LinuxQuestions.org
Page 1 of 3 1 23
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Secured remote control of the Server using email (https://www.linuxquestions.org/questions/linux-security-4/secured-remote-control-of-the-server-using-email-4175426735/)

evgenyz 09-11-2012 01:57 PM
Secured remote control of the Server using email
 
I'm looking for secured way to send command by email to my remote Linux server for execution. Is anybody familiar with such tool?

Thanks

Noway2 09-11-2012 02:49 PM
I've never heard of such a tool. However, there are a couple of things that come to mind, as well as challenges. Theoretically, you could have your email program call a "filter" upon receipt of the message. This "filter" could be a script that performs any number of functions, including execute the commands of the email. As I said, though, there are a few challenges. First, the email program, which presumably would be executing the commands, should be configured as a non privileged user for security. By definition and design this application should NOT be running commands. Second, how would you validate and authenticate the commands / scripts sent by email?

Rather than focusing on a specific method, e.g. email, for remote administration, perhaps you could elaborate on what your requirements are as there are already several methods for remote server administration such as SSH (probably your best choice), cPanel, webmin, etc, in addition to application specific tools.

YankeePride13 09-11-2012 02:51 PM
This has bad news written all over it. Whatever task you need to accomplish can be accomplished in many other ways that are much more secure.

evgenyz 09-11-2012 05:12 PM
Thanks, I know there are lot of tools around, but I provide application support for several customers around the globe. Some times I find myself with my smart phone only without possibility to connect and to provide on site support. Some times it's enough to see the status of the system or the applications to understand the problem, but unfortunately is some critical situations I had only email as a communication tool...

JaseP 09-11-2012 05:16 PM
You'd be better off with sms than email, but that, too is insecure.

evgenyz 09-11-2012 05:41 PM
Actually, I need a tool that will be able:

1. To authenticate me based on some access control schema and to assign proper user associated with my email address.
2. To validate if I have permission to execute the command.
3. Execute it if I have rights and send back the results or reject it if I have no privilege to execute it.

Sound simple and can be very usable for support person / system admin like me that occasionally needs to check status or make a quick fix, but far away from any tool except email...

Any ideas?

Thanks!

unSpawn 09-11-2012 09:43 PM
Actually I have heard of such a tool but that was years and years ago. Only way to find any would be to search the 'net (Sourceforge, Berlioz, Nongnu, The-Site-Formerly-Known-As-Freshmeat) for say "commands via email". There's actually one version that fetches commands by checking the users Gmail account.

evgenyz 09-12-2012 07:34 AM
Unfortunately, what I found so far is very unsecured...
Probably will develop something by myself.
Thanks any way!

YankeePride13 09-12-2012 08:03 AM
@ OP. If you have a smart phone, why don't you download an SSH app?

evgenyz 09-12-2012 08:20 AM
The disadvantage of mobile ssh application is that no one of my clients is willing to provide VPN ssh tunnelig. It's goog solution but useless in many situations. I'm looking for universal "light" method which is email.
If I can receive notification by email from the Application, why the Application can't receive instruction sent by email from me ???
The email is universal and the idea is simple, but the implementation is not trivial...

Noway2 09-12-2012 08:59 AM
If your clients have issues with allowing you to use RSA key based authentication SSH (as I do with my phone to my servers), they must certainly have issues with your email based approach. If they do not, it is because they do not understand the implications of the approach and how they are FAR WORSE than SSH.

szboardstretcher 09-12-2012 09:03 AM
Usually a reply like mine wouldn't be helpful, but this case is an exception... This is a TERRIBLE idea and should not be implemented. Its a security nightmare.

Please look into an alternate and more secure solution. E.g = VPN, SSL-VPN, SSH tunnel, pfauth+plink, IPSEC, L2TP...

evgenyz 09-12-2012 09:08 AM
As I told, the implementation is not trivial, and probably this is a reason why there is no commercial product the supports secured and "trusted" communication with application using email. Theoretically, the email port is always opened and no need special setup as for SSH access. The server based application could control all the access rights and be not less secured than SSH.
Just an idea...Thanks any way!

YankeePride13 09-12-2012 09:10 AM
@Noway2

Exactly.

Bottom line is evgenyz, don't do it via e-mail. Get them to allow you to have VPN access on your phone. Or have them whitelist a server that you own, and have that be the staging ground for all of your remote sshing.

YankeePride13 09-12-2012 09:11 AM
Quote:
Originally Posted by evgenyz (Post 4778517)
As I told, the implementation is not trivial, and probably this is a reason why there is no commercial product the supports secured and "trusted" communication with application using email. Theoretically, the email port is always opened and no need special setup as for SSH access. The server based application could control all the access rights and be not less secured than SSH.
Just an idea...Thanks any way!
The reason there is no commercial product for this is because SMTP can be easily spoofed by anyone and it doesn't require much knowledge to do so.


All times are GMT -5. The time now is 05:38 AM.
Page 1 of 3 1 23
Show 50 post(s) from this thread on one page