[ale] Need a "back door" for a remote system.

Jim Kinney jim.kinney at gmail.com
Thu Oct 15 16:11:10 EDT 2009


I strongly second the "at" job process. Keep a backup copy of the
iptables config and have a fast script that will reopen the known-good
firewall if you punt the new one.



On Thu, Oct 15, 2009 at 4:02 PM, Richard Also <richardalso at gmail.com> wrote:
> On Oct 15, 2009, at 2:55 PM, Jim Lynch wrote:
>
>> I have a remote system that I need to find a failsafe recovery if it
>> gets in trouble.  The only thing I can do with the system is get the
>> sys
>> admins to reboot restore the original  firewall if somehow I get
>> locked
>> out.  Since I run the ssh on an alternate port, that pretty much locks
>> me out of the system.
>>
>> I know it's a sloppy way to do things, but I was hoping I use a web
>> server to reset the ssh port somehow, but Apache is configured without
>> suexec and it makes sense to leave it that way.
>>
>> I'm sort of toying with having a cron job running as root and
>> testing to
>> see if a specific web page has been touched in the last xxx hours
>> and if
>> not, then reset the sshd_config file to port 22 and restart ssh.  I'll
>> run a cron job on another system to tickle the other one and if I find
>> myself locked out, I'll just suspend that tickle for a while.
>>
>> That's a hack I know, but I'm open to other suggestions.  No cpanel
>> access (its a real cheap hosting service).  Webmin will not work if
>> the
>> firewall is reset, etc.
>>
>> Thanks,
>> Jim.
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>
>
>
> one option is, before you start tinkering with configurations, to set
> an 'at' job that restores a working state sometime in the near future
> (say 15 minutes). If you're happy with the system changes before then,
> remove the at job. If you get locked out you just have to wait for the
> at job to kick in. This has the obvious downside that you have to know
> in advance you're about to do something risky and that the at job will
> correctly restore a working configuration.
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>



-- 
-- 
James P. Kinney III
Actively in pursuit of Life, Liberty and Happiness



More information about the Ale mailing list