Re: SSH daemon in Perl?
by haukex (Archbishop) on Jun 22, 2016 at 21:59 UTC
|
Hi robs87,
I know this probably isn't the response you're looking for, but my immediate thought upon reading this thread is: My suggestion is to spend your time figuring out how to do what you want with the standard tools instead of spending your time figuring out how to write your own SSH server. It may be less "interesting" but the solution should end up being more robust.
The reason is simple: security. For example, many firewalls I've seen allow incoming connections on this port (and only this port, I assume because many people consider SSH tried and tested and secure). Can you guarantee that the server you write will be secure? Will you be able to test its security? Will you follow news of possible SSH exploits, update your server accordingly, and be able to immediately update your servers? (OpenSSH and the distros that use it can.)
Port 22 is a privileged port. If you have enough permissions on this machine to set up a service that listens on this port, wouldn't it be possible for you to set up a new user with restricted access? Then you can rely on OpenSSH's security, *NIX's user account security, etc.
Of course maybe there's something I'm missing - I don't know the reasoning behind your post here, so if you could explain the why that might help.
Hope this helps, -- Hauke D
| [reply] |
|
Thanks for the information. I'll definitely reconsider my stance on writing an SSH server in Perl (though I am still curious about Net::SSH::Perl::Subsystem::Server).
I've installed openssh-server and created a Perl program named echo.pl as an example.
#!/usr/bin/perl
use strict;
use warnings;
while ( my $line = <> )
{
print $line;
}
How can I make the OpenSSH server execute this program upon connection without creating any user accounts? | [reply] [d/l] |
|
| [reply] |
|
|
|
|
Hi robs87,
How can I make the OpenSSH server execute this program upon connection without creating any user accounts?
What's stopping you from setting up a new user? One more thing to consider, in your suggested scenario, whose user permissions is the script supposed to run with - I'm guessing not sshd's permissions (often root)?
I don't know about Net::SSH::Perl::Subsystem::Server, but nothing is stopping you from trying it out :-) (The documentation does mention its API is in alpha.)
Regards, -- Hauke D
| [reply] [d/l] [select] |
|
|
|
| [reply] |
|
Re: SSH daemon in Perl?
by salva (Canon) on Jun 23, 2016 at 05:42 UTC
|
Net::SSH::Perl::Subsystem::Server is for subsystems (as SFTP), programs that run attached to SSH channels.
For writing servers check Net::Dropbear::SSHd, a fork of the dropbear SSH server with hooks which call back into Perl allowing one to customize its behavior.
Other possibilities would be to wrap libssh which implements the basis for a SSH server, or to extend Net::SSH::Perl with the missing functionality, | [reply] |
Re: SSH daemon in Perl?
by perlfan (Vicar) on Jun 22, 2016 at 18:31 UTC
|
It seems to me that all you wish to do is use ssh as the means to invoke a remote application, thereby using it as a simple transport or tunnel. I am pretty sure you don't need to do any ssh daemon futzing in Perl, but the remote client would; for example in your link above:
ssh api.example.com multiply a=4 b=5
| [reply] [d/l] |
|
Thanks for the response.
I could configure openssh-server to execute a Perl program upon connection, but that would require user accounts on the server. I would also lose a lot of control if the connections were handled by OpenSSH.
The goal is to create a self-contained Perl program (it's fine if it requires external modules) that listens on port 22. For simplicity, it can be a basic echo server. I'll connect by entering ssh localhost and it will echo back the lines I enter.
| [reply] [d/l] |
|
If all you want is a secure layer (and no users) maybe base your application on HTTPS (e.g., using Dancer2 and something like starman) rather than trying to emulate what ssh does.
| [reply] |
|
A reply falls below the community's threshold of quality. You may see it by logging in.
|