Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Thanks for allow me to be part of this community. I very new at Linux and I'm running my first project. So far I guess is working however when I want to display the output of a command in the html portal I dont see anything. Here is the bash:
#!/bin/bash
read -p "Mac given: " Add
if [ "$1" != "" ] ; then
Add=$1
fi
echo "Content-type: text/html"
echo $Add <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<this output is visible and i can confirm that what ever I receive from the PHP script is correct
echo ""
echo "<html><head><title>Bash as CGI"
echo "</title></head><body>"
echo "<center><h1>Find the information below</h1></center>"
echo $(sshpass -p XXXXX ssh XXXXXX@XXXXX show mac address-table address $Add) >>>>> Here is where it fails. If I run the batch I can see the output but if I go the portal I dont see anything.
I know, needs a lot work on that side but I want to make it work first. I have too few exposure on this world.
The command works, if I run it directly from the server I can see the correct out put.
Using shell for CGI is fine but the way you are going about the work flow here provides several glaring security holes. Security is part of the intial design process and cannot be bolted on afterwards. If you need an example of bad design, look at the 40+ years of M$ garbage. So please reconsider your work flow to include security from the beginning.
Any data coming in from the outside is filthy and cannot be safely used or passed on to other programs without first being sanitized or at least validated. For example, someone could pass a single line of instructions and get a full reverse shell to $1, instead of what you were expecting:
So what are the allowed ranges or values for the $Add variable? Write a routine for your shell script to make sure it is clean.
Then as for the SSH password, don't use one, use an SSH key instead. SSH keys can be locked to a single program. Then on the server side, lock down the key with command="..." in authorized_keys. Substitute your details for the ... there. If you need to pass information, then make use of the $SSH_ORIGINAL_COMMAND environment variable and mine that for what you need. Again, keep in mind that information from the variable must be sanitized before use.
Hello Turbocapitalist, those are very useful recommendation for me, honestly I didn't think on that before maybe coz my lack of experience. But I will review all of it before sharing the portal with any user for sure.
The variable comes from a HTML format that is send to PHP script then from there I run the bash, I wont take all the credit, I took that flow from here and there and just put them together according to what I needed and made it work. It was simple but for my took me around a week :S.
I can do certs for sure to connect to my equipment and I didn't know I could do that in regards of the command recommendation which I'm planning to do it that way.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.