in reply to Re: SSH daemon in Perl?
in thread SSH daemon in Perl?

Thanks for the information. I'll definitely reconsider my stance on writing an SSH server in Perl (though I am still curious about Net::SSH::Perl::Subsystem::Server).

I've installed openssh-server and created a Perl program named echo.pl as an example.

#!/usr/bin/perl

use strict;
use warnings;

while ( my $line = <> )
{
    print $line;
}

[download]

How can I make the OpenSSH server execute this program upon connection without creating any user accounts?

Replies are listed 'Best First'.
Re^3: SSH daemon in Perl?
by hippo (Archbishop) on Jun 22, 2016 at 22:59 UTC
    How can I make the OpenSSH server execute this program upon connection without creating any user accounts?

    You'll need one user to actually own the process running the perl script but it can be the same user serving all your clients. Then use ForceCommand to ensure that they can only execute echo.pl. You can/should also set that user's shell to something suitably restrictive.

[reply]

      Yes, one user will execute the Perl program. However, is it possible to execute the program immediately upon connection without logging in with a Unix user account?

      Going back to the example of the SSH chat server written in Go (https://medium.com/swlh/ssh-how-does-it-even-9e43586e4ffc), a client can enter ssh hostname in their terminal and enter the "chat room" without logging in.

[reply]
[d/l]
        To reword the question:

        "upon connection" means there is 'something' listening on port 22. This 'something' (e.g. your server) already has to run beforehand (waiting for the actual connection and doing the authentication thing, as you yourself already stated).

        Under which user shall this 'something' run? This could be a single non-privileged user account "mycoolservice" dedicated exclusively to that ssh daemon.
[reply]
Re^3: SSH daemon in Perl?
by haukex (Archbishop) on Jun 22, 2016 at 22:58 UTC

    Hi robs87,

    How can I make the OpenSSH server execute this program upon connection without creating any user accounts?

    What's stopping you from setting up a new user? One more thing to consider, in your suggested scenario, whose user permissions is the script supposed to run with - I'm guessing not sshd's permissions (often root)?

    I don't know about Net::SSH::Perl::Subsystem::Server, but nothing is stopping you from trying it out :-) (The documentation does mention its API is in alpha.)

    Regards,
    -- Hauke D

[reply]
[d/l]
[select]

      It wouldn't be practical to create a user account on the server for each user. Plus, doing so would lead to quite a few security concerns. Authentication will be handled by the Perl program. Perhaps OpenSSH can be configured to pass the username and password to the Perl program as arguments?

      I'd rather not execute the Perl program as root. Perhaps OpenSSH has an option to execute it as a different user?

[reply]

        Hi robs87,

        You haven't explained why you need this kind of SSH connection like you described here. Doing so would help in that maybe there is an easier solution to the problem you're trying to solve. For example, have you considered something like telnet+SSL?

        I haven't worked much with OpenSSH so this is just an educated guess, but you might want to look into PAM (pluggable authentication modules), I believe OpenSSH can be configured to use custom PAM modules which might give you the ability to have OpenSSH authenticate with something other than UNIX accounts.

        Hope this helps,
        -- Hauke D

[reply]
Re^3: SSH daemon in Perl?
by RonW (Parson) on Jun 23, 2016 at 21:50 UTC

    OpenSSH can be configured to use PAM for authentication, but Net::Dropbear::SSHd (as suggested by salva) looks like it would be easier to use for what you plan to do.

[reply]

      Thanks, that module looks promising. I'll give it a try.

[reply]

In Section Seekers of Perl Wisdom