Writing Mantissa SSH Services


Applications can expose terminal-based applications through Mantissa by providing factories to interact with objects providing the twisted.conch.insults.insults.ITerminalTransport interface. These applications are restricted to clients with valid Mantissa credentials and are published over an SSHv2 connection.

This document will explain how an application may plug in to this functionality to offer terminal-based functionality to users.

Readers should familiarize themselves with the following concepts in order to understand all sections of this document:

  • Zope Interfaces
  • Twisted Conch’s Insults
  • Axiom Powerups
  • Mantissa Offerings
  • Mantissa Products
  • Mantissa Port Configuration

Interacting with Mantissa via SSH

A Mantissa server created in the usual way (that is, using axiomatic mantissa ) includes an SSH server. You can use axiomatic port list to find out what port it is listening on (usually it will be 8022). Once you determine the port, connecting to the server is much like connecting to any other SSH server. If you’re using the OpenSSH command line client, you’ll do something like this:

ssh -p 8022 admin@localhost@localhost

admin@localhost@localhost looks a little strange, but it is necessary so that the full username the client uses to log in is admin@localhost , while the host the client connects to is localhost . A future version of Mantissa may allow defaults for the domain part of a username, changing this to just admin@localhost .

Developing Terminal Applications

Applications provide terminal-based functionality by writing a powerup which can create new twisted.conch.insults.insults.ITerminalProtocol for connections made to the server. Connections are first authenticated, then some policy is used to select a particular ITerminalServerFactory to use to create a new ITerminalProtocol provider to interact with the connection. Mantissa includes an implementation of a policy which presents clients with a menu to select from all available ITerminalServerFactory powerups. Potential powerups are presented to the user based on their name attribute, so application authors should try to select a value for this attribute which is descriptive enough for users to make a decision in this context.

Aside from the name attribute, ITerminalServerFactory defines only buildTerminalProtocol . This is similar to the buildProtocol method of a server factory. The returned ITerminalProtocol will be connected to a ITerminalTransport and then may behave in any way which suits the application.


NoOpFactory describes itself with the name attribute as a “no-op example” and returns an instance of twisted.conch.insults.insults.TerminalProtocol from its buildTerminalProtocol method. TerminalProtocol is analogous to twisted.internet.protocol.Protocol - it is a base implementation which ignores all input and creates no output.

If a user store is powered up with NoOpFactory and the site store is configured with an SSH server, that user will be able to connect to the server via SSH, select the “no-op example” , and interact send bytes (which will be ignored) to a TerminalProtocol .


Only password authentication (ie, not key-based authentication) is supported in the current implementation.

The server’s host key is stored in the site store as an attribute of the xmantissa.terminal.SecureShellConfiguration item. There is not yet a friendly user interface for changing it; however, it may be edited directly (for example, using axiomatic browse ).

Table Of Contents

Previous topic

Writing Mantissa AMP Services

This Page