Hi,
An online text-based application written in Lua, running on a Linux system... That is, a client can use a terminal emulator like PuTTY, or the Linux 'telnet' command, to connect to the application. I use the Copas module, which is very easy to do with little code.
My challenge is this. Connections to my application are in plain-text. Is it possible to use encrypted connections for security, using widely spread clients like PuTTY and the 'ssh' command? I'm not aiming to create my own specific client application.
A while ago I tried a solution similar to this. As far as I know, a Lua SSH module doesn't exist, and it might even be an impossible concept, because SSH is a daemon and is only used to log in to a shell. So I tried this approach: client logs in to my Linux system using SSH, the shell has a script that starts the Lua application automatically, and logs off the user when he/she is finished. To be honest I didn't use SSH, but I used the Telnet daemon, same principle. It worked, but it has too many disadvantages:
- Clients need usernames on my system. In the past, when DEC and IBM were large, this was the usual way of doing it: just connect to a shell and then log into the application. This is redundant. I'd like my application to be the only one to handle logins and administer user accounts.
- Every client connects to the system's SSH daemon, which I prefer to use privately. I could have started a separate SSH daemon (I read some tutorials, it is possible) for the application, using a different TCP port, but then I should configure each daemon to allow/disallow users. This way, the redundancy of user administration even expands.
- Every client starts a separate instance of the application and the Lua interpreter as a system thread. I assume this is memory-consuming. Besides that, every instance uses its own namespace, and that requires a different application design approach than using Copas. Not only is using coroutines just nice and easy, but if used carefully it also prevents situations in which several coroutines are writing to the same file/database simultaneously and thus corrupting stored data.
- A user may press Ctrl-C to end the application/interpreter. Although a shell should work like this, it's not desirable. A user may eventually also be able to terminate the shell script itself (as far as I remember, when I tested it this was indeed the case) and browse the file system, peek inside the application's source file(s) and its database/datafile. As the application is started with the client's user+group, this implies that not only the application has (needs!) read-write rights to the database/file, but the shell user has them too (keep out!). Also mind that TCP port forwarding should be switched off in the SSH daemon's configuration, to prevent a user to browse the system more conveniently, or even: browse the LAN, and use the internet using my IP address.
- Several non-standard adjustments need to be made to the Linux configuration. So, the application's portability is in danger. Running the application on Windows isn't simply done by copying the application files from one system to another. It's impossible. MinGW or Cygwin might help, but that's not the portability I meant. VirtualBox might also help, but however very usable as a backup production system, it is still no portability, and in this case it would be like buying a car not to ride it but only to listen to its audio system. However, portability is not my greatest concern.
I might have overlooked some solutions to these disadvantages, or I might have even missed a completely different approach. I can't imagine I'm the first person on this planet that came up with the idea of creating a server program in Lua that uses SSH, or a similar widespread encryption. :-)
Have a nice day,
--
Paco Willers <
paco.willers@gmail.com>
