LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-07-2007, 05:33 AM   #1
ShaneAc
LQ Newbie
 
Registered: Mar 2007
Posts: 3

Rep: Reputation: 0
Script for SSH access


Hello All,

I have a shared Linux servers for hosting websites. I require one shell script to check SSH access is enabled or disabled for all the websites. Please help for this.

Thanks,

Shane G.
 
Old 03-07-2007, 05:38 AM   #2
fukawi2
Member
 
Registered: Oct 2006
Location: Melbourne, Australia
Distribution: ArchLinux, ArchServer, Fedora, CentOS
Posts: 449

Rep: Reputation: 34
Can you post a bit more information? How do you mean "enabled" and "for all websites"?

If it's one server, then ssh is either enabled or disabled - SSH isn't aware of Apache's virtual hosts. That's AFAIK anyway...
 
Old 03-07-2007, 05:56 AM   #3
ShaneAc
LQ Newbie
 
Registered: Mar 2007
Posts: 3

Original Poster
Rep: Reputation: 0
Re:

Hello Fukawi2,

This Linux server is use for shared hosting where near about already 250 websites are hosted. Now, I need to check which website having a feature SSH Access is enabled or Disabled via one shell script.

Thanks for quick response,

Shane G.
 
Old 03-07-2007, 08:55 AM   #4
live_dont_exist
Member
 
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257

Rep: Reputation: 30
Hey Shane,
So essentially you're saying that there are 250 different websites hosted on this virtual server. That'll mean that there are 250 different IP's?? Right?? You want to check which of these 250 IP's has Ssh enabled..Right??

If you have legitimate access to all these IP's and all of them are running normal Ssh on Linux you might want to use Nmap to scan if port 22 is open on all your 250 IP's. If it is then ssh is probably running.

Did I understand you correctly?

Cheers
Arvind
p.s.... This is on the assumption that virtual hosts behave in exactly the same way as normal hosts. If they dont then I may be wrong.
 
Old 03-07-2007, 09:24 AM   #5
dx0r515t
Member
 
Registered: Jan 2005
Location: USA
Distribution: Slackware 10.2 & 11.0
Posts: 155

Rep: Reputation: 30
With nmap you can easily scan ranges of IP's like this:
Code:
nmap 10.25.232.0-255
 
Old 03-07-2007, 09:58 AM   #6
jiml8
Senior Member
 
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 116Reputation: 116
I believe OP is referring to a shared hosting environment. In such an environment it is not uncommon for SSH to be enabled/disabled for the particular domain/user combination based upon a configuration that the server maintains for that particular domain.

A script to check the status on a per-domain basis for all domains is trivial so long as the script author has root access and has detailed knowledge of how the configuration files are constructed and where they are kept.

Lacking that information, it won't be possible to answer the question.
 
Old 03-10-2007, 05:26 AM   #7
ShaneAc
LQ Newbie
 
Registered: Mar 2007
Posts: 3

Original Poster
Rep: Reputation: 0
Hello,

As server is shared; no one can access their site with IP address only. They can access it via Pre DNS URL like as under:

http://205.23.52.152/~shane/

Port is 22 to access SSH.

Thanks,

Shane G.
 
Old 03-10-2007, 06:25 AM   #8
fooks
Member
 
Registered: Jan 2007
Location: Ukraine
Posts: 47

Rep: Reputation: 15
Quote:
Originally Posted by ShaneAc
Hello,
I have a shared Linux servers for hosting websites. I require one shell script to check SSH access is enabled or disabled for all the websites.
...
As server is shared; no one can access their site with IP address only. They can access it via Pre DNS URL like as under:

http://205.23.52.152/~shane/

Port is 22 to access SSH.

Thanks,

Shane G.
As far as i understand this, you have a shared hosting Linux server, i.e. where many websites are bound to single IP (apache virtual hosts), and therefore websites can not be accessed by IP address, only by domain name or by http://205.23.52.152/~USARNAME/ (if apache mod_userdir is enabled).
This is a common and wide-used practice for shared hosting companies.

Now concerning to your ssh question:

websites and ssh access are two different things, and have nothing to each other.
 
Old 03-10-2007, 06:52 AM   #9
fooks
Member
 
Registered: Jan 2007
Location: Ukraine
Posts: 47

Rep: Reputation: 15
You have 'shane' unix user, so you have to check if it is allowed to connect via ssh.

In most cases, if there are no restrictions set in /etc/ssh/sshd_config (AllowUsers, AllowGroups directives), user is allowed to connect via ssh if it has a shell.

Code:
AllowGroups
             This keyword can be followed by a list of group name patterns, separated by spaces.  If specified, login is
             allowed only for users whose primary group or supplementary group list matches one of the patterns.  ‘*’
             and ‘?’ can be used as wildcards in the patterns.  Only group names are valid; a numerical group ID is not
             recognized.  By default, login is allowed for all groups.

     AllowTcpForwarding
             Specifies whether TCP forwarding is permitted.  The default is “yes”.  Note that disabling TCP forwarding
             does not improve security unless users are also denied shell access, as they can always install their own
             forwarders.

     AllowUsers
             This keyword can be followed by a list of user name patterns, separated by spaces.  If specified, login is
             allowed only for user names that match one of the patterns.  ‘*’ and ‘?’ can be used as wildcards in the
             patterns.  Only user names are valid; a numerical user ID is not recognized.  By default, login is allowed
             for all users.  If the pattern takes the form USER@HOST then USER and HOST are separately checked,
             restricting logins to particular users from particular hosts.

For example:
Code:
# tail /etc/passwd
wwwuser:x:502:503::/hsphere/local/home/wwwuser:/sbin/nologin
shane:x:503:504::/hsphere/local/home/shane:/bin/bash
...
From this example you see that user 'shane' has bash shell, so it is allowed to connect via ssh.

User 'wwwuser' has has nologin shell, it intended as a replacement shell field for accounts that have been disabled, to politely refuse a login.


So all what you need to do to check what users are allowed to connect via ssh is to cat /etc/passwd file and check what shell is given to user.

Code:
cat /etc/passwd | cut -d\: -f1,7

Last edited by fooks; 03-10-2007 at 06:53 AM.
 
Old 03-10-2007, 10:32 AM   #10
live_dont_exist
Member
 
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257

Rep: Reputation: 30
Thats a decent explanation by fooks..Shane. With regards to the script since all you need to check is 1 IP now ..for ssh access I guess you wouldnt need a script at all. You could just do an ssh an find out .

BTW if you would want to find out which user would have ssh access you'd first need to set the AllowUsers parameter as fooks has mentioned below.

Once thats done you'd need to write a quick script which does:

1.Open the sshd_config file and grab all the users under AllowUsers
2.Match this list against the user list in /etc/passwd
3.Wherever theres a match you know that that user has SSH access.
4.If theres no match that user doesnt have SSH access.

Clear enough? You could use Perl or even write a simple shell script to do this.Its not too complicated.

Post back if still problems.All the best

Cheers
Arvind
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
I need to allow ssh access Lsteele Linux - Newbie 16 11-29-2005 11:10 PM
Denying access to SSH but allow access to FTP nemesisza Linux - Security 5 03-14-2004 10:25 PM
ssh limited access macadam Linux - Newbie 7 12-23-2003 01:06 PM
SSH Script incanus_1 Linux - Newbie 1 11-03-2003 07:45 AM
password-less ssh access? soup Slackware 6 07-10-2003 01:49 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:52 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration