[Twisted-Python] SSH Server with commands filtering

Tzury Bar Yochay tzury.by at gmail.com
Thu Dec 18 11:55:12 EST 2008


On Thu, Dec 18, 2008 at 4:01 PM, Jean-Paul Calderone <exarkun at divmod.com> wrote:
> On Thu, 18 Dec 2008 15:38:55 +0200, Tzury Bar Yochay <tzury.by at gmail.com>
> wrote:
>>
>> Hi,
>> I am willing to deploy on my server an SSH daemon which I can control
>> what commands can be executed, and by who.
>> After playing with jailkit [link] I realised that implementing my own
>> SSH server will give me more power and scalability (especially
>> regarding of users, keys and accounts management).
>>
>> Naturally I approached twisted knowing it will solve this problem as a
>> smart kiddo solves a simple safari puzzle.
>>
>> Playing with samples found on the web and at Twisted docs, I realised
>> that twisted has everything I need for the task, but I am missing the
>> knowledge of how to glue it all together.
>>
>> In fact, a command if not working on the first strike, works on the second
>> try.
>
> Can you have git be more verbose about what it's going?  If it is running
> OpenSSH's ssh client, can you have it pass -v (verbose) a few times?  That
> might provide more hints about what's going wrong.  You should also try
> enabling Twisted logging in your SSH server to see if any useful information
> is available there.
>
> Jean-Paul
>

Jean Paul, thanks for your suggestions, however, either -v or
--verbose yields an error: unknown switch `v'
regarding logs on the twisted side, I got this line at the top of the file:
log.startLogging(sys.stderr)
is there anything else I can do in order to expand the logging options.

anyway, once I changed the following:

    def execCommand(self, proto, cmd):
        command = ('git-shell', '-c', cmd)
        shell = '/usr/bin/git-shell'
        reactor.spawnProcess(proto, shell, command)
into:

    def execCommand(self, proto, cmd):
        command = ('git-shell', '-c', cmd)
        shell = '/usr/bin/git-shell'
        reactor.callFromThread(lambda: reactor.spawnProcess(proto,
shell, command))

Everything works fine. Seems like this separation did something good.




More information about the Twisted-Python mailing list