shell/exec example

Question

shell/exec example

tomqwpl opened this issue 2 years ago · 7 comments

At first sight, the obvious example that is missing is one that does what you expect SSH todo, to run the command supplied by exec, or to create a shell.
In fact I was sort of expecting that functionality to be built in, rather than being an example.
I can see there is an example that runs a docker command, and an example that runs a fixed command "top" in a pty, but nothing that would do what I would naively expect an ssh server to do by default.

Is the reason one isn't provided that it's more complicated than that, or that one just hasn't been written?

Thanks.

abakum commented a year ago

#214

Answer 1 · 2023-03-14T20:11:45.000Z

hi!
I've written quite a few ssh servers and I've never needed to do shell/exec. Doing shell/exec is a security risk. If I'd need to do so I'd probably use OpenSSH instead.

Ssh is a great way to make a terminal app available via the network. It's also a reasonably robust way of forwarding TCP based services. So I guess that is why this exists.

Answer 2 · 2023-03-16T00:30:40.000Z

@tomqwpl Is the reason one isn't provided that it's more complicated than that, or that one just hasn't been written?

No, there is no problem with executing commands if it makes sense for your application that serves SSH. You should be responsible for handling authentication yourself to ensure that there are no security implications. There is no example yet because no one has created one.

@perbu Doing shell/exec is a security risk. If I'd need to do so I'd probably use OpenSSH instead.

Doing a shell/exec is not a security risk if you provide a secure authentication method in your application. The intention of this package is not to replace OpenSSH, but if you want to provide the same functionality as OpenSSH, there is no problem with that.

Answer 3 · 2023-03-16T00:35:04.000Z

If any of you are looking for how to do authentication using Linux shadow, you can see how we did it in:

Answer 4 · 2024-03-28T09:55:07.000Z

@abakum hi abakum, i use yours fork project ssh-combo to test.
Thanks for your code and help. i try to make it work on windows and linux, i use it as webshell as DevOps, and use it test Proxyjump to cross our Multi-level internal network architecture with many network limitation. Because we have many windows and linux server, we need a safety,cross-os,cross-network tools to do them. I think your work will give me good help and advice. Thanks! I need learn more about computer science and coding, i hope get yours and others help.
Thanks!!!

Answer 5 · 2024-04-12T09:52:43.000Z

here my code: https://github.com/CHN-STUDENT/ssh/blob/master/_examples/ssh-combo/main.go i hope get more advice!

Answer 6 · 2024-04-15T21:25:40.000Z

@CHN-STUDENT Hi, look complex example of ssh client and server with certificate autorisation https://github.com/abakum/ngrokSSH