Howto Serve Python CLI Application Over SSH

Question

I'm in the process of writing an application with an Urwid front-end and a MongoDB back-end in python. The ultimate goal is to be able to be able to serve the application over SSH. The application has its own authentication/identity system. I'm not concerned about the overhead of launching a new process for each user, the expected number of concurrent users is low. Since the client does not recall any state information and instead it is all stored in the DB I'm not concerned about sessions as such except for authentication purposes.

I was wondering if there are any methods to serving the application as is without having to roll my own socket-server code or re-code the app using Twisted. I honestly don't know how Urwid and Twisted play together. I see that Urwid has a TwistedEventLoop method which purports to use the twisted reactor but I cannot find any example code running an Urwid application over a twisted connection. Examples would be appreciated, even simple ones. I've also looked at ZeroMQ but that seems even more inscrutable than Twisted. In short I explored a number of different libraries which purport to serve applications over tcp, most of them by telnet. And nearly all of them focusing on http.

Worst case scenario I expect that I may create an extremely locked down user as a global login and use chrooted SSH sessions. that way each user gets their own chroot/process/client. Yes, I know that's probably a "Very Bad Idea(tm)". But I had to throw it out there as a possibility.

I appreciate any constructive feedback. Insults, chides, and arrogance will be scowled at, printed out and spat upon.

-CH

Answer 1

Twisted has a layer for writiing this kind of thing: twisted.conch.insults. I want to be careful not to oversell it; it still needs more documentation and some features are lacking. As the docstring says, it is 'very basic at the moment'.

Insults came about for a reason though. My understanding is that Urwid, even in its Twisted mode, is talking directly to a file descriptor, though, and therefore can't have its output encrypted and transported by the same thread; someone needs to be reading the other end of that file descriptor. I believe the Twisted mode is more about having a console application using Urwid which uses Twisted networking for other stuff; as you might want to have in a client application, or in a server with a console view.

If you don't mind one process per connection, you may be able to write an SSH server using Conch that spawns your Urwid program as a subprocess using a PTY, with information about its authentication and environment supplied, for example, via environment variables. Check out the spawnProcess API and Jean-Paul Calderone's excellent series on using Conch.