Hi robs87,

I know this probably isn't the response you're looking for, but my immediate thought upon reading this thread is: My suggestion is to spend your time figuring out how to do what you want with the standard tools instead of spending your time figuring out how to write your own SSH server. It may be less "interesting" but the solution should end up being more robust.

The reason is simple: security. For example, many firewalls I've seen allow incoming connections on this port (and only this port, I assume because many people consider SSH tried and tested and secure). Can you guarantee that the server you write will be secure? Will you be able to test its security? Will you follow news of possible SSH exploits, update your server accordingly, and be able to immediately update your servers? (OpenSSH and the distros that use it can.)

Port 22 is a privileged port. If you have enough permissions on this machine to set up a service that listens on this port, wouldn't it be possible for you to set up a new user with restricted access? Then you can rely on OpenSSH's security, *NIX's user account security, etc.

Of course maybe there's something I'm missing - I don't know the reasoning behind your post here, so if you could explain the why that might help.

Hope this helps,
-- Hauke D

Thanks for the information. I'll definitely reconsider my stance on writing an SSH server in Perl (though I am still curious about Net::SSH::Perl::Subsystem::Server).

I've installed openssh-server and created a Perl program named echo.pl as an example.

#!/usr/bin/perl

use strict;
use warnings;

while ( my $line = <> )
{
    print $line;
}
[download]

How can I make the OpenSSH server execute this program upon connection without creating any user accounts?

How can I make the OpenSSH server execute this program upon connection without creating any user accounts?

You'll need one user to actually own the process running the perl script but it can be the same user serving all your clients. Then use ForceCommand to ensure that they can only execute echo.pl. You can/should also set that user's shell to something suitably restrictive.

Hi robs87,

How can I make the OpenSSH server execute this program upon connection without creating any user accounts?

What's stopping you from setting up a new user? One more thing to consider, in your suggested scenario, whose user permissions is the script supposed to run with - I'm guessing not sshd's permissions (often root)?

I don't know about Net::SSH::Perl::Subsystem::Server, but nothing is stopping you from trying it out :-) (The documentation does mention its API is in alpha.)

Regards,
-- Hauke D

OpenSSH can be configured to use PAM for authentication, but Net::Dropbear::SSHd (as suggested by salva) looks like it would be easier to use for what you plan to do.

For writing servers check Net::Dropbear::SSHd, a fork of the dropbear SSH server with hooks which call back into Perl allowing one to customize its behavior.

Other possibilities would be to wrap libssh which implements the basis for a SSH server, or to extend Net::SSH::Perl with the missing functionality,

Thanks for the response.

I could configure openssh-server to execute a Perl program upon connection, but that would require user accounts on the server. I would also lose a lot of control if the connections were handled by OpenSSH.

The goal is to create a self-contained Perl program (it's fine if it requires external modules) that listens on port 22. For simplicity, it can be a basic echo server. I'll connect by entering ssh localhost and it will echo back the lines I enter.

If all you want is a secure layer (and no users) maybe base your application on HTTPS (e.g., using Dancer2 and something like starman) rather than trying to emulate what ssh does.