Discuss this help topic in SecureBlackbox Forum
SSH: Implement Shell access in the SSH server
TElSSHServer component doesn't come with a built-in shell support. This way, you need to build the shell functionality on top of it in order to allow connecting users access the server-side shell.
First, handle the OnBeforeOpenShell and OnOpenShell events. These events are fired when a connecting user requests a shell channel. The 'Before' event allows you to track the requests at their beginning and allows to reject them. OnOpenShell is a post-factum notification that lets you know that the shell channel has been opened and provides you the working TElSSHTunnelConnection object, which you can use to send data to and from the channel.
Essentially, what you need to do after getting a shell channel is create a local shell (cmd) process and then forward all data that comes through the TElSSHTunnelConnection.OnData event to the STDIN of that process. The other way round, you should capture all data output on STDOUT and STDERR channels of the process and direct it to TElSSHTunnelConnection.SendData() and TElSSHTunnelConnection.SendExtendedData() methods respectively.
As part of SecureBlackbox distribution, we offer a simple handler class that does that job for you (TElShellSSHSubsystemHandler). This class is normally used alongside its companion TElSSHSubsystemThread class to run the shell in a separate thread. A relevant code snippet is below.
C#:
private void SSHServer_OnOpenShell(object Sender, TElSSHTunnelConnection Connection)
{
TElSSHSubsystemThread thread = new TElSSHSubsystemThread(new TElShellSSHSubsystemHandler(Connection, true), Connection, true);
thread.Handler.OnUnsafeOperationStart += new TNotifyEvent(Handler_OnUnsafeOperationStart);
thread.Handler.OnUnsafeOperationEnd += new TNotifyEvent(Handler_OnUnsafeOperationEnd);
thread.Resume();
}
Note that you might need to handle the OnUnsafeOperationStart and OnUnsafeOperationEnd events to help the handler lock access to shared resources. This can be done e.g. in the following way:
C#:
private void Handler_OnUnsafeOperationStart(object Sender)
{
Monitor.Enter(m_lock);
}
private void Handler_OnUnsafeOperationEnd(object Sender)
{
Monitor.Exit(m_lock);
}
Note, that TElSSHSubsystemThread runs under the same account under which the server process is run, and this might impose certain security risk, if the server is run under system account.
If you need better control over the shell and access, or you are looking for more sophisticated/powerful implementation of the shell, you can implement your own shell component and use it instead of TElShellSSHSubsystemHandler.