Can we use self SSH server ? - SSH

This is a discussion on Can we use self SSH server ? - SSH ; Hi I would like to use my own SSH server CLI shell on some embedded device, is it possible that I use security of OpenSSL but my own CLI ? If it is possible , how do I modify inetd.conf( ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: Can we use self SSH server ?

  1. Can we use self SSH server ?

    Hi

    I would like to use my own SSH server CLI shell on some embedded
    device, is it possible that I use
    security of OpenSSL but my own CLI ?

    If it is possible , how do I modify inetd.conf( or xinetd.conf) and
    sshd_config ? Should I modify OpenSSH source code ?


    Thank you .


  2. Re: Can we use self SSH server ?

    On 2007-10-13, kid1972tw@yahoo.com.tw wrote:
    > I would like to use my own SSH server CLI shell on some embedded
    > device, is it possible that I use
    > security of OpenSSL but my own CLI ?


    Yes, but follow the licences; which for OpenSSL is dual-licence in BSD style.

    > If it is possible , how do I modify inetd.conf( or xinetd.conf) and
    > sshd_config ? Should I modify OpenSSH source code ?


    I haven't looked at this in detail but it may help.
    http://marc.info/?l=openbsd-misc&m=96282707812765&w=2

    --
    Elvis Notargiacomo master AT barefaced DOT cheek
    http://www.notatla.org.uk/goen/

  3. Re: Can we use self SSH server ?

    In article <1192257402.771360.89120@q3g2000prf.googlegroups.co m>
    kid1972tw@yahoo.com.tw writes:
    >
    >I would like to use my own SSH server CLI shell on some embedded
    >device, is it possible that I use
    > security of OpenSSL but my own CLI ?


    Sshd normally just runs the user's login shell, per /etc/passwd. If your
    embedded device is Unix-based (and it sounds so), it's just a matter of
    having a custom shell (which then works also for e.g. console login).

    --Per Hedeland
    per@hedeland.org

  4. Re: Can we use self SSH server ?

    On 10 13 , 9 02 , p...@hedeland.org (Per Hedeland) wrote:
    > In article <1192257402.771360.89...@q3g2000prf.googlegroups.co m>
    >
    > kid197...@yahoo.com.tw writes:
    >
    > >I would like to use my own SSH server CLI shell on some embedded
    > >device, is it possible that I use
    > > security of OpenSSL but my own CLI ?

    >
    > Sshd normally just runs the user's login shell, per /etc/passwd. If your
    > embedded device is Unix-based (and it sounds so), it's just a matter of
    > having a custom shell (which then works also for e.g. console login).
    >
    > --Per Hedeland
    > p...@hedeland.org



    Hi

    If I change root login shell , how can I change it back ?

    And if my own CLI would like to use other shell's commands , can 2
    shell co-work , should I handle their system call to kernel myself ?

    Thanks very much



  5. Re: Can we use self SSH server ?

    In article <1192301387.389497.167920@i38g2000prf.googlegroups. com>
    kid1972tw@yahoo.com.tw writes:
    >
    >If I change root login shell , how can I change it back ?


    Boot single-user. But the "custom CLI" users of your embedded system
    probably shouldn't log in as "root" anyway (you can of course have other
    users with uid 0 if you need to).

    >And if my own CLI would like to use other shell's commands , can 2
    >shell co-work , should I handle their system call to kernel myself ?


    Well, if you don't know how "your own CLI" should work, I guess you have
    some work ahead of you. This is not the place to discuss that though, it
    has nothing to do with SSH, nor can SSH magically fix things for you
    even if you modify the source. You could possibly use the "subsystem"
    feature of SSH to start some other program than the user's login shell,
    but I don't think it would go down well the user's of your device to
    have to do something other than a "plain login".

    --Per Hedeland
    per@hedeland.org




  6. Re: Can we use self SSH server ?

    On 10 14 , 7 26 , p...@hedeland.org (Per Hedeland) wrote:

    > Well, if you don't know how "your own CLI" should work, I guess you have
    > some work ahead of you. This is not the place to discuss that though, it
    > has nothing to do with SSH, nor can SSH magically fix things for you
    > even if you modify the source. You could possibly use the "subsystem"
    > feature of SSH to start some other program than the user's login shell,
    > but I don't think it would go down well the user's of your device to
    > have to do something other than a "plain login".
    > --Per Hedeland
    > p...@hedeland.org


    Hi

    I've tried to use system command in my own CLI when I use it for login
    shell , this way works very well .

    thank for your great help :-))







  7. Re: Can we use self SSH server ?

    In article <1192339961.539633.107140@y27g2000pre.googlegroups. com>
    kid1972tw@yahoo.com.tw writes:
    >On 10 14 , 7 26 , p...@hedeland.org (Per Hedeland) wrote:
    >
    >> Well, if you don't know how "your own CLI" should work, I guess you have
    >> some work ahead of you. This is not the place to discuss that though, it
    >> has nothing to do with SSH, nor can SSH magically fix things for you
    >> even if you modify the source. You could possibly use the "subsystem"
    >> feature of SSH to start some other program than the user's login shell,
    >> but I don't think it would go down well the user's of your device to
    >> have to do something other than a "plain login".


    >I've tried to use system command in my own CLI when I use it for login
    >shell , this way works very well .


    Well, still not related to SSH but at least to security: If you want to
    restrict what users can do in your CLI, you need to be very careful
    about what you pass to system(), since it's given directly to /bin/sh.
    E.g. if you pass arguments that have been entered in the CLI without
    checking for shell metacharacters etc, the CLI user can run whatever
    command he wants. A safer approach is to run those "shell commands"
    yourself via fork()/exec*().

    --Per Hedeland
    per@hedeland.org

+ Reply to Thread