Shulou(Shulou.com)06/01 Report--

This article mainly introduces "building interactive SSH applications using python customization". In daily operation, I believe that many people have doubts about using python customization to build interactive SSH applications. Xiaobian consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts of "using python customization to build interactive SSH applications". Next, please follow the editor to study!

The usage mode of SSH is divided into two modes: interactive mode and non-interactive mode. In automation systems, non-interactive SSH is more commonly used, and automation tools are based on this mode, such as ansiable and salt-ssh, as well as the SSH mode of file synchronization tool rsync. In this paper, we will talk about the construction of interactive SSH application, and take Python as an example to implement a basic interactive application.

Custom shell

On the server, you can use OpenSSH to complete three steps to obtain shell: authentication, shell sessions, and commands. We can configure shell at will (via / etc/passwd). For example, if the user's login shell is set to / usr/bin/cshell, cshell (which can be a custom interactive program) runs after logging in. The definition of shell is also very simple, as long as edit / etc/passwd with root permissions to modify the last field as a custom shell program. If the user connects to the server through the assigned TTY (completed by default), they will be able to run custom or interactive applications.

Authorized_keys configuration

It is important to note that if you use a custom shell application, you cannot accept additional command-line arguments passed by the user, such as losing the last-an argument when ssh user@host ls-an is executed. In order to solve this problem, we need to overwrite the running command. In order to overwrite the running command, we can use the user certificate to verify the authorized_keys file. Before each line of the file, you can add options for users who log in with that key. One of these options is the "command" option. For example, add the following statement to / home/user/.ssh/authorized_keys:

Command = "/ usr/bin/Ccommand" ssh-rsa... User

The user's shell (probably / bin/sh) can run nethack automatically, and no matter which command is configured (stored in the SSH_ORIGINAL_COMMAND in the environment if necessary) will be executed first. For security reasons, the restriction configuration is generally set:

Restrict,pty,command = "…" Ssh-rsa... User

For more detailed setting options, please refer to the sshd official manual. By default, most things are disabled, and TTY allocation is explicitly re-enabled through pty, so that you can customize your own terminal applications (such as those written by curses under Python). Let's take a look at an example of a typical multi-user limited login authorized_keys configuration under a typical gitlab:

Sshd_config configuration

Another place you can use to configure startup commands is the sshd configuration file: / etc/ssh/sshd_config. Configure additional execution commands through sshd_config 's AuthorizedKeysCommand. It is set to execute arbitrary programs and get the authorized_keys file from the standard output stdout. For example, it can be configured to:

AuthorizedKeysCommand / usr/bin/Ccommand "u"h"t"k" AuthorizedKeysUser root

The format string in the above configuration is used to provide the command with the user name (% u) that attempted to log in, the user's home directory (% h), the type of key being used (% t, such as ssh-rsa), and the public key encoded in base64 (% k). The key provided here can be used to identify the user, and the user public key can be stored in the database, queried by the application and provided to the sshd for authentication. You can embed a custom command line application here.

Python interactive SSH instance

Here is a simple example of AuthorizedKeysCommand and python:

The buildrht-shell command in the above script tells the user to connect using commands such as ssh builds@buildhost connect, and you can use the SSH_ORIGINAL_COMMAND variable to get its command line:

Then there is authentication, checking its key and connection:

The most important thing in interactive SSH is to provide real-time feedback on input commands. The tail program is used to do this to build and print logs to standard output:

Above we have constructed a custom personalized interactive SSH application example.

At this point, the study on "building interactive SSH applications with python customization" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.