[Twisted-Python] ssh manhole
folks- so, i've read over a number of threads in the archives, and the docs on tm.com, and i think i'm missing a few pieces of info, so i'd appreciate any help. for the moment i have a multiservice application that i've added a telnet manhole interface to. however, due to the deprecation of the twisted.manhole.telnet module, and my disinterest in sending passwords in plaintext, i'd like to update this to use ssl. this much i know how to do, but then i would assume the only way to connect to this interface would be with the openssl binary (i think i've done this before), as it would still be using the manhole- specific login system. what i'd really like is to be able to use a regular ssh client to connect, ideally by implementing a Portal on the back end to authenticate users against an existing database. if it could use that nifty manhole syntax coloring, so much the better. is this actually possible? i have to admit i have a great deal of ignorance about the difference between a terminal connection through openssl and an actual ssh login, and I've never gotten my feet wet with conch before. i guess what i'm asking is what modules should i look at, and what classes should i expect to have to implement to make this happen? (of course, providing it is actually possible to do this)... i know there's the PB interface into manhole that could be easily encrypted, but i am enthusiastic about using this kind of feature on several projects, and i'd like to end up with something that's easily plugged into "any" server... thanks in advance, -phil
On Sun, 01 Jan 2006 18:29:54 -0500, Phil Christensen <phil@bubblehouse.org> wrote:
folks-
so, i've read over a number of threads in the archives, and the docs on tm.com, and i think i'm missing a few pieces of info, so i'd appreciate any help.
for the moment i have a multiservice application that i've added a telnet manhole interface to. however, due to the deprecation of the twisted.manhole.telnet module, and my disinterest in sending passwords in plaintext, i'd like to update this to use ssl.
this much i know how to do, but then i would assume the only way to connect to this interface would be with the openssl binary (i think i've done this before), as it would still be using the manhole- specific login system.
what i'd really like is to be able to use a regular ssh client to connect, ideally by implementing a Portal on the back end to authenticate users against an existing database. if it could use that nifty manhole syntax coloring, so much the better.
is this actually possible? i have to admit i have a great deal of ignorance about the difference between a terminal connection through openssl and an actual ssh login, and I've never gotten my feet wet with conch before.
i guess what i'm asking is what modules should i look at, and what classes should i expect to have to implement to make this happen? (of course, providing it is actually possible to do this)...
i know there's the PB interface into manhole that could be easily encrypted, but i am enthusiastic about using this kind of feature on several projects, and i'd like to end up with something that's easily plugged into "any" server...
thanks in advance,
I'm confused. Do you want an SSL server or an SSH server? Jean-Paul
On Jan 1, 2006, at 7:12 PM, Jean-Paul Calderone wrote:
On Sun, 01 Jan 2006 18:29:54 -0500, Phil Christensen <phil@bubblehouse.org> wrote:
folks- [snip snip snip] i guess what i'm asking is what modules should i look at, and what classes should i expect to have to implement to make this happen? (of course, providing it is actually possible to do this)...
i know there's the PB interface into manhole that could be easily encrypted, but i am enthusiastic about using this kind of feature on several projects, and i'd like to end up with something that's easily plugged into "any" server...
thanks in advance,
I'm confused. Do you want an SSL server or an SSH server?
Jean-Paul
i would like an ssh server, so that i can ssh into manhole from a regular terminal, essentially so that i can use the ssh interactive password prompts to authenticate against some arbitrary backend. -phil
On Sun, 01 Jan 2006 19:55:04 -0500, Phil Christensen <phil@bubblehouse.org> wrote:
On Jan 1, 2006, at 7:12 PM, Jean-Paul Calderone wrote: [snip]
I'm confused. Do you want an SSL server or an SSH server?
Jean-Paul
i would like an ssh server, so that i can ssh into manhole from a regular terminal, essentially so that i can use the ssh interactive password prompts to authenticate against some arbitrary backend.
Okay. You just need to implement a checker for IUsernamePassword, then. Add this to a portal wrapped around a realm that knows about IConchUsers and you should be set, as far as authentication goes. Take a look at twisted/conch/manhole_ssh.py for an idea of what needs to happen to hook manhole up to a conch server. Jean-Paul
On Jan 1, 2006, at 9:40 PM, Jean-Paul Calderone wrote:
Okay. You just need to implement a checker for IUsernamePassword, then. Add this to a portal wrapped around a realm that knows about IConchUsers and you should be set, as far as authentication goes.
Take a look at twisted/conch/manhole_ssh.py for an idea of what needs to happen to hook manhole up to a conch server.
that was amazingly easy...not that i should be surprised. however, i'm running into one little snafu. my realm creates a TerminalUser instance like this: def _getSSHAvatar(self, avatarId): comp = components.Componentized() user = manhole_ssh.TerminalUser(comp, avatarId) sess = manhole_ssh.TerminalSession(comp) sess.transportFactory = manhole_ssh.TerminalSessionTransport sess.chainedProtocolFactory = insults.ServerProtocol comp.setComponent(conch_interfaces.IConchUser, user) comp.setComponent(conch_interfaces.ISession, sess) return user and returns it from requestAvatar with: return conch_interfaces.IConchUser, self._getSSHAvatar (avatarId), lambda: None however, shortly thereafter i an exception, attached below. also, i did find this comment in manhole_ssh.TerminalSessionTransport that i was a bit confused by: # XXX TODO # chainedProtocol is supposed to be an ITerminalTransport, # maybe. That means perhaps its terminalProtocol attribute is # an ITerminalProtocol, it could be. So calling terminalSize # on that should do the right thing But it'd be nice to clean # this bit up. self.chainedProtocol.terminalProtocol.terminalSize(width, height) I am running the latest svn-trunk as of this email. Any help would be appreciated. -phil 00:41 EST [SSHServerTransport,0,127.0.0.1] kex alg, key alg: diffie- hellman-group1-sha1 ssh-rsa 00:41 EST [SSHServerTransport,0,127.0.0.1] server->client: aes128-cbc hmac-md5 none 00:41 EST [SSHServerTransport,0,127.0.0.1] client->server: aes128-cbc hmac-md5 none 00:41 EST [SSHServerTransport,0,127.0.0.1] starting service ssh-userauth 00:41 EST [SSHService ssh-userauth on SSHServerTransport,0,127.0.0.1] wizard trying auth none 00:41 EST [SSHService ssh-userauth on SSHServerTransport,0,127.0.0.1] wizard trying auth password 00:41 EST [SSHService ssh-userauth on SSHServerTransport,0,127.0.0.1] wizard authenticated with password 00:41 EST [SSHService ssh-userauth on SSHServerTransport,0,127.0.0.1] starting service ssh-connection 00:41 EST [SSHService ssh-connection on SSHServerTransport, 0,127.0.0.1] got channel session request 00:41 EST [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,127.0.0.1] channel open 00:41 EST [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,127.0.0.1] pty request: ansi (48L, 80L, 480L, 672L) 00:41 EST [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,127.0.0.1] getting shell 00:41 EST [SSHChannel session (0) on SSHService ssh-connection on SSHServerTransport,0,127.0.0.1] Traceback (most recent call last): File "/[python home snipped]/twisted/python/log.py", line 38, in callWithContext return context.call({ILogContext: newCtx}, func, *args, **kw) File "/[python home snipped]/twisted/python/context.py", line 59, in callWithContext return self.currentContext().callWithContext(ctx, func, *args, **kw) File "/[python home snipped]/twisted/python/context.py", line 37, in callWithContext return func(*args,**kw) File "/[python home snipped]/twisted/conch/ssh/channel.py", line 97, in requestReceived return f(data) --- <exception caught here> --- File "/[python home snipped]/twisted/conch/ssh/session.py", line 52, in request_shell self.session.openShell(pp) File "/[python home snipped]/twisted/conch/manhole_ssh.py", line 75, in openShell self.width, self.height) File "/[python home snipped]/twisted/conch/manhole_ssh.py", line 60, in __init__ self.chainedProtocol.terminalProtocol.terminalSize(width, height) exceptions.AttributeError: 'NoneType' object has no attribute 'terminalSize'
participants (2)
-
Jean-Paul Calderone
-
Phil Christensen