[erlang-questions] scp subsystem

Stefan Jahn stefan@REDACTED
Thu Mar 28 13:04:48 CET 2013


Hello Ingela,

after some experimentation I have an almost completed scpd server
implementattion at hand.

Some issues still remain:

1) for privileged ports for ssh:daemon() I suggest to have a callback
   to the ssh options to obtain listen() handle from e.g. fd_server.
   What do you think?

2) save path handling (resolve symlinks); I leave this out, because
   I've seen in sftpd implementation similar thing.  Probably we should
   share functions across scpd and sftpd?

3) fine grained file permissions per user base: r/w for list of
   directories, I leave it out for now, because not necessery so far
   for my own purposes

4) ssh channel flushing/eof/close on the last transferred file in
   source mode of the scpd server.  needs some more investigations...
   that why I wrote the "scp eow" topic on the list.

1) until 3) is not that big problem, but 4) need to be solved.  After
that I would be happy to contribute if you are interested...

What do you think?

BR, Stefan.

On Tue, March 19, 2013 3:04 pm, Ingela Andin wrote:
> Hello again,
>
> If you do a general scp client/server implementation you should
> consider contributing it.
> We would be interested.
>
> Regards Ingela Erlang/OTP team - Ericsson AB
>
> 2013/3/19, Ingela Andin <ingela.andin@REDACTED>:
>> Hi!
>>
>> 2013/3/19, Stefan Jahn <stefan@REDACTED>:
>>> dear erlang'ers,
>>>
>>> after reading some documentation on ssh otp system I ended up with:
>>>
>>>     ssh:daemon({0,0,0,0}, 45678, [{pwdfun, fun auth/2},
>>> %% create server keys:
>>> %% ssh-keygen -f /tmp/ssh/ssh_host_rsa_key -N '' -t rsa
>>> %% ssh-keygen -f /tmp/ssh/ssh_host_dsa_key -N '' -t dsa
>>> 				  {system_dir, "/tmp/ssh"},
>>> 				  {user_dir, "/tmp/ssh"},
>>> %				  {ssh_cli,{ssh_cli, {ssh_scpd, []}}},
>>> 				  {auth_methods, "keyboard-interactive,password"},
>>> 				  {subsystems, [
>>> 						ssh_scpd:subsystem_spec([])
>>> %						ssh_sftpd:subsystem_spec([{vsn, 3}])
>>> 					       ]}]).
>>>
>>> whereas the ssh_scpd module is base on the ssh_sftpd module from otp,
>>> i.e.
>>>
>>> -module(ssh_scpd).
>>> %-behaviour(ssh_daemon_channel).
>>> -behaviour(ssh_channel).
>>>
>>> -define(UINT32(X), X:32/unsigned-big-integer).
>>>
>>> %% External exports
>>> -export([subsystem_spec/1]).
>>>
>>> %% Callbacks
>>> -export([init/1, handle_ssh_msg/2, handle_msg/2, terminate/2,
>>> code_change/3]).
>>>
>>> implementing the callbacks similar to what we have in ssh_sftpd...
>>>
>>> now, when I start
>>>
>>> $ scp -P 45678 README ssh@REDACTED:README
>>>
>>> authentification works fine as implemented in auth/2, but somehow
>>> the ssh channel behaviour is not used at all.
>>>
>>> ssh@REDACTED's password:
>>> {error,{1,erl_parse,["syntax error before: ",[]]}}
>>> $ Received disconnect from 127.0.0.1: 11: Application shutdown
>>>
>>> It seems like scp commands are send into the standard erlang shell
>>> (which
>>> I did not specify) and not into the channel.
>>>
>>> I am using R15B2.
>>>
>>> Could please someone help out here and give me some hint where to
>>> proceed reading?
>>>
>>> Also an abstract description of the difference between the purposes of
>>> ssh_cli and subsystems options would be appriciated.
>>
>> ssh_cli is to customize the shell I do not think you want to use
>> ssh_cli at all. You should write your scp-deamon as subsystem and then
>> use an existing scp client to connect to it or
>> write your own erlang client that opens an ssh connection, requests
>> the ssh-scp subsystem and then sends scp commands on the channel along
>> the lines;
>>
>> ssh:connect ...
>> ssh_connection:session_channel...
>> ssh_connection:subsystem...
>> ssh_connection:send...
>>
>> The client can use the ssh_channel behavior.
>>
>> Regards Ingela Erlang/OTP team Ericsson AB
>>
>





More information about the erlang-questions mailing list