Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] How can sshd be turned off and on via a browser on a suse distro?
  • From: Steffen Dettmer <steffen@xxxxxxx>
  • Date: Mon, 3 Dec 2001 20:50:52 +0100
  • Message-id: <20011203205052.C8708@xxxxxxxxx>
* phil wrote on Mon, Dec 03, 2001 at 10:23 -0800:
> I have been trying to figure out how to get sshd to start and stop via a
> browser. If I call rcsshd stop or rcsshd start from a cgi script it won't
> find the keys.

Maybe the environment is wrong? Do you mean the host keys or
what?

> In general I have the cgi script call sshd like so:
>
> if variable = variable
> then
> system rcsshd start
> else
> system rcsshd stop

I miss the sudo call. It's very hard to run apache as root, you
would have to recompile with -DBIG_SECURITY_HOLE (BTW, very cool
define name :)), so are you really sure that ssh gets even
started?!

> 2. the html page for controling sshd can be obscured.
> eg.
> http://somewhere/lkjsfkjsfljsdfh/123987kjghkjhdfgkh/lkjsdflkjsldfkjlskdjf.cgi

I would suggest https: at least...

> 3. an .htaccess can be used to protect the page which the cracker would need
> to know the name and password for.

please note, taht your password would be transmitted in clear,
which could end in a DoS (shutting down SSH), theoretically.

> 5. sshd seems to be starting the same trend as "wu_ftp" and such.

Hum, I don't think so, think most was caused by some myst around
here...

> Need to somehow write a fresh inet.d and HUP it somehow... ?

Well, maybe you can make a inetd.conf.on and inetd.conf.off and
copy on of them to inetd.conf. But wasn't webmin able to
start/stop services? Who knows...

oki,

Steffen

--
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.

< Previous Next >
References