doupu9251
doupu9251
2016-02-04 23:17
浏览 28
已采纳

如何在不使用Shell命令的情况下通过SSH以编程方式修改文件?

I'm writing a tool which, among other things, needs to be able to modify files over an SSH connection. However, I don't want to have to invoke CLI tools on the remote server due to security concerns (TL;DR: string escaping is really hard). How can I do this with either (a) the ssh command-line tool (invoked locally) or, (b), the golang.org/x/crypto/ssh/* packages?

EDIT: Sorry, I forgot to mention. I need to be able to do this all within a single session. On some clients, the server being connected to is behind a load balancer, so if I make multiple invocations, I might end up connecting to different servers.

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

3条回答 默认 最新

  • dozya46004
    dozya46004 2016-02-04 23:45
    已采纳

    Establish a master connection with ssh that you keep alive. Then you can download the file to your localhost, modify it and upload it again using scp while tunneling through the master connection.

    See https://unix.stackexchange.com/a/2869

    点赞 评论
  • duanduo3712
    duanduo3712 2016-02-04 23:34

    I am not sure how you plan on doing that. SSH is a very strict protocol which allows you to do specific things: file transfer and terminal connection.

    You can see here the features different ssh servers have: https://en.wikipedia.org/wiki/Comparison_of_SSH_servers#Features

    But SSH is just a protocol: a set of commands the SSH server (as opposed to the SSH client, which would be your go program) will understand.

    If you want to do specific actions, I recommend you to build your own server, that you secure using encryption technologies such as SSL or TLS, to which your client will connect.

    PS: This question is not really Go-related, but more SSH related, as it works the same for any language.

    点赞 评论
  • doudie2693
    doudie2693 2016-02-05 00:22

    The most portable way to manipulate files through SSH is to use the SFTP protocol. SFTP is mostly used to transfer files, but it's really a remote filesystem protocol. It has operations to do all of the following on the remote system:

    • Create, delete, and rename files
    • Open files for reading or writing; read and write blocks of data within a file.
    • List directory contents
    • Read and change file attributes

    SFTP exposes a POSIX (unix-like) naming scheme. The file separator is a "/" and absolute paths start with "/". File attributes also follow the POSIX model.

    点赞 评论

相关推荐