[ Note: This question is not really OS specific, nor application stack specific for that matter. Just some thoughts I'd like feedback on. ]
I'm toying around with the idea of deploying a simple "web knocking" (sort of similar in concept to port knocking) solution that I put together. Its purpose is to help restrict access to the sshd service on one of my hosts. The way a successful user session would progress is:
I've done some testing, and I believe I have a sane way to implement all of this. In a nutshell, the script that adds the client IP elevates its privileges (via sudo) for just a single command -- i.e. to modify /etc/hosts.allow.
This would mean the (unprivileged) user running the web server would be a sudoer who is capable of running only one command -- e.g. /usr/local/bin/addme.sh.
-------
Any thoughts on this idea? It seems OK in theory, but it also occurs to me that the extra security layer may just be opening up more holes instead.
(I'd add: I am not soliciting suggestions on securing sshd through other means; we've had that discussion a few times before. I am just curious to hear opinions on what I've outlined above.)
I'm toying around with the idea of deploying a simple "web knocking" (sort of similar in concept to port knocking) solution that I put together. Its purpose is to help restrict access to the sshd service on one of my hosts. The way a successful user session would progress is:
- Client connects to https.//my.host/knock
- Client is prompted for - and supplies - proper digest authentication credentials (which would be shared with allowed users in advance)
- Upon successful authentication, script runs in the background to add client IP to /etc/hosts.allow (for allowing sshd access)
- Client can now connect to sshd service on my.host without being blocked by tcp wrappers
I've done some testing, and I believe I have a sane way to implement all of this. In a nutshell, the script that adds the client IP elevates its privileges (via sudo) for just a single command -- i.e. to modify /etc/hosts.allow.
This would mean the (unprivileged) user running the web server would be a sudoer who is capable of running only one command -- e.g. /usr/local/bin/addme.sh.
-------
Any thoughts on this idea? It seems OK in theory, but it also occurs to me that the extra security layer may just be opening up more holes instead.
(I'd add: I am not soliciting suggestions on securing sshd through other means; we've had that discussion a few times before. I am just curious to hear opinions on what I've outlined above.)