Differences between revisions 5 and 6
Revision 5 as of 2009-03-16 03:36:38
Size: 1965
Editor: anonymous
Comment: converted to 1.6 markup
Revision 6 as of 2017-02-26 08:38:34
Size: 2172
Editor: ?GeertStappers
Comment: openbackdoor seems to have fallen in disgrace
Deletions are marked like this. Additions are marked like this.
Line 67: Line 67:
The debian/changelog of debian-edu-config has this entry {{{
  * Remove our backdoor (which was poorly implemented and misnamed feature,
    see the buglog for details). (Closes: #629040)
}}} from 2012.

Open SSH Backdoor

The opensshbackdoor program makes remote maintenance over ssh possible.

SSH

SSH is an ancronyn for Secure Shell. It makes encrypted network possible. Details are at SSH Homepage.

Backdoor

The backdoor script on tjener makes it possible to open a connection for remote help.

Definitions

school

place where the DebianEdu server is

contractor
people who do maintaince on the servers
tunnel
passage way between two points

Preparation

This the important part of the Openssh backdoor. Both school and contractor agree on which server, which port and which account to use. Say the server is gate.contractor.edu, the port number is 2309 and the account worm.

Contractor Preparation

Work in progress / FIXME

School preparation

Fill in the values for server, port and account Example given, when school people type cat /etc/default/backdoor they see

RHOST=gate.contractor.org
RPORT=2309
RUSER=worm

Usage

school

When the school decides they need contractor, they open the backdoor by

/etc/init.d/openbackdoor start

and give a telephone call to contractor and announce that they have opened the tunnel.

contractor

They pick the tunnel by

ssh -p 2309 user-on-school-server@gate.contractor.org

and they do their maintiance job.

Closing the backdoor

The school does

/etc/init.d/openbackdoor stop

The script

Here is the script. Copied from debian-edu-config/debian/debian-edu-config.open-backdoor in our svn repository, at revision 7223. The debian/changelog of debian-edu-config has this entry

  * Remove our backdoor (which was poorly implemented and misnamed feature,
    see the buglog for details). (Closes: #629040)

from 2012.


  • It might be relevant to use autossh (which I believe was added to Debian after the backdoor script was invented for Debian EDU)