[Tutor] security with ssh??

Magnus Lycka magnus@thinkware.se
Tue, 27 Aug 2002 15:26:15 +0200 

At 23:18 2002-08-27 +1200, Thomi Richards wrote:
>Is there any easy way that any of you ppl can think of, to provide an
>ssh login to a computer, using python?? So that the user can ssh in
>normally, but instead of sshing in to the actual machine, they end up
>running the python program instead, and when they quit the python
>program, they are disconnected?? I ask because i could not find any sort
>of ssh module for python. does anyone know of one?

What OS?

In unix and friends, the easiest solution would be to execute
your python program from a login script. Create one (or more)
specific user(s) for the purpose, and fix their setup script
like this:

[mypythonuser@mymachine ~/mypythonuser]$ more .bashrc
# .bashrc
exec ./mypythonprogram

There are security issues around this. Can the user manage
to break the .bashrc script with Ctrl-C before you start the
program etc? These are standard unix security issues that
have nothing to do with python.

Another option would be to use you program as login shell.
This places some requirements on your application though.
To be honest, I'm not sure what the requirements are there.
I can replace /bin/bash with /usr/bin/python and get python
as a login shell, but replacing it with a simple python script
doesn't work. Maybe it's just lacking some environment
variables? Trying to use a python script as login shell gave
"Permission denied". Wrapping it with McMillan installer gave:
X:\xxx>ssh -l username machine
Password:
Last login: Tue Aug 27 14:47:17 2002 from xxxxxx
Cannot open archive: /usr/X11R6/bin/-tinyshellConnection to palanga closed.

Another option is to look at medusa, which lets you write internet
servers. I think there is an SSL wrapper for medusa somewhere.
See http://www.nightmare.com/medusa/ SSL is not ssh, but it is another
option that gives you encrypted traffic. Of course, ssh would not be
the client...



--=20
Magnus Lyck=E5, Thinkware AB
=C4lvans v=E4g 99, SE-907 50 UME=C5
tel: 070-582 80 65, fax: 070-612 80 65
http://www.thinkware.se/  mailto:magnus@thinkware.se