mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-07-15 01:57:40 -05:00
New protocol: PROT_SSHCONN, bare ssh-connection.
This is the same protocol that PuTTY's connection sharing has been using for years, to communicate between the downstream and upstream PuTTYs. I'm now promoting it to be a first-class member of the protocols list: if you have a server for it, you can select it in the GUI or on the command line, and write out a saved session that specifies it. This would be completely insecure if you used it as an ordinary network protocol, of course. Not only is it non-cryptographic and wide open to eavesdropping and hijacking, but it's not even _authenticated_ - it begins after the userauth phase of SSH. So there isn't even the mild security theatre of entering an easy-to-eavesdrop password, as there is with, say, Telnet. However, that's not what I want to use it for. My aim is to use it for various specialist and niche purposes, all of which involve speaking it over an 8-bit-clean data channel that is already set up, secured and authenticated by other methods. There are lots of examples of such channels: - a userv(1) invocation - the console of a UML kernel - the stdio channels into other kinds of container, such as Docker - the 'adb shell' channel (although it seems quite hard to run a custom binary at the far end of that) - a pair of pipes between PuTTY and a Cygwin helper process - and so on. So this protocol is intended as a convenient way to get a client at one end of any those to run a shell session at the other end. Unlike other approaches, it will give you all the SSH-flavoured amenities you're already used to, like forwarding your SSH agent into the container, or forwarding selected network ports in or out of it, or letting it open a window on your X server, or doing SCP/SFTP style file transfer. Of course another way to get all those amenities would be to run an ordinary SSH server over the same channel - but this approach avoids having to manage a phony password or authentication key, or taking up your CPU time with pointless crypto.
This commit is contained in:
Simon Tatham
33
ssh.c
33
ssh.c
@ -311,8 +311,8 @@ static void ssh_got_ssh_version(struct ssh_version_receiver *rcv,
|
||||
ssh_connect_bpp(ssh);
|
||||
|
||||
connection_layer = ssh2_connection_new(
|
||||
ssh, NULL, false, ssh->conf, ssh_verstring_get_remote(old_bpp),
|
||||
&ssh->cl);
|
||||
ssh, ssh->connshare, false, ssh->conf,
|
||||
ssh_verstring_get_remote(old_bpp), &ssh->cl);
|
||||
ssh_connect_ppl(ssh, connection_layer);
|
||||
ssh->base_layer = connection_layer;
|
||||
}
|
||||
@ -861,6 +861,11 @@ static void ssh_cache_conf_values(Ssh *ssh)
|
||||
ssh->pls.omit_data = conf_get_bool(ssh->conf, CONF_logomitdata);
|
||||
}
|
||||
|
||||
bool ssh_is_bare(Ssh *ssh)
|
||||
{
|
||||
return ssh->backend.vt->protocol == PROT_SSHCONN;
|
||||
}
|
||||
|
||||
/*
|
||||
* Called to set up the connection.
|
||||
*
|
||||
@ -894,6 +899,8 @@ static const char *ssh_init(const BackendVtable *vt, Seat *seat,
|
||||
ssh->backend.vt = vt;
|
||||
*backend_handle = &ssh->backend;
|
||||
|
||||
ssh->bare_connection = (vt->protocol == PROT_SSHCONN);
|
||||
|
||||
ssh->seat = seat;
|
||||
ssh->cl_dummy.logctx = ssh->logctx = logctx;
|
||||
|
||||
@ -1194,3 +1201,25 @@ const struct BackendVtable ssh_backend = {
|
||||
PROT_SSH,
|
||||
22
|
||||
};
|
||||
|
||||
const struct BackendVtable sshconn_backend = {
|
||||
ssh_init,
|
||||
ssh_free,
|
||||
ssh_reconfig,
|
||||
ssh_send,
|
||||
ssh_sendbuffer,
|
||||
ssh_size,
|
||||
ssh_special,
|
||||
ssh_get_specials,
|
||||
ssh_connected,
|
||||
ssh_return_exitcode,
|
||||
ssh_sendok,
|
||||
ssh_ldisc,
|
||||
ssh_provide_ldisc,
|
||||
ssh_unthrottle,
|
||||
ssh_cfg_info,
|
||||
ssh_test_for_upstream,
|
||||
"ssh-connection", "Bare ssh-connection",
|
||||
PROT_SSHCONN,
|
||||
0
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user