Shelless SSH Server with Twisted
I needed a shelless SSH server that would not honor shell requests or exec commands, because I wanted to provide SFTP access without allowing shell access. I'm only posting this because this may be useful to people - I don't know Twisted very well, and there may be a better way to do it, but this works:
from zope import interface
from twisted.cred import portal
from twisted.python import log
from twisted.conch.avatar import ConchUser
from twisted.conch.ssh import session
class ShelllessSSHRealm:
interface.implements(portal.IRealm)
def requestAvatar(self, avatarID, mind, *interfaces):
user = ShelllessUser()
return interfaces[0], user, user.logout
class ShelllessUser(ConchUser):
"""
A shell-less user that does not answer any global requests.
"""
def __init__(self, root=None):
ConchUser.__init__(self)
self.channelLookup["session"] = ShelllessSession
def logout(self):
pass # nothing to do
class ShelllessSession(session.SSHSession):
name = 'shellessSession'
def __init__(self, *args, **kw):
session.SSHSession.__init__(self, *args, **kw)
def _noshell(self):
if not self.closing:
self.write("This server does not provide shells "
"or allow command execution.\n")
self.loseConnection()
return 0
def request_shell(self, data):
log.msg("shell request rejected")
return self._noshell()
def request_exec(self, data):
log.msg("execution request rejected")
return self._noshell()
def request_pty_req(self, data):
log.msg("pty request rejected")
return self._noshell()
def request_window_change(self, data):
log.msg("window change request rejected")
return 0
I have tests for it and everything - I can post those if someone wants them.
from zope import interface
from twisted.cred import portal
from twisted.python import log
from twisted.conch.avatar import ConchUser
from twisted.conch.ssh import session
class ShelllessSSHRealm:
interface.implements(portal.IRealm)
def requestAvatar(self, avatarID, mind, *interfaces):
user = ShelllessUser()
return interfaces[0], user, user.logout
class ShelllessUser(ConchUser):
"""
A shell-less user that does not answer any global requests.
"""
def __init__(self, root=None):
ConchUser.__init__(self)
self.channelLookup["session"] = ShelllessSession
def logout(self):
pass # nothing to do
class ShelllessSession(session.SSHSession):
name = 'shellessSession'
def __init__(self, *args, **kw):
session.SSHSession.__init__(self, *args, **kw)
def _noshell(self):
if not self.closing:
self.write("This server does not provide shells "
"or allow command execution.\n")
self.loseConnection()
return 0
def request_shell(self, data):
log.msg("shell request rejected")
return self._noshell()
def request_exec(self, data):
log.msg("execution request rejected")
return self._noshell()
def request_pty_req(self, data):
log.msg("pty request rejected")
return self._noshell()
def request_window_change(self, data):
log.msg("window change request rejected")
return 0
I have tests for it and everything - I can post those if someone wants them.