AW: [suse-security] Windows commands for linux internet
quick-n-dirty solution: plink.exe (ssh-client for windows command line) http://the.earth.li/~sgtatham/putty/latest/x86/plink.exe c:\plink.exe root@LinuxBox -p <root-pw> <dialin-command> the problem is that the root-password is stored in the link on the 9x-desktop :( for disconnect from internet use <disconnect-command> instead of <dialin-command> -----Ursprungliche Nachricht----- Von: l.g.e@web.de [mailto:l.g.e@web.de] Gesendet: Montag, 12. Mai 2003 16:30 An: suse-security@suse.com Betreff: Re: [suse-security] Windows commands for linux internet Chris Bek schrieb:
[...] The main user of the network wants to have 2 icons on his desktop = (Win9X) such that: By double clicking the first one, the LinuxBox dials-in the internet and the 2nd logs him out.
Any good ideas about this??
port cinternet / kinternet to win 9X :) sources in smpppd-*.src.rpm ["SuSE meta ppp deamon"] simple protocoll, should be very easy to implement/port. maybe it is already ported, or runs within cygwin. otherwise, if you want, I'd port it for you, contact me privatly. Lars -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
On Mon, May 12, 2003 at 04:54:57PM +0200, Manfred Pausch wrote:
quick-n-dirty solution: plink.exe (ssh-client for windows command line) http://the.earth.li/~sgtatham/putty/latest/x86/plink.exe
c:\plink.exe root@LinuxBox -p <root-pw> <dialin-command>
the problem is that the root-password is stored in the link on the 9x-desktop :(
for disconnect from internet use <disconnect-command> instead of <dialin-command>
if you use smpppd, dialin-command is "/usr/sbin/cinternet --start", hup-command "/usr/sbin/cinternet --stop". no need for special privileges. (maybe needs to be member in dialout). could restrict this further with forced command in "~/authorized keys" ... or two [possibly zero passwd] users named "dialout" and "hangup" with a minimal wrapper login "shell" that just executes the required command. or ... reimplementing the wheel ... timtowtdi :) Lars
On Mon, 12 May 2003, Manfred Pausch wrote:
quick-n-dirty solution: plink.exe (ssh-client for windows command line) http://the.earth.li/~sgtatham/putty/latest/x86/plink.exe
c:\plink.exe root@LinuxBox -p <root-pw> <dialin-command>
the problem is that the root-password is stored in the link on the 9x-desktop :(
Recent versions of putty (and I assume that means recent versions of plink) will work with RSA or DSA public keys. This means you don't have to store the password in the icon. Just make a key pair with a null passphrase (or a real one if your prefer) and upload the public key to the GNU/Linux box (instructions for this are distributed with putty as its easy but not obvious.) Also don't use the root account. Use an unprivileged account that can run wvdial (or cinternet or whatever command you prefer.) Configure the ssh public key to only run that command. The server will be a little less vulnerable when the 9X box gets backdoored.
for disconnect from internet use <disconnect-command> instead of <dialin-command>
The main user of the network wants to have 2 icons on his desktop = (Win9X) such that: By double clicking the first one, the LinuxBox dials-in the internet and the 2nd logs him out.
Any good ideas about this??
participants (3)
-
dproc@dol.net
-
Lars Ellenberg
-
Manfred Pausch