[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

usermod -S /path/to/app vs. custom server program with libssh

Good evening and happy Friday! :)

What I mean, process-wise, is something like:

- At a terminal, user runs ssh gameorwhatever@myserver
- The request goes to sshd, with the key or password or whatever, and the user is in.
- The "gameorwhatever" user's shell is set to /path/to/some/program, and a chroot is in place, so the user uses the game or whatever, and when s/he is done s/he is disconnected from the server.

On the other hand, the other way (and the way I was originally thinking of going for this project), was:

- At a terminal, user runs ssh gameorwhatever@myserver

- The request goes to /path/to/some/program, which hopefully handles the key stuff correctly, and hopefully does all the sending/receiving correctly, and all that.

So I've been thinking, just out of curiosity, why (and when) would I choose one strategy over the other? If I want to set up something other than a full-on OS shell, and make it accessible over SSH, what would be the pros and cons of using libssh to create a server program vs. creating a user with minimal access to stuff, doing the whole chroot thing I don't fully understand (YET), and just changing that user's "shell" to the new program? It seems to me that way would eliminate a lot of the learning curve (and room for noob error and easy cracking). You wouldn't have to do any of the networking stuff yourself, it would be like creating any other command-line app (and assuming you know about things like buffer overflows etc. it's pretty easy to create terminal apps that don't have gaping security holes in them, lol). And if users accessed it with the standard ssh client, your program would be what reads any parameters people might try (like "ssh user@server /bin/bash" or whatever), so it's not like there's an easy way for someone to get around your program into a Bash shell. That, compared with implementing a server "from scratch" (well not really from scratch - using libssh I mean) just sounds so much more error-prone, if you don't know all the intricate nuts and bolts of how SSH is supposed to work under the hood. I'm just kind of curious about your thoughts on the advantages of doing it one way vs. the other. I know C and C++ really well, but apart from some minimal tinkering with the sockets APIs idk much about how to work with SSH (beyond the obvious - I can SSH into servers, create keys and stuff like that - but even the SSH setup I always have to re-research every time lol). Or maybe I'm just overthinking things. :D

Don't get me wrong - I still want to learn to use libssh (I've heard of some cool things people are doing with their own clients... idk why u would necessarily need/want that, but real-time communications over SSH does sound awesome). I'm not trying to say one approach or the other to my specific question is better - I'm just interested in getting your thoughts on the best way to "host" (for lack of a better term) a command-line app over SSH.

Anyway, hope you guys have a nice night (or morning), and looking forward to reading your two cents on the subject. :)

Re: usermod -S /path/to/app vs. custom server program with libsshJakub Jelen <jjelen@xxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org