Linux Fu: Interactive SSH Applications

[Drew DeVault] recently wrote up some interesting instructions on how to package up interactive text-based Linux commands for users to access via ssh. At first, this seems simple, but there are quite a few nuances to it and [Drew] does a good job of covering them.

One easy way — but not very versatile — is to create a user and make the program you want to run the default shell. The example used is to make /usr/bin/nethack the shell and now people can log in as that user and play nethack. Simple, right? However, there are better ways to get there.

There are a few problems. First,  if the user passes a command line to a program like nethack, things get confused. However, you can add a statement to the .ssh/authorized_keys file that selects a command to run using a real shell upon login. You can set the shell to something simple like /bin/sh or rbash (restricted bash) and use that to launch nethack or the binary of your choice. A restricted shell prevents users from doing things such as changing directories, setting certain environment variables, and more. It offers some level of safety against malicious activity, although perhaps not serious malicious activity.

Just to round out the example, [Drew] shows how he applies these ideas to a real working system. He has a series of Python scripts that work with Sourcehut continuous integration builds.

We love little ssh tools. While we like ssh, if you have an unreliable connection, you might prefer Mosh.

4 thoughts on “Linux Fu: Interactive SSH Applications

  1. I guess I’m missing the point. You can run remotely any application with full graphic (or. not) with xterm over an ssh tunnel. Easy peasy with PuTTy /Xming on windows and simple command line on Linux…

    1. The point to this isn’t so much running applications for yourself. It is exposing a dedicated application to external users. So user can use SSH to log in execute some pre-determined command and it’s done. Obviously, not all commands are created equal so there are security issues etc but that’s kind of the point of the original post.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.