[Twisted-Python] twisted.conch.ssh.session.SSHSession.request_subsystem

glyph at divmod.com glyph at divmod.com
Mon Dec 22 10:38:59 EST 2008


On 01:45 pm, tzury.by at gmail.com wrote:
>the code is available at: http://gist.github.com/37446
>
>The point is that I am missing the knowledge needed in order to add
>path control.
>That is, controlling which path(s) a user can access.

UnixSSHRealm is a realm which returns SSH avatars that, like OpenSSH, 
can run arbitrary shell commands as the given UNIX user.

The way you control which paths a user can access in this scenario is by 
setting the filesystem permissions on those directories.  Sorry, but 
Twisted cannot magically change your UNIX filesystem so that arbitrary 
commands see a different view of it.

If you want to write an SSH application server that does *not* allow 
running UNIX commands, you are going to have to write a lot more code; 
in effect, emulating a shell (or denying access to one entirely, as 
described in http://cyli.livejournal.com/38382.html )
>at http://twisted.conch.ssh.session.SSHSession.html#request_subsystem
>it appears to be undocumented

This code could definitely be better documented, but I don't think your 
question is related to subsystems.  In order to see why, it would be 
helpful for you to understand http://www.ietf.org/rfc/rfc4254.txt 
section 6.5, "starting a shell or command", first.  (A subsystem is just 
a kind of command you can run.)




More information about the Twisted-Python mailing list