in http://cyli.livejournal.com/38382.html )
at http://twisted.conch.ssh.session.SSHSession.html#request_subsystem it appears to be undocumented
This code could definitely be better documented, but I don't think your question is related to subsystems. In order to see why, it would be helpful for you to understand http://www.ietf.org/rfc/rfc4254.txt section 6.5, "starting a shell or command", first. (A subsystem is just a kind of command you can run.)
Glyph, thanks for your attention and time. I am afraid I was not clear wit hmy question so please allow me to elaborate.
The way you control which paths a user can access in this scenario is by setting the filesystem permissions on those directories. Sorry, but Twisted cannot magically change your UNIX filesystem so that arbitrary commands see a different view of it.
I don't want to create a UNIX user per client. I want to design the system in a way that all the clients will access using one single 'public' account. In fact, each client is already pushing its files to it associated 'home' folder. However, I want to be able to control it in case someone is hacking with the system, so to ensure it cannot access any other paths but the one which is associated with its rsa_key I've investigated jailkit and gitosis and other approaches and was not satisfied with the final result. That's the reason why I am not using OpenSSH server and trying to make it possible with Twisted. I think it will make a much more scalable and flexible system. I strongly believe that others will find this project useful.
If you want to write an SSH application server that does *not* allow running UNIX commands, you are going to have to write a lot more code; in effect, emulating a shell (or denying access to one entirely, as described in http://cyli.livejournal.com/38382.html )
I don't want to supply shell or any other interactive mode for a user. This is all to be done at the client side 'automatically' using custom sftp/ssh client e.g. bzr branch sftp://user@server:port/allowed_path_only
This code could definitely be better documented, but I don't think your question is related to subsystems.
when running the command mentioned above (bzr branch sftp://user@server:port/allowed_path_only) only SSHSession.request_subsystem is called (neither request_shell nor request_exec) - that's why I brought it up.
I managed to hack this by patching the _absPath method as follows: # put in my main file def absPath(self, path): # users is my own object which manages the users in the system profile = users.get(self.avatar.username) if profile: home = self.avatar.getHomeDir() abspath = os.path.abspath(os.path.join(home, path)) if abspath.startswith(profile.home_path): return abspath SFTPServerForUnixConchUser._absPath = absPath Not elegant, but this is good enough for me to move on.
On 22 Dec, 07:10 pm, tzury.by@gmail.com wrote:
Glyph, thanks for your attention and time. I am afraid I was not clear wit hmy question so please allow me to elaborate.
The way you control which paths a user can access in this scenario is by setting the filesystem permissions on those directories. Sorry, but Twisted cannot magically change your UNIX filesystem so that arbitrary commands see a different view of it.
I don't want to create a UNIX user per client. I want to design the system in a way that all the clients will access using one single 'public' account.
The key question is: do you just want an sftp server? Or are you trying to write a real SSH server, that can run commands?
e.g. bzr branch sftp://user@server:port/allowed_path_only
So, not "bzr+ssh://"?
when running the command mentioned above (bzr branch sftp://user@server:port/allowed_path_only) only SSHSession.request_subsystem is called (neither request_shell nor request_exec) - that's why I brought it up.
I believe "bzr+ssh://" will run request_exec instead. (It will try to run 'bzr'.)
participants (2)
-
glyph@divmod.com -
Tzury Bar Yochay