[ale] Need a "back door" for a remote system.

[Richard Also]

On Oct 15, 2009, at 2:55 PM, Jim Lynch wrote:

> I have a remote system that I need to find a failsafe recovery if it
> gets in trouble.  The only thing I can do with the system is get the  
> sys
> admins to reboot restore the original  firewall if somehow I get  
> locked
> out.  Since I run the ssh on an alternate port, that pretty much locks
> me out of the system.
>
> I know it's a sloppy way to do things, but I was hoping I use a web
> server to reset the ssh port somehow, but Apache is configured without
> suexec and it makes sense to leave it that way.
>
> I'm sort of toying with having a cron job running as root and  
> testing to
> see if a specific web page has been touched in the last xxx hours  
> and if
> not, then reset the sshd_config file to port 22 and restart ssh.  I'll
> run a cron job on another system to tickle the other one and if I find
> myself locked out, I'll just suspend that tickle for a while.
>
> That's a hack I know, but I'm open to other suggestions.  No cpanel
> access (its a real cheap hosting service).  Webmin will not work if  
> the
> firewall is reset, etc.
>
> Thanks,
> Jim.
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo



one option is, before you start tinkering with configurations, to set  
an 'at' job that restores a working state sometime in the near future  
(say 15 minutes). If you're happy with the system changes before then,  
remove the at job. If you get locked out you just have to wait for the  
at job to kick in. This has the obvious downside that you have to know  
in advance you're about to do something risky and that the at job will  
correctly restore a working configuration.