Secure Shell for Virtual Hosts

[Brian Candler]

On Fri, Apr 21, 2006 at 09:06:09AM -0400, Mark Bucciarelli wrote:
> Some bulk providers allow their virtual host customers to ssh into their
> accounts.
> 
> I've been puzzling over how this can be done in a secure way

Depends how you wish to define "secure".

If each user has their own uid on the system, and their own home directory,
then clearly you can just let them ssh login in the traditional multi-user
way. Filesystem permissions will protect them from each other.

Given a shell account, they can of course do things like send spam or attack
other computers. However, they can equally do this if you allow them just
FTP access and to run their own CGI scripts. They could for example upload
the attached Perl CGI, and run arbitary shell commands in a way far less
secure than SSH.

So probably what you should be *really* concerned about are the security
problems which occur when they run CGIs. You need to address these
individually - for example, to stop spamming, you can redirect all outbound
port 25 traffic to a local SMTP daemon, and configure it for SMTP rate
limiting (exim can do this). Whether or not you let them have ssh access is
pretty much incidental.

Regards,

Brian.

-------- 8< ---------------------------------------------------------------
#!/usr/bin/perl
use CGI;

$a = $ENV{'REMOTE_ADDR'};
if ($a ne "127.0.0.1" and $a ne "192.168.1.1") {
  print "Content-Type: text/html\n\n";
  print "Permission denied";
  exit;
}

$c = new CGI;
$p = $c->param("command");
$d = $c->param("cwd");

chdir($d) if $d;
if ($p =~ /^cd(\s+(.*))$/) {
  chdir($2) if $2;
  chomp($d = `pwd`);
  $p = "pwd";
}

$| = 1;
print "Content-Type: text/html\n\n";
print "Enter command: $d <form method=get><input type=text name=command><input type=hidden name=cwd value=$d></form>\n";

if ($p) {
  print "<pre>\n";
  system($p. " 2>&1 | sed -e 's/&/\\&amp;/g' -e 's/</\\&lt;/g' -e 's/>/\\&gt;/g'");
  print "</pre>\n";
}