Dear all, This is my first post to this group so excuse me if this topic has been solved previously. If I want to shutdown a remote database, I could send a "systemctl stop mariadb" command using ssh. But I wonder if it is possible to update the openssh server to implement a specific handler/callback that catch this message and then call a C/C++ code. In short, is there any interface provided by the openssh server to add new functionality or call a dynamic library that implements this functionality? Thanks in advance, Gorka
The commonly understood "API" to shutdown most UNIX processes cleanly is a SIGTERM, no? On Thu, May 23, 2019 at 7:37 AM Gorka Lendrino Vela < gjlendrino.box at gmail.com> wrote:> Dear all, > > This is my first post to this group so excuse me if this topic has been > solved previously. > > If I want to shutdown a remote database, I could send a "systemctl stop > mariadb" command using ssh. But I wonder if it is possible to update the > openssh server to implement a specific handler/callback that catch this > message and then call a C/C++ code. > > In short, is there any interface provided by the openssh server to add new > functionality or call a dynamic library that implements this functionality? > > Thanks in advance, > Gorka > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >
Shutdown a database is only an example. My question is if there is any interface provided by the openssh server to add new functionality or call a dynamic library that implements this functionality? On Thu, 23 May 2019 at 15:55, Robert Banz <rob at nofocus.org> wrote:> The commonly understood "API" to shutdown most UNIX processes cleanly is a > SIGTERM, no? > > On Thu, May 23, 2019 at 7:37 AM Gorka Lendrino Vela < > gjlendrino.box at gmail.com> wrote: > >> Dear all, >> >> This is my first post to this group so excuse me if this topic has been >> solved previously. >> >> If I want to shutdown a remote database, I could send a "systemctl stop >> mariadb" command using ssh. But I wonder if it is possible to update the >> openssh server to implement a specific handler/callback that catch this >> message and then call a C/C++ code. >> >> In short, is there any interface provided by the openssh server to add new >> functionality or call a dynamic library that implements this >> functionality? >> >> Thanks in advance, >> Gorka >> > _______________________________________________ >> openssh-unix-dev mailing list >> openssh-unix-dev at mindrot.org >> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >> >
Gorka Lendrino Vela wrote:> I wonder if it is possible to update the > openssh server to implement a specific handler/callback that catch this > message and then call a C/C++ code. > > In short, is there any interface provided by the openssh server to add new > functionality or call a dynamic library that implements this functionality?It's an important design goal to keep the sshd process small and simple. So no, there's no interface to dynamically add code, and I doubt there will ever be one. Just create your own program on the server that does what you want and start it from a remote system either with "ssh server yourprogram" or alternatively you can configure the program to be a subsystem[1], in which case you start it using "ssh -s server yourprogram". See "Subsystem" in the sshd man page. //Peter
On 05/23/2019 01:32 PM, Gorka Lendrino Vela wrote:> If I want to shutdown a remote database, I could send a "systemctl stop > mariadb" command using ssh. But I wonder if it is possible to update the > openssh server to implement a specific handler/callback that catch this > message and then call a C/C++ code. > > In short, is there any interface provided by the openssh server to add new > functionality or call a dynamic library that implements this functionality?Do you want that code executed *instead* of the command passed (which suggests that the user knows about the setup and is willing to cooperate as necessary), or *in addition* to it (a la "I want an extra audit trail whenever someone issues that command")? Out of the box, an OpenSSH daemon provides remote access to the target account's shell, and a *very limited* set of other APIs(*). Other software that uses SSH as an underlying transport(**) actually stuffs a command into the remote shell to start the appropriate remote-side listener. (**) That goes from things like rsync all the way down to scp, even though that's a piece of software that *comes with* OpenSSH. (*) Not sure that there's anything *besides* SFTP to list here. Note that that one uses the sshd_config's "Subsystem" config statement as a hook, *maybe* you can work with that, I have no idea what the corresponding API looks like. As an alternative, the remote shell's startup procedures may offer a richer selection of hooks to get software called. (Aliases and RC files as a rather clean option, $PROMPT_COMMAND as a nastier one, PAM if you really want to sell your soul, ...) If you have a code snippet, *and* the user's cooperation, *and* the code can do its job called from the target account as a separate process, then I'ld say that your simplest solution is to slap a main() onto the code, compile it into a new executable, and have the user call *that* as a normal shell command. Regards, -- Jochen Bern Systemingenieur www.binect.de www.facebook.de/binect -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4278 bytes Desc: S/MIME Cryptographic Signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20190523/294417af/attachment.p7s>