The opening of SSH channels from the server and the client side is possible
using the server_channel and
client_channel hashes. These hashes are indexed by the
channel type (e.g.: session). The available channel types
are listed in the following table.
| Name | Value |
|---|---|
| session | Channels for terminal shells, remote execution requests (e.g.: scp), and SFTP. |
| direct-tcpip | Channels for client-to-server forwarded connections. |
| forwarded-tcpip | Channels for server-to-client forwarded connections. |
| auth-agent | Channels for forwarding authentication agents. |
| auth-agent@openssh.com | Channels for forwarding authentication agents, as implemented in OpenSSH. |
| x11 | Channels for forwarding graphical interfaces. |
Table 4.56. The list of available channel types.
The possible actions are described in the following table. See also Section 2.1, Policies for requests and responses.
| Action | Description |
|---|---|
| SSH_CHAN_ACCEPT | Accept the request without any modification. |
| SSH_CHAN_REJECT | Reject the channel opening request. |
| SSH_CHAN_POLICY | Call the function specified to make a decision about the channel opening request. |
| SSH_CHAN_ABORT | Reject the channel opening request and terminate the connection. |
Table 4.57. Action codes for SSH channel open requests.
| Example 4.35. Enabling and disabling SSH channels |
|---|
|
The following proxy class accepts only terminal session (shell) connections, and rejects all other channel types. class ShellonlySshProxy(SshProxy):
def config(self):
SshProxy.config(self)
self.client_channel["session"] = (SSH_CHAN_ACCEPT)
self.client_channel["session-shell"] = (SSH_CHAN_ACCEPT)
self.client_request["session-exec"] = (SSH_REQ_REJECT)
self.client_request["session-subsystem"] = (SSH_REQ_REJECT)
|
Copyright: © 2021 Balasys IT Security
Send your comments to support@balasys.hu
