Providing a jailed TCP shell for simple control
Hi, I'm looking for some advice about setting up a simple TCP server to act as a control interface on Linux (Ubuntu server 18.04). Obviously SSH is the preferred alternative, but this is meant to provide a simple interface that control systems (keypads, crestron systems, etc.) can connect to. Many of them can't handle SSH.
Since this is an insecure option I would like it to be extremely restricted. Ideally the terminal should only have access to a set number of commands, probably defined by a shell script. IE: I connect to the port, send "start service X", and have the shell script validate and send back "X service started" while keeping the connection open. Ideally there should also be the ability to force a login every time someone connects. Preferably that should also be tied to linux logins, so changing a user password also changes the password to access this portal.
Any idea where to look? I've been looking into socat and netcat options, most of the time though it's already providing a pre-logged-in tty. I'd like it to open the port and then prompt for login and stay within a defined shell script. Breaking out of the shell script should close the session.
EDIT: I've just decided to use socat with a shell script and have the shell script authenticate. It's better to keep the API authentication separate to the user account anyway, since it is transmitted insecurely.
Last edited by Routerino; 09-20-2018 at 10:01 PM.
|