<div dir="ltr"><div><div><div><div><div>Hi!<br><br></div>The CLI example in the SSH application must be seen as a hack. We intend to clean it up and <br></div>extend the SSH documentation, when it gets prioritized I can not say. Well anyway your CLI <br>
</div>implementation must take care of SSH exec request as well. You can also look at the ssh_cli.erl module.<br></div>If
I remember correctly there was a bug, before ssh-2.1.7, with regards to
the exec request so that it was not forwarded to CLI process but
rather always interpreted in the erlang shell environment.<br><br></div>Regards Ingela Erlang/OTP team - Ericsson AB<br><br><div class="gmail_extra"><br><div class="gmail_quote">2013/12/7 OvermindDL1 <span dir="ltr"><<a href="mailto:overminddl1@gmail.com" target="_blank">overminddl1@gmail.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Greetings,<br>
<br>
I am attempting to just create an SSH shell to connect to a system by<br>
users so they can do commands without the web interface, and as such I<br>
certainly do not want things like port forwarding or being able to run<br>
arbitrary erlang code, however I do not seem to be able to disable<br>
running arbitrary erlang code. An example of the ssh_sample_cli<br>
included with erlang:<br>
"""<br>
$ erl<br>
Erlang R16B02 (erts-5.10.3) [source] [64-bit] [smp:8:8]<br>
[async-threads:10] [hipe] [kernel-poll:false]<br>
<br>
Eshell V5.10.3 (abort with ^G)<br>
1> c(ssh_sample_cli).<br>
ssh_sample_cli.erl:146: Warning: this expression will fail with a<br>
'badarith' exception<br>
{ok,ssh_sample_cli}<br>
2> B=ssh_sample_cli:listen(8323, [{subsystems, []}]).<br>
{ok,<0.67.0>}<br>
"""<br>
<br>
And from another shell/computer:<br>
"""<br>
$ ssh -p 8321 to.the.host<br>
myusername@to.the.host's password:<br>
Enter command<br>
CLI> help<br>
CLI Sample<br>
crash crash the cli<br>
exit exit application<br>
factors <int> prime factors of <int><br>
gcd <int> <int> greatest common divisor<br>
help help text<br>
host print host addr<br>
lcm <int> <int> least common multiplier<br>
prime <int> check for primality<br>
primes <int> print all primes up to <int><br>
rho <int> prime factors using rho's alg.<br>
self print my pid<br>
user print name of user<br>
<br>
---> ok<br>
CLI> exit<br>
---> done<br>
Connection to to.the.host closed.<br>
"""<br>
<br>
So far so good (the main program where I have this implemented has a<br>
well running shell of its own), but lets try a couple other things:<br>
"""<br>
$ sftp -P 8321 to.the.host<br>
myusername@to.the.host's password:<br>
subsystem request failed on channel 0<br>
Connection closed<br>
"""<br>
<br>
Also good, no file transfers can be done since the option subsystem is<br>
set to [], but notice:<br>
"""<br>
$ ssh -p 8323 to.the.host 'lists:reverse("!?ti pots I od woh dna ereh<br>
gnineppah si tahw woN").'<br>
myusername@to.the.host's password:<br>
"Now what is happening here and how do I stop it?!"<br>
"""<br>
<br>
So... I can still run arbitrary erlang commands, how do I stop this?<br>
Unable to find an option to pass in or anything through a quick code<br>
perusal to no avail. Help?<br>
_______________________________________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org" target="_blank">erlang-questions@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
</blockquote></div><br></div></div>