2007/12/31, Dave Burns <tburns@xxxxxxxxxx>: > I should probably ask this on an ssh oriented list, but I thought I'd > try my luck here first. > > I want to do some remote commands securely. I put a key in my > .ssh/authorized_keys file like so: > > command="/usr/bin/make $SSH_ORIGINAL_COMMAND" ssh-rsa AAAAB3NzaC1[etc.etc.] > > so I can invoke make targets like so: > > ssh username@host target > > Assuming the bad guys never get my key, I am fine, even though it is > passwordless. > > What if a bad guy does get my key? Then I see three possible problems: > > 1) somehow use make's -F switch in ssh command to change Makefiles? > 2) stack overflow of make or ssh? > 3) Somehow put extra command after make target using ';' or something? > > And obviously the bad guy can invoke any of the targets in my > makefile, but I've made them pretty innocuous. > > So, should I seriously worry about any of these potential problems? > Any other holes I haven't thought of? > > The motivation for all this is some cron jobs I want to run, obviously > calls for a passwordless ssh key, but I want to put some limits on it. > Morning Dave, This is such a dangerous thing, I have to say. First off, and regarding to the fact of what a bad guy could do... If he had acces to $command it means it would be able to know the key, so he can log in without a problem in the remote machine (not just executing remote commands which would involve a wee bit of experience in Linux enviroments to know the remote paths and all that, if he got access to the machine it would be easier. I hope I´m explaining myself quite clear). Secondly, keeping in mind he would log into as a user, he could change makefiles owned by the user, and compile them, most likely, which lead us to the fack being able to do really nasty things in your system. I don´t see the point actually in doing what you´re doing to run cron jobs in the remote machine, why don´t you just use the cron, It was designed for that, what´s the point of running remote commands and letting the key visible? You asked if you should worry about all that. I´d do it. We don´t know, yet, in which scenario all this is running into, if you´re doing this between two system in your home, without being exposed to the internet or with some kinda iptables rules to allow ssh connections from one IP and all that..you know, we could let it go. But from my point of view, and even being a small scenario (I really want to hope you´re not using this in a production enviroment or proffesional ones..), people should be concerned as much as possible that someone can compromise your system, whether it is a small network at home or a company huge network, it is much better to do not play with fire. It is not too much effort to do things in a good way, you´ll feel safer and you´d not let your network to be on risk, techinically it will be, either if you do it good or bad (everybody knows any machine on the internet is on risk), but it will be less risky if you do things well. Hope this helps. Manuel.
