[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
agetty & rlogin
Hello,
I have the following problem: 2 computers (server & workstation) both
running linux and connected by ethernet. The ws is a (more or less public)
terminal, but users
should log into the server only. Therefore I want to have a login prompt
on the ws that takes name & password and logs into the server using them.
The only solution I could think of is the following: Have an agetty entry
in inittab that calls a script as login-prompt. The script looks like
that:
#!/bin/sh
echo >/dev/tty12 User $2 tries to log in at `date`
exec rlogin -l $2 server
It works fine (except that agetty puts ws before the login: and not
server), but I am not sure, wether that is a secure solution. My security
concerns are not against s.o. hacking from the net, but pressing some
special key-combination and aborting that shell (or worse turning it
interactive) and thus getting root-access to ws. The best thing would be
to be able to run the script as a VERY restricted user or somehow VERY
restricted.
Has anyone experience with that problem ? Are there better solutions ?
What keyboard combinations are dangerous (I tried ^C etc. but it doesn't
break it) ? What should I know to achieve security ?
Another thing is that I want to be sure that even if the computer boots,
noone can break in (only the kbd and screen will be accesible). I am
especially concerned about s.o. entering init=/bin/sh and other hacks at
the LILO prompt.
Any help will be very welcome,
Schlomo