[Twisted-Python] twisted.conch.ssh.session.SSHSession.request_subsystem
glyph at divmod.com
glyph at divmod.com
Mon Dec 22 08:38:59 MST 2008
On 01:45 pm, tzury.by at gmail.com wrote:
>the code is available at: http://gist.github.com/37446
>
>The point is that I am missing the knowledge needed in order to add
>path control.
>That is, controlling which path(s) a user can access.
UnixSSHRealm is a realm which returns SSH avatars that, like OpenSSH,
can run arbitrary shell commands as the given UNIX user.
The way you control which paths a user can access in this scenario is by
setting the filesystem permissions on those directories. Sorry, but
Twisted cannot magically change your UNIX filesystem so that arbitrary
commands see a different view of it.
If you want to write an SSH application server that does *not* allow
running UNIX commands, you are going to have to write a lot more code;
in effect, emulating a shell (or denying access to one entirely, as
described in http://cyli.livejournal.com/38382.html )
>at http://twisted.conch.ssh.session.SSHSession.html#request_subsystem
>it appears to be undocumented
This code could definitely be better documented, but I don't think your
question is related to subsystems. In order to see why, it would be
helpful for you to understand http://www.ietf.org/rfc/rfc4254.txt
section 6.5, "starting a shell or command", first. (A subsystem is just
a kind of command you can run.)
More information about the Twisted-Python
mailing list