[Twisted-Python] SSH Server with commands filtering

Jean-Paul Calderone exarkun at divmod.com
Thu Dec 18 10:08:28 MST 2008 

On Thu, 18 Dec 2008 18:55:12 +0200, Tzury Bar Yochay <tzury.by at gmail.com> wrote:
>On Thu, Dec 18, 2008 at 4:01 PM, Jean-Paul Calderone <exarkun at divmod.com> wrote:
>> On Thu, 18 Dec 2008 15:38:55 +0200, Tzury Bar Yochay <tzury.by at gmail.com>
>> wrote:
>>>
>>> Hi,
>>> I am willing to deploy on my server an SSH daemon which I can control
>>> what commands can be executed, and by who.
>>> After playing with jailkit [link] I realised that implementing my own
>>> SSH server will give me more power and scalability (especially
>>> regarding of users, keys and accounts management).
>>>
>>> Naturally I approached twisted knowing it will solve this problem as a
>>> smart kiddo solves a simple safari puzzle.
>>>
>>> Playing with samples found on the web and at Twisted docs, I realised
>>> that twisted has everything I need for the task, but I am missing the
>>> knowledge of how to glue it all together.
>>>
>>> In fact, a command if not working on the first strike, works on the second
>>> try.
>>
>> Can you have git be more verbose about what it's going?  If it is running
>> OpenSSH's ssh client, can you have it pass -v (verbose) a few times?  That
>> might provide more hints about what's going wrong.  You should also try
>> enabling Twisted logging in your SSH server to see if any useful information
>> is available there.
>>
>> Jean-Paul
>>
>
>Jean Paul, thanks for your suggestions, however, either -v or
>--verbose yields an error: unknown switch `v'

I'm not familiar with git.  I meant for -v to be passed as an argument to
ssh.

>regarding logs on the twisted side, I got this line at the top of the file:
>log.startLogging(sys.stderr)
>is there anything else I can do in order to expand the logging options.

Ah, I overlooked that.  Once you've enabled it, it's basically as verbose
as it's going to get.  What do you see relating to SSH in the log file?
Conch is pretty verbose.

>
>anyway, once I changed the following:
>
>    def execCommand(self, proto, cmd):
>        command = ('git-shell', '-c', cmd)
>        shell = '/usr/bin/git-shell'
>        reactor.spawnProcess(proto, shell, command)
>into:
>
>    def execCommand(self, proto, cmd):
>        command = ('git-shell', '-c', cmd)
>        shell = '/usr/bin/git-shell'
>        reactor.callFromThread(lambda: reactor.spawnProcess(proto,
>shell, command))
>
>Everything works fine. Seems like this separation did something good.

Since execCommand is already only called in the reactor thread, this
isn't doing much - but it is slightly changing the timing of when
things happen.  That suggests the real problem may be a race between
different parts of your code.  It's not obvious what the race might be
between, from reading your code, though.

Jean-Paul

More information about the Twisted-Python mailing list