[ale] Need a "back door" for a remote system.
Richard Also
richardalso at gmail.com
Thu Oct 15 16:02:23 EDT 2009
On Oct 15, 2009, at 2:55 PM, Jim Lynch wrote:
> I have a remote system that I need to find a failsafe recovery if it
> gets in trouble. The only thing I can do with the system is get the
> sys
> admins to reboot restore the original firewall if somehow I get
> locked
> out. Since I run the ssh on an alternate port, that pretty much locks
> me out of the system.
>
> I know it's a sloppy way to do things, but I was hoping I use a web
> server to reset the ssh port somehow, but Apache is configured without
> suexec and it makes sense to leave it that way.
>
> I'm sort of toying with having a cron job running as root and
> testing to
> see if a specific web page has been touched in the last xxx hours
> and if
> not, then reset the sshd_config file to port 22 and restart ssh. I'll
> run a cron job on another system to tickle the other one and if I find
> myself locked out, I'll just suspend that tickle for a while.
>
> That's a hack I know, but I'm open to other suggestions. No cpanel
> access (its a real cheap hosting service). Webmin will not work if
> the
> firewall is reset, etc.
>
> Thanks,
> Jim.
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
one option is, before you start tinkering with configurations, to set
an 'at' job that restores a working state sometime in the near future
(say 15 minutes). If you're happy with the system changes before then,
remove the at job. If you get locked out you just have to wait for the
at job to kick in. This has the obvious downside that you have to know
in advance you're about to do something risky and that the at job will
correctly restore a working configuration.
More information about the Ale
mailing list