[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

agetty & rlogin



Hello,

I have the following problem: 2 computers (server & workstation) both
running linux and connected by ethernet. The ws is a (more or less public)
terminal, but users
should log into the server only. Therefore I want to have a login prompt
on the ws that takes name & password and logs into the server using them.

The only solution I could think of is the following: Have an agetty entry
in inittab that calls a script as login-prompt. The script looks like
that:

#!/bin/sh
echo >/dev/tty12 User $2 tries to log in at `date`
exec rlogin -l $2 server

It works fine (except that agetty puts ws before the login: and not
server), but I am not sure, wether that is a secure solution. My security
concerns are not against s.o. hacking from the net, but pressing some
special key-combination and aborting that shell (or worse turning it
interactive) and thus getting root-access to ws. The best thing would be
to be able to run the script as a VERY restricted user or somehow VERY
restricted.

Has anyone experience with that problem ? Are there better solutions ?
What keyboard combinations are dangerous  (I tried ^C etc. but it doesn't
break it) ? What should I know to achieve security ?

Another thing is that I want to be sure that even if the computer boots,
noone can break in (only the kbd and screen will be accesible). I am
especially concerned about s.o. entering init=/bin/sh and other hacks at
the LILO prompt.

Any help will be very welcome,

Schlomo