[clug] Wanted: Developer to securely implement a restricted SSH shell
steve jenkin
sjenkin at canb.auug.org.au
Mon Jan 4 03:30:00 MST 2010
[Oops, reply to list]
Nathan O'Sullivan wrote on 4/01/10 6:09 PM:
>> >> The `xm console $DOMAIN` command needs to be run as root.
>> >> Would setuid root on the proposed shell script work?
Do Linux'es allow 'setuid/gid' on shell scripts?
I thought I read somewhere they don't... (in the context of creating
'non-portable' scripts)
I can't see a way around using 'sudo' or similar on Dom0.
Perhaps your request is not so much you want an SSH client (Andrew
Janke's post covers containing ssh-keys), but a way to (securely)
convert simple shell scripts into binaries...
Google for "Industrial-strength Linux lockdown" from IBM DeveloperWorks.
It includes code to modify (Ubuntu) 'dash' to only run an embedded
script. [seems to need registration and login]
The docs are on 'scribd' as well.
<http://www.scribd.com/doc/3499564/Industrialstrength-Linux-lockdown-Part-1-Removing-the-shell>
You might add 'from=local_client' to the SSH-KEY as well
<http://oreilly.com/catalog/sshtdg/chapter/ch08.html>
I stumbled across 'shc' which purports to be a "generic shell script
compiler". Anyone used it or know if it's 'secure'??
<http://www.datsi.fi.upm.es/~frosal/sources/shc.html>
> >
> > Perhaps my off-site posting worked too well - I have a sample naive
> > implementation at the bottom of
> > http://www.mammothmedia.com.au/~nats/restricted-shell-job.txt
> >
> > In my implementation I utilise sudo to restrict the user to being able
> > to run "xm console $DOMAIN" and nothing else.
> >
> > My primary concern is if/how the user might interrupt or otherwise
> > affect the behaviour of this custom login shell - I know I dont know
> > enough about this to say what attacks are out there.
Looking at your web specs, as a client I'd be uneasy about using a CGI
to upload a public SSH key. Even if the key isn't munged in some way,
how do I know that it isn't swapped and someone else is accessing my DomU?
I would use a private key that was emailed to me by you (with PGP?) :-)
Depending on the number of clients you have, is there a way you can
either securely issue them private keys or have them generate a new key
and arrange a physical hand-over (they physically put it in your hand)??
> >
> > Regards
> > Nathan
HTH
s
--
Steve Jenkin, Info Tech, Systems and Design Specialist.
0412 786 915 (+61 412 786 915)
PO Box 48, Kippax ACT 2615, AUSTRALIA
sjenkin at canb.auug.org.au http://members.tip.net.au/~sjenkin
More information about the linux
mailing list