openssh interface

Jochen Bern Jochen.Bern at binect.de
Fri May 24 02:40:59 AEST 2019


On 05/23/2019 01:32 PM, Gorka Lendrino Vela wrote:
> If I want to shutdown a remote database, I could send a "systemctl stop
> mariadb" command using ssh. But I wonder if it is possible to update the
> openssh server to implement a specific handler/callback that catch this
> message and then call a C/C++ code.
> 
> In short, is there any interface provided by the openssh server to add new
> functionality or call a dynamic library that implements this functionality?

Do you want that code executed *instead* of the command passed (which
suggests that the user knows about the setup and is willing to cooperate
as necessary), or *in addition* to it (a la "I want an extra audit trail
whenever someone issues that command")?

Out of the box, an OpenSSH daemon provides remote access to the target
account's shell, and a *very limited* set of other APIs(*). Other
software that uses SSH as an underlying transport(**) actually stuffs a
command into the remote shell to start the appropriate remote-side listener.

(**) That goes from things like rsync all the way down to scp, even
though that's a piece of software that *comes with* OpenSSH.
(*) Not sure that there's anything *besides* SFTP to list here. Note
that that one uses the sshd_config's "Subsystem" config statement as a
hook, *maybe* you can work with that, I have no idea what the
corresponding API looks like.

As an alternative, the remote shell's startup procedures may offer a
richer selection of hooks to get software called. (Aliases and RC files
as a rather clean option, $PROMPT_COMMAND as a nastier one, PAM if you
really want to sell your soul, ...)

If you have a code snippet, *and* the user's cooperation, *and* the code
can do its job called from the target account as a separate process,
then I'ld say that your simplest solution is to slap a main() onto the
code, compile it into a new executable, and have the user call *that* as
a normal shell command.

Regards,
-- 
Jochen Bern
Systemingenieur

www.binect.de
www.facebook.de/binect

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4278 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20190523/294417af/attachment.p7s>


More information about the openssh-unix-dev mailing list