|
|
Hi Sean,
I want to use OpenBSD`s Authpf system, it works like this:
The Firewall`s users shell is not a common shell (/bin/sh, /bin/csh)
it`s /usr/sbin/authpf , so when the user opens an ssh connection, the
authpf manages his rules, stored on a file in the directory
/etc/authpf/users/<username>, the authpf shell provides no interaction
with the system besides inserting the user`s apropriate rules, if the
file <username> is not present he try to use a default generic rule
file.
When the user closes his connection, the Authpf system automatically
removes his rules from the Firewall.
Full documentation about Authpf can be found here:
http://cvs.openbsd.org/faq/pf/authpf.html
So the litlle program only needs to open an ssh connection, after this
I want to make another tool, something like a console for servers
management, I just want to use the secure ssh channel for issuing
commands and generate reports from the outputs (uptime, df, netstat),
etc.
Something like a side bar with server names, when the user selects a
server, the tool connect to the server via ssh, interpret and show
some brief statistics, if the admin wants to connect via ssh he clicks
a button and have an ssh session with Putty (if Windows) or a
Konsole, Gnome Terminal, Xterm, etc on Unix Systems. (one connection
for automatic system diagnostics an another for manual admin
intervention).
That`s all, for now it`s just some ideas :)
On Wed, Apr 9, 2008 at 5:11 PM, Sean Harmer
<sean.harmer@xxxxxxxxxxxxxxxxx> wrote:
>
> On Wednesday 09 April 2008 21:07:15 Sean Harmer wrote:
> > Hi Fabio,
> >
> > On Wednesday 09 April 2008 20:26:40 Fabio Almeida wrote:
> > > Yes Darrik, you are right, that`s why I`m searching for a way to ask the
> > > users password on a LineEdit and pass to the function without need to use
> > > hardcode or the file method, etc.
> >
> > Why use passwords at all? You could switch to using public key
> > authentication instead.
>
> I should also ask why you need users to have shell access to the firewall in
> the first place? Normally firewalls should be tied down to allow access to
> the minimum number of admins possible to reduce the risk of local exploits
> allowing root access to the system. What is it you are trying to achieve with
> your program?
>
>
>
>
> Sean
>
> --
> To unsubscribe - send a mail to qt-interest-request@xxxxxxxxxxxxx with
> "unsubscribe" in the subject or the body.
> List archive and information: http://lists.trolltech.com/qt-interest/
>
>
--
To unsubscribe - send a mail to qt-interest-request@xxxxxxxxxxxxx with
"unsubscribe" in the subject or the body.
List archive and information: http://lists.trolltech.com/qt-interest/
|
|