[vox-tech] Providing access to SSH on Kiosk?
ME
vox-tech@lists.lugod.org
Mon, 12 Jan 2004 23:41:29 -0800 (PST)
Bill Kendrick said:
> On Mon, Jan 12, 2004 at 10:56:15PM -0800, ME wrote:
>> What about LILO/grub? can the user pass args to the kernel to be booted?
>> You know, the old "init=/bin/bash" arg/trick for local root on boot
>> without restrictions...
[chop]
> Yes, I have LILO restricted to ONLY let "Linux" image boot, with no
> arguments, unless a password is supplied.
[chop]
> Unless I misunderstood you, in which case I now look like a buffoon. :^)
It sounds like you have that covered.
> <snip>
>> These require one of two things:
>> 1 access to build their own ssh clients with modified source code and
>> force the user to call their ssh client instead of the one you
>> installed.
>> (Usually this means root access.)
>
> Okay, this is covered (in a perfect world) by Unix permissions and the
> fact that users shouldn't be able to get to a shell to even INVOKE a
> compiler, let alone install the binary. :^)
>
>
> <snip>
>> A presentation on the useful features of ssh would also be good.
>> (Tunneling, proxy, redirection, etc.)
>
> Okay Mike, I'll jot you down for two presentations later this year.
> Pick the dates. ;^)
You misunderstood. I was not volunteering for that. :-P
(At least not this summer. Maybe next year though.)
If you are interrested in computer security, maybe you can visit a defcon.
You can save money if you go with others.I think I have 3 or 4 people with
me (splitting the cost for transport and hotel.) Bill, let me know if you
would like to join me. (We can talk off list.)
>> We'll have to see what happens.I'll have a better idea in April. If the
>> UC
>> Davis CS dept wants to have me in their grad program on cs security,
>> maybe I'll move to Davis in 2005 and attend LUGOD a little more often
>> than
>> I do now. :-D
>
> Cool! :^) In the meantime, we should get Peter going to NBLUG meetings,
> or something! He needs it! ;)
That would be good for Peter, but I am phasing NBLUG out as a trade for
LUGOD and ACM/CS Club on campus: This year, I will be attending the CS
Computer Club and running for office with our campus ACM Chapter and CS
Club. Part of increasing my activity with LUGOD and the campus CS Club
means changing focus away from NBLUG and devoting that energy here and on
campus.
I'm on our irc #lugod and more active there and have been reading these
lists on LUGOD more thanb before.
>> OK. Consider another drive to image the system and rebuild every
>> morning.
>> A local disk with rsync would be pretty fast.
>
> Hrm... neato. This is all fascinating, but at the same time scary.
>
> Kinda like back in the day when I didn't write very 'robust' CGI scripts.
> Fortunately, I wasn't quite as 'prolific' as that Matt's Scripts guy
> that's
> still causing people pain... I'm glad I've got such a good network of
> folks
> to talk to about this stuff today. :^) You and Ken have been priceless!
I wish I could be there to be more help. Maybe after the GRE this summer,
I'll have a better idea where I'll be in 2005.
> Just trying to serve my community. (But at the same time
> be
> careful of hackers abusing them :) )
That is a full time job and requires vigalance.
-ME