-1

We're going to deploy info screens in various places. They have a browser running and pull the info via HTTP. To reconfigure them, it would be useful if they connected to a central host from where we could open SSH or VNC sessions. They are not reachable from outside and we wouldn't know their address anyway. And before you ask, yes we have permission to place the screens and this botnet is totally legit.

I found autossh which addresses the main problem of getting the machines connected. Ideally though I would prefer a tool where the machines do not need login authorization on the central host. It would also be nice to have a list of running screens too.

sba
  • 99
  • 3

1 Answers1

0

If the nodes are not authenticated on the central server in any way, then it means anybody can connect to that central server and pretend to be a node. That can certainly not be what you want.

But you can limit what privileges the nodes get on the central server. They only needs access to port forwarding. So you can limit their access to other features. For example each line in authorized_keys can make use of the command keyword to prevent them from getting shell access.

kasperd
  • 30,455
  • 17
  • 76
  • 124
  • Thanks for your answer. Yes the boxes would have to be configured with a password or cert alongside the server address. If I can't find a better solution I'll have to go with autossh and your suggestions. – sba Jun 16 '15 at 20:22
  • @sba To make it work as reliable as possible, there are a few configuration options to pay attention to: http://serverfault.com/a/595335/214507 – kasperd Jun 16 '15 at 20:57