Re: Remote shell access via Apache

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Jan 28, 2011, at 8:44 AM, Skye Sweeney wrote:

> I have now been monitoring this distribution list for a month and now feel like I can ask my question...
>  
> Recently my company has but a filter in their firewall to prevent any access to any outside computer over SSH or FTP. This has broken my ability to access my home computer to do such things as powering it off during thunderstorms. Only a very few ports are open on the firewall. These include port 80.
>  
> Question: Is it possible to configure Apache and/or other components to allow a client to have a simple "bash shell" into the computer running Apache? I do not need X11 or any other graphic interfaces, just a good old shell and even that could be limited. Now before people freak out about security, it should be known that my firewall only allows connections from very specific MAC addresses. As long as I do not publish those, I consider my home Linux server very safe.
>  
> I have tried to Goggle the answer, but I have not found the right key words to home in on a solution. I would be happy with just a few product or keyword names to help my search or an indication that I am barking up the wrong tree!

Yes, it's possible, but it's the wrong solution. The right solution is ssh. I hear you saying that your company forbids ssh, but I think that once you understand the risks of doing what you're talking about here, you'll be able to communicate to your firewall admin that ssh is *BY FAR* more secure than any other remote shell options available. This is why so many commercial firewalls come with ports 80, 443, and 22 open by default.

I would strenuously encourage you to have a long talk with your network guy about security, and if he/she doesn't understand the issues, have a talk with his/her boss about his/her lack of credentials. This isn't a difficult issue - it's pretty fundamental to network security.

--
Rich Bowen
rbowen@xxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux