Python - How to use Conch to create a Virtual SSH server

I'm looking at creating a server in python that I can run, and will work as an SSH server. This will then let different users login, and act as if they'd logged in normally, but only had access to one command.

I want to do this so that I can have a system where I can add users to without having to create a system wide account, so that they can then, for example, commit to a VCS branch, or similar.

While I can work out how to do this with conch to get it to a "custom" shell... I can't figure out how to make it so that the SSH stream works as if it were a real one (I'm preferably wanting to limit to /bin/bzr so that bzr+ssh will work.

It needs to be in python (which i can get to do the authorisation) but don't know how to do the linking to the app.

This needs to be in python to work within the app its designed for, and to be able to be used for those without access to add new users

Asked by: Maddie795 | Posted: 28-01-2022

Answer 1

When you write a Conch server, you can control what happens when the client makes a shell request by implementing ISession.openShell. The Conch server will request IConchUser from your realm and then adapt the resulting avatar to ISession to call openShell on it if necessary.

ISession.openShell's job is to take the transport object passed to it and associate it with a protocol to interpret the bytes received from it and, if desired, to write bytes to it to be sent to the client.

In an unfortunate twist, the object passed to openShell which represents the transport is actually an IProcessProtocol provider. This means that you need to call makeConnection on it, passing an IProcessTransport provider. When data is received from the client, the IProcessProtocol will call writeToChild on the transport you pass to makeConnection. When you want to send data to the client, you should call childDataReceived on it.

To see the exact behavior, I suggest reading the implementation of the IProcessProtocol that is passed in. Don't depend on anything that's not part of IProcessProtocol, but seeing the implementation can make it easier to understand what's going on.

You may also want to look at the implementation of the normal shell-creation to get a sense of what you're aiming for. This will give you a clue about how to associate the stdio of the bzr child process you launch with the SSH channel.

Answered by: Emily908 | Posted: 01-03-2022

Answer 2

While Python really is my favorite language, I think you need not create you own server for this. When you look at the OpenSSH Manualpage for sshd you'll find the "command" options for the authorized keys file that lets you define a specific command to run on login.

Using keys, you can use one system account to allow many user to log in, just put their public keys in the account's authorized keys file.

We are using this to create SSH tunnels for SVN and it works just great.

Answered by: Roman495 | Posted: 01-03-2022

Similar questions

python - Adding twisted code to a pygtk app

I have a simple pygtk app using urllib2, what changes should I make to add working twisted code? The example it's confusing

Chat comet site using python and twisted

Closed. This question needs details or clarity. It ...

python - Apache vs Twisted

I know Twisted is a framework that allows you to do asynchronous non-blocking i/o but I still do not understand how that is different from what Apache server does. If anyone could explain the need for twisted, I would appreciate it..

Python - Twisted and Unit Tests

I'm writing unit tests for a portion of an application that runs as an HTTP server. The approach I have been trying to take is to import the module that contains the HTTP server, start it. Then, the unit tests will use urllib2 to connect, send data, and check the response. Our HTTP server is using Twisted. One problem here is that I'm just not that familiar with Twisted :) Now, I instantiate our HTTP ser...

python - How can I reduce memory usage of a Twisted server?

I wrote an audio broadcasting server with Python/Twisted. It works fine, but the usage of memory grows too fast! I think that's because some user's network might not be good enough to download the audio in time. My audio server broadcast audio data to different listener's client, if some of them can't download the audio in time, that means, my server keep the audio data until listeners received. And what's more, m...

python - using django and twisted together

1)I want to devlop a website that has forums and chat.The chat and forums are linked in some way.Meaning for each thread the users can chat in the chat room for that thread or can post a reply to the forum. I was thinking of using django for forums and twisted for chat thing.Can i combine the two? The chat application devloped using twisted is linked to the forum. 2)If i use twisted and djang...

python - How to init twisted reactor in the right way?

i have a class MyJabber which init a basic jabber account that print the incoming messages to stdout + put them into a queue. The code that add the client to the reactor is this: def addReactor(self): print 'inside AddReactor' factory = client.basicClientFactory(self.jid, self.option['jabber']['password']) print "factory initialized" factory.addBootstrap(xmlstream.STREAM_AUTHD_EVENT...

twisted - unbound python method, potentially scope issue

I'm using iPython right now to interactively set up a Twisted network. The script that I run in iPython describes best of what I have to do: import router, pdb # creates nodes which encapsulate RandomVector and VectorAdder objects a = router.LocalNode(router.RandomVector, '/topic/a_c') b = router.LocalNode(router.RandomVector, '/topic/b_c') c = router.LocalNode(router.VectorAdder) c.registerAsListener('/to...

python - How to step through debug twisted?

I'd like to be able to debug Punjab, a twisted python application, in Netbeans so that I can step through the code. How can I do that? Alternatively, how could I do it in a different debugger?

Start Python from Twisted

I have learnt Python for about a month as a one year's PHPer.And I started from Twisted as I'm working in a corporation supplying webservice.I have finished some simple application such as data transferring service,page images-fetch service etc.But the problem is ,I don't understand the struture of codes I wrote in the programs quite well .Every time I have to write codes by watching an example.And my question is ,should I...

Still can't find your answer? Check out these communities...

PySlackers | Full Stack Python | NHS Python | Pythonist Cafe | Hacker Earth | Discord Python