Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Using a Python script as a login shell

25 views
Skip to first unread message

Ralph Aichinger

unread,
Feb 16, 2024, 4:00:06 AM2/16/24
to
Hello fellow Debianites!

I want do do a custom CLI for a project, and I am quite happy with the
Python cmd module. Aside from having a practically un-googleable name
it is very nice, and does a lot with very little code. So far, so good.
But:

If I write a Python script with this module, and expose it to the
internet via SSH, will hell break loose? So far I've done the
following:

1. Put my script in /usr/local/bin/turtle (the canonical example in the
docs is something with turtle), you can see the sourcecode of my script
here:

https://pi.h5.or.at/mockturtle.txt

This script does absolutely nothing sensible, you can try it out
by doing a

ssh -l admin probe.aisg.at

from a IPv6 capable host (sorry, no IPv4). The password is "admin".

Any and all suggestions on stuff that is stupid and crazy from a
security standpoint in this script are very much appreciated!

2. Then I put /usr/local/bin/turtle in /etc/shells

3. I added a user "admin" that has /usr/local/bin/turtle as shell

4. I added following stanza to /etc/ssh/sshd_config

Match User admin
X11Forwarding no
AllowTcpForwarding no
ForceCommand /usr/local/bin/turtle

5. In the script I tried to catch the Ctrl-C signal, so the interpreter
does not give out too obvious error messages (that show what is going
on behind the scenes).

Is this enough to harden this setup against escaping into a shell
or the full python interpreter, to do something nasty? Or is it
completely crazy, because theere is some way to abuse a setup like
this, that I have not found yet?

TIA
Ralph

Alex King

unread,
Feb 16, 2024, 4:10:06 PM2/16/24
to

Hey this looks like a fun thing to play with, I like what you've done.  I logged in and accessed it.  Now that it's been some time since you announced it and it's still running, I guess it has had some testing already.

I don't see anything wrong with what you have done after a quick look, it seems like you took some steps to secure it.

If you care about security you want to think about defense in depth.  Even if there don't appear to be ways for arbitrary filesystem or network access to happen, you have to consider the effect of bugs in your program and bugs in python itself.

To protect against unwanted filesystem access, I suggest:

  • use a vm without anything else important on it
  • consider filesystem quotas
  • lock down the user as much as possible.  Consider e.g. apparmor or selinux.  Maybe consider containerization/capabilities inside the VM

To protect against unwanted network access:

  • prevent all outgoing network connections from the VM using iptables/nftables (or whitelist any that are necessary)
  • again consider networking restrictions using apparmor or selinux.

What level of protection is necessary will depend on the severity of impact in the case it gets hacked, and also your own level of conscientiousness.

Also consider putting in some monitoring; monitor network bandwith and CPU usage at least (perhaps # of logins as well) and set up an alert if those go outside limits, so you get timely notification if something should happen.

Have fun,
Alex

P.S. this brings to mind https://en.wikipedia.org/wiki/Russell_Coker#SELinux_Play_Machine, which is no longer operating.

When you say "expose it to the internet via SSH", do you mean expose it to everyone (e.g. by publishing the pssword), or will there still be some restrictions on who can access it?  If the former, you should be able to set up ssh without any password required.

0 new messages