Allow specifying that remote control only works over a socket

docs/changelog.rst

@@ -20,6 +20,10 @@ To update |kitty|, :doc:`follow the instructions <binary>`.
 - Add specialised rendering for a few more box powerline and unicode symbols
   (:pull:`2074` and :pull:`2021`)
 
+- Add a new socket only mode for :opt:`allow_remote_control`. This makes
+  it possible to programs running on the local machine to control kitty
+  but not programs running over ssh.
+
 
 0.14.6 [2019-09-25]
 ---------------------

kitty/boss.py

@@ -121,7 +121,7 @@ class Boss:
         talk_fd = getattr(single_instance, 'socket', None)
         talk_fd = -1 if talk_fd is None else talk_fd.fileno()
         listen_fd = -1
-        if opts.allow_remote_control and args.listen_on:
+        if args.listen_on and (opts.allow_remote_control in ('y', 'socket-only')):
             listen_fd = listen_on(args.listen_on)
         self.child_monitor = ChildMonitor(
             self.on_child_death,
@@ -276,9 +276,9 @@ class Boss:
         self.child_monitor.add_child(window.id, window.child.pid, window.child.child_fd, window.screen)
         self.window_id_map[window.id] = window
 
-    def _handle_remote_command(self, cmd, window=None):
+    def _handle_remote_command(self, cmd, window=None, from_peer=False):
         response = None
-        if self.opts.allow_remote_control or getattr(window, 'allow_remote_control', False):
+        if self.opts.allow_remote_control == 'y' or from_peer or getattr(window, 'allow_remote_control', False):
             try:
                 response = handle_cmd(self, window, cmd)
             except Exception as err:
@@ -287,7 +287,7 @@ class Boss:
                 if not getattr(err, 'hide_traceback', False):
                     response['tb'] = traceback.format_exc()
         else:
-            response = {'ok': False, 'error': 'Remote control is disabled. Add allow_remote_control yes to your kitty.conf'}
+            response = {'ok': False, 'error': 'Remote control is disabled. Add allow_remote_control to your kitty.conf'}
         return response
 
     def peer_message_received(self, msg):
@@ -295,7 +295,7 @@ class Boss:
         cmd_prefix = '\x1bP@kitty-cmd'
         if msg.startswith(cmd_prefix):
             cmd = msg[len(cmd_prefix):-2]
-            response = self._handle_remote_command(cmd)
+            response = self._handle_remote_command(cmd, from_peer=True)
             if response is not None:
                 response = (cmd_prefix + json.dumps(response) + '\x1b\\').encode('utf-8')
             return response

kitty/config_data.py

@@ -826,11 +826,23 @@ Note that setting it to yes means that any background processes still using the
 terminal can fail silently because their stdout/stderr/stdin no longer work.
 '''))
 
-o('allow_remote_control', False, long_text=_('''
+
+def allow_remote_control(x):
+    if x != 'socket-only':
+        x = 'y' if to_bool(x) else 'n'
+    return x
+
+
+o('allow_remote_control', 'no', option_type=allow_remote_control, long_text=_('''
 Allow other programs to control kitty. If you turn this on other programs can
-control all aspects of kitty, including sending text to kitty windows,
+control all aspects of kitty, including sending text to kitty windows, opening
-opening new windows, closing windows, reading the content of windows, etc.
+new windows, closing windows, reading the content of windows, etc.  Note that
-Note that this even works over ssh connections.
+this even works over ssh connections. You can chose to either allow any program
+running within kitty to control it, with :code:`yes` or only programs that
+connect to the socket specified with the :option:`kitty --listen-on` command
+line option, if you use the value :code:`socket-only`. The latter is useful if
+you want to prevent programs running on a remote computer over ssh from
+controlling kitty.
 '''))
 
 o(