LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices

Reply
 
Search this Thread
Old 04-14-2005, 11:34 AM   #1
R00ts
Member
 
Registered: Mar 2004
Location: Austin TX, USA
Distribution: Ubuntu 11.10, Fedora 16
Posts: 545

Rep: Reputation: 30
apt-get behind a proxy, security issues?


One of my machine's at work runs Debian and of course I'm sitting behind a proxy. apt-get won't run properly when it's sitting behind a proxy, so I used my google powers and found a workaround by setting either the http_proxy or ftp_proxy environmental variable:

Code:
export http_proxy=http://username: password@server: port
export ftp_proxy=http://username: password@server: port
(no spaces between : and p. I had to edit that because it was giving faces instead, lol)

Then apt-get will install programs without complaints. However, I'm wondering how large of a security issue this is. For one, if I leave my workstation and forget to lock my screen then anyone can come up and type env and see my naked username and password. But what about the risk of someone snooping my machine across the network and finding out what env vars I have set?


For now I've only been using apt-get when I absolutely need a certain program installed, and when I do that I set my proxy env vars, call apt-get, and then immediately remove the env vars. Is there a better/more secure way to get around my proxy without exposing my account information? Thanks.

Last edited by R00ts; 04-14-2005 at 11:37 AM.
 
Old 04-15-2005, 02:50 PM   #2
zen0n
LQ Newbie
 
Registered: Jul 2004
Location: Winnipeg
Distribution: debian
Posts: 22

Rep: Reputation: 15
you can specify proxy servers for apt repositories in /etc/apt/apt.conf

Here is a basic template example
Code:
// $Id: apt.conf,v 1.43 1999/12/06 02:19:38 jgg Exp $
/* This file is a sample configuration file with a few harmless sample 
   options.   
*/

APT 
{
  // Options for apt-get
  Get 
  {
     Download-Only "false";
  };
  
};

// Options for the downloading routines
Acquire
{
  Retries "0";
  http::Proxy "http://your.proxy.here:8080";;
  
};

// Things that effect the APT dselect method
DSelect 
{
  Clean "auto";   // always|auto|prompt|never
};

DPkg 
{
  // Probably don't want to use force-downgrade..
  Options {"--force-overwrite";}
}
 
Old 04-18-2005, 10:17 AM   #3
R00ts
Member
 
Registered: Mar 2004
Location: Austin TX, USA
Distribution: Ubuntu 11.10, Fedora 16
Posts: 545

Original Poster
Rep: Reputation: 30
But doesn't that still pose quite a risk? Anyone who can get access to this machine can just read /etc/apt/apt.conf and see both my account name and password in broad day....errr monitor light. Or does that code you posted prompt me for my username and password each time I run apt-get (it sure doesn't look like it)? If that's the case, then yes this is the solution I've been looking for.


Actually I just took a look my apt.conf file and found the following:

Code:
Aquire::http::Proxy "http://youraccount::yourpassword@MY_COMPANY_PROXY:MY_PORT";
Where the proxy and port are already set, but I'm not copying it over here for obvious reasons. So yeah, I would feel even more uneasy having my account + password permanently written to a file rather than setting and clearing temporary proxy enviornmental variables.
 
Old 04-19-2005, 12:35 AM   #4
Grommet
LQ Newbie
 
Registered: Feb 2005
Location: OZ
Posts: 15

Rep: Reputation: 0
not wanting to make you feel like a dil etc....but

you have to change to root to install apps via apt-get.....

if you make the apt.conf file with your password and username then set the file to be restricted to only root then its secure isnt it?...


you have to be root to install or see the config file....you run as a standard user....

even if you dont log out the need root password to see .conf...
 
Old 04-19-2005, 10:04 AM   #5
R00ts
Member
 
Registered: Mar 2004
Location: Austin TX, USA
Distribution: Ubuntu 11.10, Fedora 16
Posts: 545

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by Grommet
not wanting to make you feel like a dil etc....but

you have to change to root to install apps via apt-get.....

if you make the apt.conf file with your password and username then set the file to be restricted to only root then its secure isnt it?...


you have to be root to install or see the config file....you run as a standard user....

even if you dont log out the need root password to see .conf...

Yes I had taken that into account, and normally you'd be completely right that that is the best solution. In my specific case it's a little different though, because I'm only a temporary co-op/intern working here and this isn't my primary machine, it was given me for a specific research project that is now finished. So as soon as someone else needs this specific machine (or my stay here expires), it will be swiped from me, and I can say with 98% confidence that I'm going to forget that my username and password are still sitting in apt.conf (others have/will have the root password to this machine too). But yeah, that answers my question so thanks for your helpful input.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to set up proxy in Apt-Get's apt.conf? rykel Fedora 9 10-09-2013 03:24 AM
can't set up apt to use proxy Confusedious Linux - Newbie 3 10-06-2005 12:05 PM
apt-proxy vs squid el_pajaro! Debian 1 04-26-2005 07:06 AM
apt-proxy and cron-apt - download once for the whole LAN Abject Debian 1 06-20-2004 01:53 PM
APT behind a proxy geniarse Debian 4 04-14-2004 09:26 PM


All times are GMT -5. The time now is 04:26 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration