Re: Perl CGI SSH

CGI is a connectionless protocol. SSH is NOT.

In my opinion, you'd have to create a separate process to keep the ssh connection open, then connect to it from the CGI each time the CGI is called with new information from the web client.

Naturally, you'll have to count with the possibility of having more than one ssh connection open at the same time, so you'll have to have a way to connect to correct ssh "connector".

I strongly suggest you use CGI::Session to keep the identifying value only on your server, and NOT visible to the user - if the user can see it, they can usualy change it, and that would be a big security risk.

For some ideas on how to communicate between the CGI and the SSH connector, read perlipc

Comment on Re: Perl CGI SSH

Replies are listed 'Best First'.
Re: Re: Perl CGI SSH by BUU (Prior) on May 02, 2004 at 07:06 UTC
Even using CGI::Session the "identifying value" is still stored on the users computer. They can always modify it.	[reply]
Re: Re: Re: Perl CGI SSH by matija (Priest) on May 02, 2004 at 07:12 UTC
Yes, they can. But in a well written session module, the identifying value is sufficiently random and from a sufficiently large pool, that they would have to try for a very, very long time before they hit another valid session. If you give your sessions consecutive identifying values, then of course you are just asking for trouble...	[reply]
Re: Re: Perl CGI SSH by JoeJaz (Monk) on May 02, 2004 at 05:56 UTC
I like that idea of using the CGI::Session module. I have been trying to do a similar thing using cookies and have had a lot of trouble keeping them secure. Sessions seem to be the way to go. Joe	[reply]