From 60a54d6482d6b641e92a12749a8161f2b6311f9a Mon Sep 17 00:00:00 2001 From: Tzafrir Cohen Date: Wed, 15 Jun 2011 16:11:40 +0000 Subject: rapid-tunneling: delete old authorized_keys entries * rapid-tunneling-status -s (Stop) will also delete entries from authorized keys. * rapid-tunneling-status -r (Remove) will do that - if not connected. * Note the authorized_keys file in the man page. * Better initialize variables. * More documentation updates. git-svn-id: svn+ssh://xorcom/home/svn/debs/components/rapid-tunneling@9429 283159da-0705-0410-b60c-f2062b4bb6ad --- README | 24 +++++++++++++++++++----- rapid-tunneling-status | 21 +++++++++++++++++++-- rapid-tunneling-status.8 | 18 +++++++++++++++++- rapid-tunneling.8 | 6 ++++++ 4 files changed, 61 insertions(+), 8 deletions(-) diff --git a/README b/README index efd1256..40cca1e 100644 --- a/README +++ b/README @@ -95,6 +95,10 @@ you should run: rapid-tunneling-status +To disconnect: run + + rapid-tunneling-status -s + Server Operation ---------------- @@ -180,6 +184,13 @@ Feel free to send Tzafrir any questions or patches. Security -------- +Ideally this system should be simple to set up (assuming you have an SSH +server with a public IP address) and thus would be a handy and more secure +replacement to sending a password in the clear, or installing some Big +Binary Blob. + +The Server +~~~~~~~~~~ The remote access tarball is sent potentially over an untrusted channel (read: the Internet). It contains potentially sensitive information: a private ssh key. An imposter could try to impersionate as the client. @@ -194,17 +205,20 @@ no-X11-forwarding,no-agent-forwarding,no-pty,permitopen="127.0.0.1:65534",comman A key can also be used to flood the server's disk, which means that the support user's quota should be limited. +The Client +~~~~~~~~~~ The client then sends the connection information over the already established connection. - Alternatively, if an attacker manages to send her own key (pointing to her own RapidTunneling server) to the user, while pretending that this key comes from a trusted support contact, the attacker will gain access to the user's system. Thus the user should be careful about the key he gets. +I believe that there's no inherent issue with adding an extra key to the +user's authorized_keys file: If the user has explicitly asked for remote +support from a trusted party, the user might as well have sent the +password. If the connection was not disconnected explicitly by the user +(`rapid-tunneling-status -s`), those entries will remain and the client +should delete them manually (`rapid-tunneling-status -r`). -Ideally this system should be simple to set up (assuming you have an SSH -server with a public IP address) and thus would be a handy and more secure -replacement to sending a password in the clear, or installing some Big -Binary Blob. diff --git a/rapid-tunneling-status b/rapid-tunneling-status index 8040616..1b9753b 100755 --- a/rapid-tunneling-status +++ b/rapid-tunneling-status @@ -3,18 +3,25 @@ base_dir="$HOME/.rapid-tunneling" if [ "$1" = "--help" ]; then - echo "Usage: $0 [-p] []" 1>&2 + echo "Usage: $0 [-p] [-r] [-s] []" 1>&2 echo " -p: Print only pid of SSH process (if connecting or connected)." 1>&2 echo " Otherwise, print status" 1>&2 echo " Exit code: 0 if connected, 1 if connecting, 2 if not connected." 1>&2 - echo " $0 -s []" 1>&2 echo " -s: Stop the tunnel" 1>&2 + echo " -r: Remove the SSH keys (if not connected)" 1>&2 exit 255 fi +remove=0 +showpid=0 +stop=0 + if [ "$1" = "-p" ]; then showpid=1 shift +elif [ "$1" = "-r" ]; then + remove=1 + shift elif [ "$1" = "-s" ]; then stop=1 shift @@ -37,15 +44,25 @@ connecting() not_connected() { [ "$showpid" = 1 ] || echo "Not connected" + if [ "$remove" = 1 ]; then + remove_ssh_keys + exit 0 + fi exit 2 } stop_it() { kill $pid 2>/dev/null + remove_ssh_keys exit 0 } +remove_ssh_keys() +{ + sed -i '/ rapid-tunneling$/d' "$HOME/.ssh/authorized_keys" +} + pid=`cat "$pidfile" 2>/dev/null` [ "$pid" ] || not_connected kill -s 0 $pid 2>/dev/null || not_connected diff --git a/rapid-tunneling-status.8 b/rapid-tunneling-status.8 index 009d88c..b47b020 100644 --- a/rapid-tunneling-status.8 +++ b/rapid-tunneling-status.8 @@ -6,6 +6,9 @@ rapid-tunneling-status \- Monitor a RapidTunneling tunnel .I [\-p] [\-s] [] - show and/or kill a running connection. +.I \-r [] +- Remove left-over entries from .ssh/authorized_keys + .B rapid-tunneling-status .I \-\-help - Just prints a help message @@ -24,7 +27,8 @@ home directory of that user. .B \-s .RS Terminate a running connection. If this option is not provided, the -status of the connection will be reported. +status of the connection will be reported. Also deletes the entry from +the authorized_keys file. .RE .B \-p @@ -33,6 +37,12 @@ If a process is running, print its PID rather than "Connected". Return status remains the same. .RE +.B \-r +.RS +Remove any entries for rapid-runneling if the connection is no longer +active. +.RE + .B pid-file .RS A file in which to check the PID of the running ssh process. Defaults to @@ -64,6 +74,12 @@ PID of the potentially currently running process. Set by rapid\-tunneling . That directory may include several other files. .RE +.B $HOME/.ssh/authorized_keys +.RS +The entry added there by rapid\-tunneling is removed at disconnect (\-s) +time. +.RE + .SH SEE ALSO Full description of the operation is provided in the README file, which may be /usr/share/doc/rapid\-runneling/README.gz (Debian) diff --git a/rapid-tunneling.8 b/rapid-tunneling.8 index f73b312..ce93082 100644 --- a/rapid-tunneling.8 +++ b/rapid-tunneling.8 @@ -61,6 +61,12 @@ rapid\-tunneling\-status to check for it. That directory may include several other files. .RE +.B $HOME/.ssh/authorized_keys +.RS +Adds an entry here with the key sent over to the server. The comment +for the key is 'rapid\-tunneling'. +.RE + .SH SEE ALSO Full description of the operation is provided in the README file, which may be /usr/share/doc/rapid\-runneling/README.gz (Debian) -- cgit v1.2.3