问题
I want to write an application that would be a custom SSH server with two types of connection:
- A sync channel, where clients type a command and the server would return the output
- An stream channel where the user connects and starts reading the IO, the server publishes data continuously.
I am doing that in Java, I think Apache Mina SSHD in the right tool for that. I managed to write some code for authentication (thanks to resources found on the net) and could run the /bin/sh on my connection so I am all setup I guess. The problem is that from now I am stuck, due to lack of knowledge on how these things works and how Mina works specifically.
Basically I would need to have access to the input and output stream for each SSH connection, after that I can sort out things on my own, buy what's the right way to get that?
Should I make a custom Channel ? A custom Shell ? A custom set of commands ?
Could any one point me to resources on the subject ?
回答1:
I have found the solution:
First you have to implement a Command factory, which is done as follow:
class CommandFactory extends Factory[Command] {
override def create():Command = {
new Command() {
def destroy() {}
def setInputStream(in: InputStream) {}
def setErrorStream(err: OutputStream) {}
def setOutputStream(out: OutputStream) {}
def start(env: Environment) {}
def setExitCallback(callback: ExitCallback) {}
}
}
}
Then you set up your ssh server like that:
sshd.setShellFactory(new CommandFactory())
Of course you can extend the implementation to pass anything you need to the command.
The implementation of the command is where you define the behaviour of your shell.
回答2:
This is a follow-up to my comment posted to the question itself.
To allow a client (client) to access ports on a remote machine (server) directly or through another computer on the same network as the server (gateway) through SSH, you just have to use the -L flag.
From client to server directly (port 8080 on the client's machine will tunnel to 80 on the server):
ssh -L 8080:localhost:80 server
From client to server through a gateway (port 8080 on the client's machine will tunnel to 80 on the server):
ssh -L 8080:server:80 gateway
From the man pages for ssh, here is how you use the -L flag:
-L [bind_address:]port:host:hostport
Specifies that the given port on the local (client) host is to be
forwarded to the given host and port on the remote side. This
works by allocating a socket to listen to port on the local side,
optionally bound to the specified bind_address. Whenever a
connection is made to this port, the connection is forwarded over
the secure channel, and a connection is made to host port
hostport from the remote machine. Port forwardings can also be
specified in the configuration file. IPv6 addresses can be
specified by enclosing the address in square brackets. Only the
superuser can forward privileged ports. By default, the local
port is bound in accordance with the GatewayPorts setting.
However, an explicit bind_address may be used to bind the
connection to a specific address. The bind_address of
``localhost'' indicates that the listening port be bound for
local use only, while an empty address or `*' indicates that the
port should be available from all interfaces.
来源:https://stackoverflow.com/questions/12745539/using-ssh-connection-for-inter-application-communication