LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-11-2012, 01:57 PM   #1
evgenyz
Member
 
Registered: Sep 2012
Posts: 48

Rep: Reputation: Disabled
Secured remote control of the Server using email


I'm looking for secured way to send command by email to my remote Linux server for execution. Is anybody familiar with such tool?

Thanks

Last edited by evgenyz; 09-11-2012 at 02:15 PM.
 
Old 09-11-2012, 02:49 PM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
I've never heard of such a tool. However, there are a couple of things that come to mind, as well as challenges. Theoretically, you could have your email program call a "filter" upon receipt of the message. This "filter" could be a script that performs any number of functions, including execute the commands of the email. As I said, though, there are a few challenges. First, the email program, which presumably would be executing the commands, should be configured as a non privileged user for security. By definition and design this application should NOT be running commands. Second, how would you validate and authenticate the commands / scripts sent by email?

Rather than focusing on a specific method, e.g. email, for remote administration, perhaps you could elaborate on what your requirements are as there are already several methods for remote server administration such as SSH (probably your best choice), cPanel, webmin, etc, in addition to application specific tools.
 
Old 09-11-2012, 02:51 PM   #3
YankeePride13
Member
 
Registered: Aug 2012
Distribution: Ubuntu 10.04, CentOS 6.3, Windows 7
Posts: 185

Rep: Reputation: 43
This has bad news written all over it. Whatever task you need to accomplish can be accomplished in many other ways that are much more secure.
 
Old 09-11-2012, 05:12 PM   #4
evgenyz
Member
 
Registered: Sep 2012
Posts: 48

Original Poster
Rep: Reputation: Disabled
Thanks, I know there are lot of tools around, but I provide application support for several customers around the globe. Some times I find myself with my smart phone only without possibility to connect and to provide on site support. Some times it's enough to see the status of the system or the applications to understand the problem, but unfortunately is some critical situations I had only email as a communication tool...
 
Old 09-11-2012, 05:16 PM   #5
JaseP
Senior Member
 
Registered: Jun 2002
Location: Eastern PA, USA
Distribution: K/Ubuntu 10.04/12.04, Scientific Linux 6.3, Android-x86, Maemo
Posts: 1,658

Rep: Reputation: 138Reputation: 138
You'd be better off with sms than email, but that, too is insecure.
 
Old 09-11-2012, 05:41 PM   #6
evgenyz
Member
 
Registered: Sep 2012
Posts: 48

Original Poster
Rep: Reputation: Disabled
Actually, I need a tool that will be able:

1. To authenticate me based on some access control schema and to assign proper user associated with my email address.
2. To validate if I have permission to execute the command.
3. Execute it if I have rights and send back the results or reject it if I have no privilege to execute it.

Sound simple and can be very usable for support person / system admin like me that occasionally needs to check status or make a quick fix, but far away from any tool except email...

Any ideas?

Thanks!
 
Old 09-11-2012, 09:43 PM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,947
Blog Entries: 54

Rep: Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732
Actually I have heard of such a tool but that was years and years ago. Only way to find any would be to search the 'net (Sourceforge, Berlioz, Nongnu, The-Site-Formerly-Known-As-Freshmeat) for say "commands via email". There's actually one version that fetches commands by checking the users Gmail account.
 
Old 09-12-2012, 07:34 AM   #8
evgenyz
Member
 
Registered: Sep 2012
Posts: 48

Original Poster
Rep: Reputation: Disabled
Unfortunately, what I found so far is very unsecured...
Probably will develop something by myself.
Thanks any way!
 
Old 09-12-2012, 08:03 AM   #9
YankeePride13
Member
 
Registered: Aug 2012
Distribution: Ubuntu 10.04, CentOS 6.3, Windows 7
Posts: 185

Rep: Reputation: 43
@ OP. If you have a smart phone, why don't you download an SSH app?
 
Old 09-12-2012, 08:20 AM   #10
evgenyz
Member
 
Registered: Sep 2012
Posts: 48

Original Poster
Rep: Reputation: Disabled
The disadvantage of mobile ssh application is that no one of my clients is willing to provide VPN ssh tunnelig. It's goog solution but useless in many situations. I'm looking for universal "light" method which is email.
If I can receive notification by email from the Application, why the Application can't receive instruction sent by email from me ???
The email is universal and the idea is simple, but the implementation is not trivial...
 
Old 09-12-2012, 08:59 AM   #11
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
If your clients have issues with allowing you to use RSA key based authentication SSH (as I do with my phone to my servers), they must certainly have issues with your email based approach. If they do not, it is because they do not understand the implications of the approach and how they are FAR WORSE than SSH.

Last edited by Noway2; 09-12-2012 at 09:17 AM. Reason: typo correction
 
Old 09-12-2012, 09:03 AM   #12
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux
Posts: 2,766
Blog Entries: 1

Rep: Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872
Usually a reply like mine wouldn't be helpful, but this case is an exception... This is a TERRIBLE idea and should not be implemented. Its a security nightmare.

Please look into an alternate and more secure solution. E.g = VPN, SSL-VPN, SSH tunnel, pfauth+plink, IPSEC, L2TP...
 
Old 09-12-2012, 09:08 AM   #13
evgenyz
Member
 
Registered: Sep 2012
Posts: 48

Original Poster
Rep: Reputation: Disabled
As I told, the implementation is not trivial, and probably this is a reason why there is no commercial product the supports secured and "trusted" communication with application using email. Theoretically, the email port is always opened and no need special setup as for SSH access. The server based application could control all the access rights and be not less secured than SSH.
Just an idea...Thanks any way!
 
Old 09-12-2012, 09:10 AM   #14
YankeePride13
Member
 
Registered: Aug 2012
Distribution: Ubuntu 10.04, CentOS 6.3, Windows 7
Posts: 185

Rep: Reputation: 43
@Noway2

Exactly.

Bottom line is evgenyz, don't do it via e-mail. Get them to allow you to have VPN access on your phone. Or have them whitelist a server that you own, and have that be the staging ground for all of your remote sshing.
 
Old 09-12-2012, 09:11 AM   #15
YankeePride13
Member
 
Registered: Aug 2012
Distribution: Ubuntu 10.04, CentOS 6.3, Windows 7
Posts: 185

Rep: Reputation: 43
Quote:
Originally Posted by evgenyz View Post
As I told, the implementation is not trivial, and probably this is a reason why there is no commercial product the supports secured and "trusted" communication with application using email. Theoretically, the email port is always opened and no need special setup as for SSH access. The server based application could control all the access rights and be not less secured than SSH.
Just an idea...Thanks any way!
The reason there is no commercial product for this is because SMTP can be easily spoofed by anyone and it doesn't require much knowledge to do so.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to collecting email from remote POP3 server and delivery to local users skc Linux - Server 3 07-13-2011 04:21 AM
what is the best way using remote control to control rhel server? hocheetiong Linux - Newbie 1 11-02-2007 03:10 AM
Remote Control Server RySk8er30 Linux - Software 2 04-01-2005 03:48 PM
Email Server for remote users, can it be secure? javiergt Linux - Software 2 02-04-2005 09:44 AM
remote control for x server kermit Linux - Software 3 07-10-2002 08:48 AM


All times are GMT -5. The time now is 06:02 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration