On 05/23/2019 01:32 PM, Gorka Lendrino Vela wrote: > If I want to shutdown a remote database, I could send a "systemctl stop > mariadb" command using ssh. But I wonder if it is possible to update the > openssh server to implement a specific handler/callback that catch this > message and then call a C/C++ code. > > In short, is there any interface provided by the openssh server to add new > functionality or call a dynamic library that implements this functionality? Do you want that code executed *instead* of the command passed (which suggests that the user knows about the setup and is willing to cooperate as necessary), or *in addition* to it (a la "I want an extra audit trail whenever someone issues that command")? Out of the box, an OpenSSH daemon provides remote access to the target account's shell, and a *very limited* set of other APIs(*). Other software that uses SSH as an underlying transport(**) actually stuffs a command into the remote shell to start the appropriate remote-side listener. (**) That goes from things like rsync all the way down to scp, even though that's a piece of software that *comes with* OpenSSH. (*) Not sure that there's anything *besides* SFTP to list here. Note that that one uses the sshd_config's "Subsystem" config statement as a hook, *maybe* you can work with that, I have no idea what the corresponding API looks like. As an alternative, the remote shell's startup procedures may offer a richer selection of hooks to get software called. (Aliases and RC files as a rather clean option, $PROMPT_COMMAND as a nastier one, PAM if you really want to sell your soul, ...) If you have a code snippet, *and* the user's cooperation, *and* the code can do its job called from the target account as a separate process, then I'ld say that your simplest solution is to slap a main() onto the code, compile it into a new executable, and have the user call *that* as a normal shell command. Regards, -- Jochen Bern Systemingenieur www.binect.de www.facebook.de/binect
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
