[ale] Need a "back door" for a remote system.

Jim Kinney jim.kinney at gmail.com
Thu Oct 15 15:45:34 EDT 2009


Have a special partition with a micro-installation with known solid
forensic/admin tools. Have a grub boot line for it as a last-ditch
fall-back. Set up a cron that looks for an offsite flag (use ssh key
scp/sftp, netcat, rsync, httpd - program kicks off on 2 of 3 remotes
set to "reboot to crash disk"). If reboot is called, use techniques
here: http://www.gnu.org/software/grub/manual/html_node/Making-your-system-robust.html#Making-your-system-robust
to access the hidden partition and have it do whatever ssh magic you
need. System can automagically reboot if cron finds flag set or(/also)
have crash partition as last choice in grub chain.


On Thu, Oct 15, 2009 at 2:55 PM, Jim Lynch
<ale_nospam at fayettedigital.com> wrote:
> I have a remote system that I need to find a failsafe recovery if it
> gets in trouble.  The only thing I can do with the system is get the sys
> admins to reboot restore the original  firewall if somehow I get locked
> out.  Since I run the ssh on an alternate port, that pretty much locks
> me out of the system.
>
> I know it's a sloppy way to do things, but I was hoping I use a web
> server to reset the ssh port somehow, but Apache is configured without
> suexec and it makes sense to leave it that way.
>
> I'm sort of toying with having a cron job running as root and testing to
> see if a specific web page has been touched in the last xxx hours and if
> not, then reset the sshd_config file to port 22 and restart ssh.  I'll
> run a cron job on another system to tickle the other one and if I find
> myself locked out, I'll just suspend that tickle for a while.
>
> That's a hack I know, but I'm open to other suggestions.  No cpanel
> access (its a real cheap hosting service).  Webmin will not work if the
> firewall is reset, etc.
>
> Thanks,
> Jim.
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>



-- 
-- 
James P. Kinney III
Actively in pursuit of Life, Liberty and Happiness



More information about the Ale mailing list