pyXMLRPCssh : HowItWorks

HomePage :: Categories :: PageIndex :: RecentChanges :: RecentlyCommented :: Login/Register

How it works

  1. The client initiates a SSH connection request to the server (using the Paramiko SSH2 library), to execute a command to start the XMLRPC server.
  2. The XMLRPC server starts on a random TCP port >1024, generates a random "secret" number and passes these back to the client via stdout (back over the encrypted SSH connection).
  3. The client then starts a SSH2 tunnel to the servers port.
  4. The client then starts the xmlrpc client connecting to the local side of the tunnel (again random port >1024).
  5. The client then calls the server method (over XMLRPC) "ChallengeMe()" to ask the server to start client re-authentication.
  6. The server responds with a new random number as the challenge.
  7. The client creates a MD5 hash of the combination of the original "secret" random number and the new "challenge" random number and then passes this back to the server in an "Authenticate()" method call.
  8. The server responds either "OK" for "FAIL".
  9. If Authenticate() was OK, then the XMLRPC server is available and an object referencing this is passed to the caller...
  10. All method calls pass the generated hash, invisibly to the calling and called application. So each XMLRPC method call/request is effectively re-authenticated.

There are no comments on this page. [Add comment]

Valid XHTML 1.0 Transitional :: Valid CSS :: Powered by WikkaWiki
Get pyXMLRPCssh at Fast, secure and Free Open Source software downloads
Page was generated in 0.0281 seconds