The opening of SSH channels from the server and the client side is possible
using the server_channel
and
client_channel
hashes. These hashes are indexed by the
channel type (e.g.: session
). The available channel types
are listed in the following table.
Name | Value |
---|---|
session | Channels for terminal shells, remote execution requests (e.g.: scp), and SFTP. |
direct-tcpip | Channels for client-to-server forwarded connections. |
forwarded-tcpip | Channels for server-to-client forwarded connections. |
auth-agent | Channels for forwarding authentication agents. |
auth-agent@openssh.com | Channels for forwarding authentication agents, as implemented in OpenSSH. |
x11 | Channels for forwarding graphical interfaces. |
Table 4.56. The list of available channel types.
The possible actions are described in the following table. See also Section 2.1, Policies for requests and responses.
Action | Description |
---|---|
SSH_CHAN_ACCEPT | Accept the request without any modification. |
SSH_CHAN_REJECT | Reject the channel opening request. |
SSH_CHAN_POLICY | Call the function specified to make a decision about the channel opening request. |
SSH_CHAN_ABORT | Reject the channel opening request and terminate the connection. |
Table 4.57. Action codes for SSH channel open requests.
Example 4.35. Enabling and disabling SSH channels |
---|
The following proxy class accepts only terminal session (shell) connections, and rejects all other channel types. class ShellonlySshProxy(SshProxy): def config(self): SshProxy.config(self) self.client_channel["session"] = (SSH_CHAN_ACCEPT) self.client_channel["session-shell"] = (SSH_CHAN_ACCEPT) self.client_request["session-exec"] = (SSH_REQ_REJECT) self.client_request["session-subsystem"] = (SSH_REQ_REJECT) |
© 2021 BalaSys IT Security.
Send your comments to support@balasys.hu