[SOLVED] Secured remote control of the Server using email
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've never heard of such a tool. However, there are a couple of things that come to mind, as well as challenges. Theoretically, you could have your email program call a "filter" upon receipt of the message. This "filter" could be a script that performs any number of functions, including execute the commands of the email. As I said, though, there are a few challenges. First, the email program, which presumably would be executing the commands, should be configured as a non privileged user for security. By definition and design this application should NOT be running commands. Second, how would you validate and authenticate the commands / scripts sent by email?
Rather than focusing on a specific method, e.g. email, for remote administration, perhaps you could elaborate on what your requirements are as there are already several methods for remote server administration such as SSH (probably your best choice), cPanel, webmin, etc, in addition to application specific tools.
Thanks, I know there are lot of tools around, but I provide application support for several customers around the globe. Some times I find myself with my smart phone only without possibility to connect and to provide on site support. Some times it's enough to see the status of the system or the applications to understand the problem, but unfortunately is some critical situations I had only email as a communication tool...
1. To authenticate me based on some access control schema and to assign proper user associated with my email address.
2. To validate if I have permission to execute the command.
3. Execute it if I have rights and send back the results or reject it if I have no privilege to execute it.
Sound simple and can be very usable for support person / system admin like me that occasionally needs to check status or make a quick fix, but far away from any tool except email...
Actually I have heard of such a tool but that was years and years ago. Only way to find any would be to search the 'net (Sourceforge, Berlioz, Nongnu, The-Site-Formerly-Known-As-Freshmeat) for say "commands via email". There's actually one version that fetches commands by checking the users Gmail account.
The disadvantage of mobile ssh application is that no one of my clients is willing to provide VPN ssh tunnelig. It's goog solution but useless in many situations. I'm looking for universal "light" method which is email.
If I can receive notification by email from the Application, why the Application can't receive instruction sent by email from me ???
The email is universal and the idea is simple, but the implementation is not trivial...
If your clients have issues with allowing you to use RSA key based authentication SSH (as I do with my phone to my servers), they must certainly have issues with your email based approach. If they do not, it is because they do not understand the implications of the approach and how they are FAR WORSE than SSH.
Last edited by Noway2; 09-12-2012 at 09:17 AM.
Reason: typo correction
Usually a reply like mine wouldn't be helpful, but this case is an exception... This is a TERRIBLE idea and should not be implemented. Its a security nightmare.
Please look into an alternate and more secure solution. E.g = VPN, SSL-VPN, SSH tunnel, pfauth+plink, IPSEC, L2TP...
As I told, the implementation is not trivial, and probably this is a reason why there is no commercial product the supports secured and "trusted" communication with application using email. Theoretically, the email port is always opened and no need special setup as for SSH access. The server based application could control all the access rights and be not less secured than SSH.
Just an idea...Thanks any way!
Bottom line is evgenyz, don't do it via e-mail. Get them to allow you to have VPN access on your phone. Or have them whitelist a server that you own, and have that be the staging ground for all of your remote sshing.
As I told, the implementation is not trivial, and probably this is a reason why there is no commercial product the supports secured and "trusted" communication with application using email. Theoretically, the email port is always opened and no need special setup as for SSH access. The server based application could control all the access rights and be not less secured than SSH.
Just an idea...Thanks any way!
The reason there is no commercial product for this is because SMTP can be easily spoofed by anyone and it doesn't require much knowledge to do so.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.