Secure remote shell

Steve Bertrand iaccounts at
Wed Nov 28 21:23:37 PST 2007

> What other solution would you suggest to execute a shell remotely as
> root, that could be automated in a script (no password required).

- have information input into browser
- have web server save information to server disk in non-executable format
- have script (or admin) authenticate/authorize commands to be performed
(recommend doing this manually for a while to ensure you capture as many
escape type bugs as possible)
- have commands via another script scrubbed/cleaned/tested
- have cron perform commands at every X minutes

Dirty, but it works. Just ensure that your input variables are very
clean during the request, and their storage.

All this said, I have an environment that may *semi* relate to what you
are doing.

It appears you are running your mail with sendmail on one box, RADIUS on
another, and perhaps your web interface on yet another. Is this correct?
Perhaps it's all on the same box...

Can you state:

- mail server software
- RADIUS software
- web interface (server) software

...assuming further, the web interface is custom right?

How many users do you have? How many support people? Perhaps you could
mail me off-list to discuss, as myself, and my support staff just went
through this last year, and are just finishing up the details.


More information about the freebsd-questions mailing list