Guest jclevien Posted September 19, 2005 Report Share Posted September 19, 2005 Hi, My name is Juan, I am new to forum. I am working with a Mandriva 10.2 box. Works cool. I am building an application with TCL, to run on the box as a daemon. The box is connected to the Internet, using cablemodem. It has only 2 ports open, 80 (for use with Apache) and 22 (for use with SSH logins). The TCL application will listen to an arbitrary port, say, 33333. But it will not be directly accessable from the Internet, for security reasons. The idea that I've had was this: to use SSH to forward the incoming connection to the port 33333. For that, I need to create a user account in my system, say user "theone". As you can imagine, that user will be used for incoming connections, and nothing more. But dark hands can use it for malicious purposes, so I need to restrict it ONLY for a login and nothing more (it have to stay "connected" lets say, I mean I cannot use /sbin/nologin for example). Well, actually, I can build an app and put it so that the user can access it as login, but I am scared about security. What do you think about this threat? Is there a command to use instead of bash, nologin or the like? I will appreciate very much your opinions. Best wishes, Juan [moved from Software by spinynorman - welcome aboard :)] Quote Link to comment Share on other sites More sharing options...
Guest jclevien Posted September 19, 2005 Report Share Posted September 19, 2005 Well, I've done a little program that is like a "black hole": it stays waiting forever and ignores input. #include <stdio.h> #include <unistd.h> int main() { while(1) sleep(100000); } I use it as a "shell", naturally for forwarding connections via SSH. When a user tries to login, it encounters that cannot type in any command. Maybe I can add to it something extra to increase security. Can it be to cancel any typing, like intercepting keystrokes? Would be of some need to do something like that? For now, works well for my needs (and for what I am aware of... hehe... :D ) ¿Any suggestions? Thanks. Juan Quote Link to comment Share on other sites More sharing options...
AussieJohn Posted September 19, 2005 Report Share Posted September 19, 2005 Welcome jclevian to MUB. Sorry I cannot help you but I do admire your effort here even though I don't know what you are talking about. I feel certain that some members will join you on this topic. Cheers. John. Quote Link to comment Share on other sites More sharing options...
Guest jclevien Posted September 19, 2005 Report Share Posted September 19, 2005 Hello John! Well, to make it clear, I believe I am not a "magician". I am just a normal user which tries to make its server more safe. And I posted my message here because there are people who know a LOT more than me about security. You meant that I did not express myself well? Hmm, I am not very good explaining things... hehe. Please, tell me what I wrote badly, I will try to improve. Have a nice day John. Thank you for your receivement!!! Juan Quote Link to comment Share on other sites More sharing options...
AussieJohn Posted September 21, 2005 Report Share Posted September 21, 2005 There was no hidden tilt at you good friend. The tilt was at myself since I know nothing at all about your particular topic. There is absolutely nothing wrong with the way you wrote your post so there is nothing to apologise for. It is perhaps I, who needs to write a little more clearly to explain my meaning. Cheers. John. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.