I'm looking at creating a server in python that I can run, and will work as an SSH server. This will then let different users login, and act as if they'd logged in normally, but only had access to one command.
I want to do this so that I can have a system where I can add users to without having to create a system wide account, so that they can then, for example, commit to a VCS branch, or similar.
While I can work out how to do this with conch to get it to a "custom" shell... I can't figure out how to make it so that the SSH stream works as if it were a real one (I'm preferably wanting to limit to /bin/bzr so that bzr+ssh will work.
It needs to be in python (which i can get to do the authorisation) but don't know how to do the linking to the app.
This needs to be in python to work within the app its designed for, and to be able to be used for those without access to add new users
When you write a Conch server, you can control what happens when the client makes a shell request by implementing ISession.openShell
. The Conch server will request IConchUser
from your realm and then adapt the resulting avatar to ISession
to call openShell
on it if necessary.
ISession.openShell
's job is to take the transport object passed to it and associate it with a protocol to interpret the bytes received from it and, if desired, to write bytes to it to be sent to the client.
In an unfortunate twist, the object passed to openShell
which represents the transport is actually an IProcessProtocol
provider. This means that you need to call makeConnection
on it, passing an IProcessTransport
provider. When data is received from the client, the IProcessProtocol
will call writeToChild
on the transport you pass to makeConnection
. When you want to send data to the client, you should call childDataReceived
on it.
To see the exact behavior, I suggest reading the implementation of the IProcessProtocol
that is passed in. Don't depend on anything that's not part of IProcessProtocol
, but seeing the implementation can make it easier to understand what's going on.
You may also want to look at the implementation of the normal shell-creation to get a sense of what you're aiming for. This will give you a clue about how to associate the stdio of the bzr child process you launch with the SSH channel.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With