Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

shell/exec example #199

Open
tomqwpl opened this issue Mar 10, 2023 · 7 comments
Open

shell/exec example #199

tomqwpl opened this issue Mar 10, 2023 · 7 comments

Comments

@tomqwpl
Copy link

tomqwpl commented Mar 10, 2023

At first sight, the obvious example that is missing is one that does what you expect SSH todo, to run the command supplied by exec, or to create a shell.
In fact I was sort of expecting that functionality to be built in, rather than being an example.
I can see there is an example that runs a docker command, and an example that runs a fixed command "top" in a pty, but nothing that would do what I would naively expect an ssh server to do by default.

Is the reason one isn't provided that it's more complicated than that, or that one just hasn't been written?

Thanks.

@perbu
Copy link

perbu commented Mar 14, 2023

hi!
I've written quite a few ssh servers and I've never needed to do shell/exec. Doing shell/exec is a security risk. If I'd need to do so I'd probably use OpenSSH instead.

Ssh is a great way to make a terminal app available via the network. It's also a reasonably robust way of forwarding TCP based services. So I guess that is why this exists.

@gustavosbarreto
Copy link
Collaborator

@tomqwpl Is the reason one isn't provided that it's more complicated than that, or that one just hasn't been written?

No, there is no problem with executing commands if it makes sense for your application that serves SSH. You should be responsible for handling authentication yourself to ensure that there are no security implications. There is no example yet because no one has created one.

@perbu Doing shell/exec is a security risk. If I'd need to do so I'd probably use OpenSSH instead.

Doing a shell/exec is not a security risk if you provide a secure authentication method in your application. The intention of this package is not to replace OpenSSH, but if you want to provide the same functionality as OpenSSH, there is no problem with that.

@gustavosbarreto
Copy link
Collaborator

If any of you are looking for how to do authentication using Linux shadow, you can see how we did it in:

  1. https://github.com/shellhub-io/shellhub/tree/master/agent/pkg/osauth
  2. https://github.com/shellhub-io/shellhub/tree/master/agent/pkg/yescrypt

@abakum
Copy link

abakum commented Nov 14, 2023

#214

@CHN-STUDENT
Copy link

CHN-STUDENT commented Mar 28, 2024

@abakum hi abakum, i use yours fork project ssh-combo to test.
Thanks for your code and help. i try to make it work on windows and linux, i use it as webshell as DevOps, and use it test Proxyjump to cross our Multi-level internal network architecture with many network limitation. Because we have many windows and linux server, we need a safety,cross-os,cross-network tools to do them. I think your work will give me good help and advice. Thanks! I need learn more about computer science and coding, i hope get yours and others help.
Thanks!!!

@CHN-STUDENT
Copy link

here my code: https://github.com/CHN-STUDENT/ssh/blob/master/_examples/ssh-combo/main.go i hope get more advice!

@abakum
Copy link

abakum commented Apr 15, 2024

@CHN-STUDENT Hi, look complex example of ssh client and server with certificate autorisation https://github.com/abakum/ngrokSSH

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants