httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Skye Sweeney <s...@fll-freak.com>
Subject Re: [users@httpd] Remote shell access via Apache
Date Fri, 28 Jan 2011 14:04:14 GMT
"Long talk with IT" has happened more than once with the IT staff!. But I
work at a company of 30K people and IT is non yielding. Only RSA tunnels are
allowed and then only into the company. All outgoing ports are blocked
including such things as network time protocol. About the only things that
seems to get out are 80.

My fall back position is to write a custom program to take a message on port
80 and then initiate a powerdown, but I would prefer something more capable.



On Fri, Jan 28, 2011 at 8:51 AM, Rich Bowen <rbowen@rcbowen.com> wrote:

>
> On Jan 28, 2011, at 8:44 AM, Skye Sweeney wrote:
>
> > I have now been monitoring this distribution list for a month and now
> feel like I can ask my question...
> >
> > Recently my company has but a filter in their firewall to prevent any
> access to any outside computer over SSH or FTP. This has broken my ability
> to access my home computer to do such things as powering it off during
> thunderstorms. Only a very few ports are open on the firewall. These include
> port 80.
> >
> > Question: Is it possible to configure Apache and/or other components to
> allow a client to have a simple "bash shell" into the computer running
> Apache? I do not need X11 or any other graphic interfaces, just a good old
> shell and even that could be limited. Now before people freak out about
> security, it should be known that my firewall only allows connections from
> very specific MAC addresses. As long as I do not publish those, I consider
> my home Linux server very safe.
> >
> > I have tried to Goggle the answer, but I have not found the right key
> words to home in on a solution. I would be happy with just a few product or
> keyword names to help my search or an indication that I am barking up the
> wrong tree!
>
> Yes, it's possible, but it's the wrong solution. The right solution is ssh.
> I hear you saying that your company forbids ssh, but I think that once you
> understand the risks of doing what you're talking about here, you'll be able
> to communicate to your firewall admin that ssh is *BY FAR* more secure than
> any other remote shell options available. This is why so many commercial
> firewalls come with ports 80, 443, and 22 open by default.
>
> I would strenuously encourage you to have a long talk with your network guy
> about security, and if he/she doesn't understand the issues, have a talk
> with his/her boss about his/her lack of credentials. This isn't a difficult
> issue - it's pretty fundamental to network security.
>
> --
> Rich Bowen
> rbowen@rcbowen.com
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


-- 
-Skye Sweeney

Mime
View raw message