Re: secure remote command
by zengargoyle (Deacon) on Apr 17, 2003 at 05:48 UTC
|
security is pointless in this case i think. everybody on the local side should be able to dial-up, it's impossible if you're not already dialed up for someone from the outside to tell it to dail-up....
untested, but i would probably just try something like:
# /etc/services
dialup 12345/tcp # dialup
dialdown 12346/tcp # dialdown
# /etc/inetd.conf
dialup stream tcp nowait username /etc/init.d/dialup start
dialdown stream tcp nowait username /etc/init.d/dialup stop
then if you add the services to the client machines you can just 'telnet server dialup' to start the connection and 'telnet server dialdown' to stop it.
for more perlish solution look at Net::Server or maybe the RPC or SOAP
it's also likely that you could configure the dialup server to automagically dial on demand. and not have to bother with anything else. | [reply] [d/l] |
Re: secure remote command
by robartes (Priest) on Apr 17, 2003 at 07:18 UTC
|
For a different angle on this, have look at diald for doing a dial-on-demand setup on the gateway. Using this, you can have the gateway automatically open the connection based on packets going through.
CU Robartes- | [reply] |
Re: secure remote command
by hawtin (Prior) on Apr 17, 2003 at 08:23 UTC
|
I would suggest that the first thing you do is to
look at running an "on-demand" ppp connection. This
will do the dialing for you whenever a machine on
the internal network has a valid connection to the outside
world. You can define your firewall rules to select which
machines are allowed the connect (and even at what times).
By running your firewall machine as a gateway (i.e. with
Windows clients you want the firewall to be a DHCP server)
you can minimise the fiddling you need to do on the
clients.
There are lots of books on doing this type of thing, and
the HOWTOs are also worth reading.
If your ISP supports it you can set up your firewall machine
as a DNS, mail and news server as well (in fact you can spend
hours messing with it).
If you want some level of control from the clients you
could, for example, set up a web server (only for the internal
network of course) that uses CGI (in Perl naturally) to
control the PPP connection.
| [reply] |
|
You mean makes a valid request to the outside world. How can you have a connection if you're not connected ;)
MJD says you
can't just make shit up and expect the computer to know what you mean, retardo!
I run a Win32 PPM
repository for perl 5.6x+5.8x. I take requests.
** The Third rule of perl club is a statement of fact: pod is sexy.
|
| [reply] |
|
The way that I run dial-on-demand ppp it appears from the
clients to be a permanent connection. The ppp daemon takes
care of dialing when someone needs a connection and
dropping the line when it is not busy, but this is
transparent to the machines that use the gateway.
The distinction I was attempting to draw was that my firewall
rules only masquerades the current "valid" systems to
the outside world (which ones are valid is controlled
by a Perl script naturally).
| [reply] |
Re: secure remote command
by Improv (Pilgrim) on Apr 17, 2003 at 12:32 UTC
|
I would suggest that you install apache on the networking box,
configure it not to do DNS lookups (or install bind internally), and configure it to only listen to the internal
network. Then you can write a CGI that will bring up the
network, perhaps requiring a password first or doing logging.
This way, any system with a browser can do it, without
the need for installing ssh or telling people how to use
telnet. You might even make the CGI off of a front page
where you can share bookmarks, house news, or whatever
with everyone else on the home network :) | [reply] |
Re: secure remote command
by tune (Curate) on Apr 17, 2003 at 04:08 UTC
|
| [reply] |
|
| [reply] |
|
Newer versions of SSH can use public keys, elimating the shell interaction. Consult you SSH manpage.
-Lee
"To be civilized is to deny one's nature."
| [reply] |
Re: secure remote command
by zentara (Archbishop) on Apr 17, 2003 at 15:19 UTC
|
Here are a couple of ideas for you:
This one uses passwords:
#!/usr/bin/perl
use strict;
use warnings;
use Net::SSH::Perl;
my $user = "zz";
my $password = "ztest";
my $host = 'zentara.zentara.net';
my $cmd = "/usr/bin/wvdial";
my $ssh = Net::SSH::Perl->new( $host, port => 22 ,debug => 1);
$ssh->login($user,$password);
my($out) = $ssh->cmd($cmd);
print "$out\n";
This one uses keys:
#!/usr/bin/perl
#this uses Net::SSH, instead of Net::SSH::Perl
#and it needs the key method of authentication,
#it won't use passwords.
#use strict;
#use warnings;
use Net::SSH qw(sshopen3);
my $user = "zz";
my $host = "zentara.zentara.net";
my $cmd = "/usr/bin/wvdial";
sshopen3( "$user\@$host", *WRITER, *READER, *ERROR, "$cmd" );
my $out = <READER>;
my $error = <ERROR>;
chomp $out;
print "$out\n";
print "$error\n";
| [reply] [d/l] [select] |
Re: secure remote command
by melguin (Pilgrim) on Apr 17, 2003 at 17:04 UTC
|
A very gratuitous thanks to everyone for your ideas an input. There definately is MTOWTTI. Last night I put together a simple CGI interface to dial, stop, and debug wvdial. However, I am certainly going to look into dial-on-demand options and Net:Service.
Again, many thanks. Though I always try to do my research, it's nice to get lots of varying ideas that I never would have thought of. | [reply] |