Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number
 
PerlMonks  

secure remote command

by melguin (Pilgrim)
on Apr 17, 2003 at 03:59 UTC ( [id://251123]=perlquestion: print w/replies, xml ) Need Help??

melguin has asked for the wisdom of the Perl Monks concerning the following question:

I have several boxes at home on one dialup connection to share. So I have set up a Linux box with Masqurading, etc so all can have access to the Internet at the same time (it crawls, but slow is better than none). My problem is that in order to connect, I need to ssh in to the gateway and then dialup. However, this becomes a pain after a while.

At one of my early tech jobs, we had a remote site that had everyone on a LAN with a Linux box dialing up two ISDN lines. The admins who set it up created a program that anyone could run (I think it worked through http) that told the server to dial up. I really like that idea but have no idea where to start.

Everything else I can visualize how to do except the actual talking of each client to the gateway. What areas should I research/look into to find out how to do this? Or perhaps someone has already done something similar and could share their insights.

Also, I would like this to be fairly secure (i.e. no rsh, etc.)

Many thanks.

Replies are listed 'Best First'.
Re: secure remote command
by zengargoyle (Deacon) on Apr 17, 2003 at 05:48 UTC

    security is pointless in this case i think. everybody on the local side should be able to dial-up, it's impossible if you're not already dialed up for someone from the outside to tell it to dail-up....

    untested, but i would probably just try something like:

    
# /etc/services
dialup   12345/tcp     # dialup
dialdown 12346/tcp     # dialdown

# /etc/inetd.conf
dialup stream tcp nowait username /etc/init.d/dialup start
dialdown stream tcp nowait username /etc/init.d/dialup stop

    [download]

    then if you add the services to the client machines you can just 'telnet server dialup' to start the connection and 'telnet server dialdown' to stop it.

    for more perlish solution look at Net::Server or maybe the RPC or SOAP

    it's also likely that you could configure the dialup server to automagically dial on demand. and not have to bother with anything else.

[reply]
[d/l]
Re: secure remote command
by robartes (Priest) on Apr 17, 2003 at 07:18 UTC
    For a different angle on this, have look at diald for doing a dial-on-demand setup on the gateway. Using this, you can have the gateway automatically open the connection based on packets going through.

    CU
    Robartes-

[reply]
Re: secure remote command
by hawtin (Prior) on Apr 17, 2003 at 08:23 UTC

    I would suggest that the first thing you do is to look at running an "on-demand" ppp connection. This will do the dialing for you whenever a machine on the internal network has a valid connection to the outside world. You can define your firewall rules to select which machines are allowed the connect (and even at what times).

    By running your firewall machine as a gateway (i.e. with Windows clients you want the firewall to be a DHCP server) you can minimise the fiddling you need to do on the clients.

    There are lots of books on doing this type of thing, and the HOWTOs are also worth reading.

    If your ISP supports it you can set up your firewall machine as a DNS, mail and news server as well (in fact you can spend hours messing with it).

    If you want some level of control from the clients you could, for example, set up a web server (only for the internal network of course) that uses CGI (in Perl naturally) to control the PPP connection.

[reply]
      You mean makes a valid request to the outside world. How can you have a connection if you're not connected ;)

      MJD says you can't just make shit up and expect the computer to know what you mean, retardo!
      I run a Win32 PPM repository for perl 5.6x+5.8x. I take requests.
      ** The Third rule of perl club is a statement of fact: pod is sexy.

[reply]

        The way that I run dial-on-demand ppp it appears from the clients to be a permanent connection. The ppp daemon takes care of dialing when someone needs a connection and dropping the line when it is not busy, but this is transparent to the machines that use the gateway.

        The distinction I was attempting to draw was that my firewall rules only masquerades the current "valid" systems to the outside world (which ones are valid is controlled by a Perl script naturally).

[reply]
Re: secure remote command
by Improv (Pilgrim) on Apr 17, 2003 at 12:32 UTC
    I would suggest that you install apache on the networking box, configure it not to do DNS lookups (or install bind internally), and configure it to only listen to the internal network. Then you can write a CGI that will bring up the network, perhaps requiring a password first or doing logging. This way, any system with a browser can do it, without the need for installing ssh or telling people how to use telnet. You might even make the CGI off of a front page where you can share bookmarks, house news, or whatever with everyone else on the home network :)
[reply]
Re: secure remote command
by tune (Curate) on Apr 17, 2003 at 04:08 UTC
    Try SSH then.

    --
    tune

[reply]
      I knew I should have mentioned something about that :) Yes, I could use SSH, but then I'm back to the whole interactive thing. I could have my script basically do an expect with ssh and login (but that kind of defeats the whole security thing), or I could have shared keys that allow them to not enter a password (I saw a good, short discussion on this topic here as I was looking for ideas). I guess I'd like for the end user to click a button and have it dial.

      And yes, rsh is BAD and ssh is definately GOOD.

[reply]
        Newer versions of SSH can use public keys, elimating the shell interaction. Consult you SSH manpage.

        -Lee

        "To be civilized is to deny one's nature."
[reply]
Re: secure remote command
by zentara (Archbishop) on Apr 17, 2003 at 15:19 UTC
    Here are a couple of ideas for you:

    This one uses passwords: 

    #!/usr/bin/perl
use strict;
use warnings;
use Net::SSH::Perl;

my $user = "zz";
my $password = "ztest";
my $host = 'zentara.zentara.net';
my $cmd = "/usr/bin/wvdial";
my $ssh = Net::SSH::Perl->new( $host, port => 22 ,debug => 1);
$ssh->login($user,$password);
my($out) = $ssh->cmd($cmd);
print "$out\n";

    [download]

    This one uses keys: 

    #!/usr/bin/perl
#this uses Net::SSH, instead of Net::SSH::Perl 
#and it needs the key method of authentication, 
#it won't use passwords. 
#use strict; 
#use warnings; 
use Net::SSH qw(sshopen3);

my $user = "zz";
my $host = "zentara.zentara.net";
my $cmd = "/usr/bin/wvdial";
sshopen3( "$user\@$host", *WRITER, *READER, *ERROR, "$cmd" );
my $out = <READER>;
my $error = <ERROR>;
chomp $out;
print "$out\n";
print "$error\n";

    [download]
[reply]
[d/l]
[select]
Re: secure remote command
by melguin (Pilgrim) on Apr 17, 2003 at 17:04 UTC
    A very gratuitous thanks to everyone for your ideas an input. There definately is MTOWTTI. Last night I put together a simple CGI interface to dial, stop, and debug wvdial. However, I am certainly going to look into dial-on-demand options and Net:Service.

    Again, many thanks. Though I always try to do my research, it's nice to get lots of varying ideas that I never would have thought of.

[reply]

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://251123]
Approved by robartes
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others meditating upon the Monastery: (4)
As of 2024-04-19 14:09 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found