Menu

Public Chatroom

WHR

SSHOUT is originally designed for private chatrooms; and since it relied on the OpenSSH server from the operating system, it would be hard to accept anoumous logins from outside.
By modifiying OpenSSH server sshd(8), it is possible to overcome this limitation, and create a public chatroom that allowing anyone to join, with the user name they choose.
However public chatroom with SSHOUT is still considered a hack, since replacing sshd(8) is usually risky and may cause other services that depending on SSH to fail.

Demo server

To demonstrate this, we implemented a public chatroom.
The modifications we made to an OpenSSH 6.0p1 server are available in a diff file that can be downloaded from FRS of this project.
The server address is ssh://beijing.rivoreo.one:6666/; you can join it with your OpenSSH client or a similar ssh(1) command by typing:

$ ssh beijing.rivoreo.one -p 6666

The server host keys are:

[beijing.rivoreo.one]:6666 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPWIxWYYw+z9wcgaxDdEgMoM9hMtlYAJiWPXILG2AEmt8+iNgidhg+nWbxnVlxH/KgorAukHeFV4Png2sMXVt7o=
[beijing.rivoreo.one]:6666 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDP05OphKiKUwRfD4OuwJQYKbGX0KodPx7L3vh+oZ1cIu9j55bkOi5hSXatxwLyql7uqcuWVyToHgLTvr5FQBtUYLrNVn7o7pQ+FVJDcB03ksaQBDgcgCWNAIXyS0iEBVF5V8PHKR4aOkYoZGyv1Yj17dfgJbtUMhDfUSMtyBK8iCTu26VGo3GgYhpSOH4Fa46Tf0X0VaBfsROJH0tIHxp1y4o0OBMjZzu3oZmrAnacG35bLocAmtXziBv/f5xR+jj27QvfSFADXuZo6MPSVHs8ckCErhUoaxt/DVGZq7Ns5mWTdxzNfNFC3CqXxCexL3UWiGcziDjYEjVDWkv3/asr

To connect this server from the SSHOUT Qt Client, use following command line to start the client:

$ sshout-qt ssh://$USER@beijing.rivoreo.one:6666/

Change $USER to any other user name if you want.

It is also a good idea for new users to try out featues (or bugs) of SSHOUT in this public chatroom.

Impelmentation details of the customized OpenSSH server

When OpenSSH server (sshd(8)) authenticating a remote user, with their user name didn't exist at local system, sshd(8) will considering this remote user as an invalid user, and assigning an fake user passwd(5) entry to the user, to ensure any futher authentication method to fail. In the modified version, sshd(8) will check for whether this non-existing user name would be allowed to use as a SSHOUT user name, and this name isn't currently registered in SSHOUT user list (managed by sshoutcfg(8) tool); any unacceptable user names will be rejected with 'invalid user' as in original OpenSSH implementation. Accepted public users will be assigned a passwd(5) entry of the local user sshout, with password set to empty and forced command set the their original user name; since the default shell of the local user sshout should be the path of sshoutd(8), such as /usr/lib/sshout/sshoutd, the final command that runs for the user will be /usr/lib/sshout/sshoutd -c <original-user-name>.

If the SSH server has configured to accept empty password logins (set PermitEmptyPassword yes in sshd_config(5)), the accepted public users can be authenticated by the none authentication method directly; but doing that will affecting all local users that not specific to SSHOUT public logins, so it is not recommended. Another modification we mode is to authenticate pubilc SSHOUT users via the keyboard-interactive authentication method; this implementation will only authenticate those public SSHOUT users, that have their original user name different than passwd(5) entry name (that is sshout). It should work, as most SSH2 clients will trying keyboard-interactive before password method.

The released diff file also contains some bug fixes and other features unreleated to SSHOUT.

Related

Wiki: IRC Frontend

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.