Re^6: SSH daemon in Perl?

The original goal was to write an SSH daemon in Perl, but haukex suggested using the OpenSSH server instead.

Under this model, there will be no Perl SSH daemon. Instead, there will be a simple Perl program that reads input from STDIN and sends output to STDOUT. This program will be executed by OpenSSH upon connection.

Yes, OpenSSH will execute this program as a single non-privileged user. However, it's important that I do not have to log in as this user upon connection.

Here's a sample of what the session output should look like:

$ ssh abc123@localhost
Hello, world!
Hello, world!

$ ssh asdfghjkl@localhost
This is a simple echo server as an example.
This is a simple echo server as an example.
[download]

Notice that no authentication takes place. It proceeds to execute echo.pl (as the single non-privileged user) regardless of the username that was sent.

Comment on Re^6: SSH daemon in Perl? Download Code

Replies are listed 'Best First'.
Re^7: SSH daemon in Perl? by soonix (Chancellor) on Jun 24, 2016 at 06:59 UTC
Then you don't need no steenken' login :-) The script can run as your service user and do its thing on behalf of your other users. The "login" issue probably surfaced because most "SSH servers" let their users do things that are security relevant.	[reply]
Re^8: SSH daemon in Perl? by robs87 (Novice) on Jun 24, 2016 at 14:10 UTC
Yes, that's the kind of of functionality I would like. Connect to the server and execute the program (as the service user) without checking whether $USER (sent by the SSH client) exists. However, the OpenSSH server doesn't seem to have options for this. Or does it?	[reply]
Re^9: SSH daemon in Perl? by soonix (Chancellor) on Jun 26, 2016 at 21:36 UTC
Don't know enough to help with OpenSSH server config. However, the main problem I see is: you want this on port 22. this will interfere with "normal" ssh login (which also uses port 22) for that machine Port 22 is privileged, you need root for this You could take the approach many git servers do: the user named "git" has a special shell allowing only specific operations (that would correspond to your script). Since you need to be root anyway(), this looks like the easier approach. Your users then connect `ssh yourserviceuser@yourhost` [download] and if your script needs their "real" credentials, it can ask them (or, like git, distinguishes them by their SSH key). ()Update: for configuration, not for running it	[reply] [d/l]