03-17-2013
Quote:
Originally Posted by
SkySmart
my intent was to merely point out that i've been through enough impossible situations to know things can be possible if only thought of in a slightly different way. that's all.
There
are ways that would work, but you haven't wanted them. You're doing the opposite of what you think, clinging to one notion, not being creative.
Running them on a system you control and they don't; that would keep it safe.
Denying them access to the file, only allowing it to be run through sudo. That would keep it safe from anything but root.
Encrypting it with a ssl key, so it could only be run with a password, that would keep it safe from anyone that didn't know the password. (But not from anyone that did.) Note that they don't necessarily have to be the ones to punch in the password; you could type the password into ssh-agent, to keep it around for multiple later uses. Or the program could keep itself resident after being run once. Still difficult to perfectly protect from root but conceptually a lot harder to break.
Some sort of hardware-based crypto where the processor itself doesn't have access to the program, would also work.
But having a program containing
its own instructions and key for decrypting itself into plaintext running itself on an 'enemy' machine cannot be made secure.
Last edited by Corona688; 03-17-2013 at 07:22 PM..
This User Gave Thanks to Corona688 For This Post:
10 More Discussions You Might Find Interesting
1. Programming
How to generate a random integer with specific range(for example, from 1 to 1000)?
Also, how to convert a floating point number into a integer? (2 Replies)
Discussion started by: MacMonster
2 Replies
2. Shell Programming and Scripting
Hello All...
Can someone help me generate a random password which will be 7 characters long which contains alpha-numeric characters using shell script.
I am looking to store the output of the script that generates the password to a variable within a script and use it as the password.
... (5 Replies)
Discussion started by: chiru_h
5 Replies
3. Shell Programming and Scripting
Hi All,
I need to generate 4 digit random no using only shell script.
Please help in this ASAP.
Thanks in advance...
Regards,
sridhar. (1 Reply)
Discussion started by: sridhusha
1 Replies
4. Shell Programming and Scripting
Hello member's
I'm learning to script in the ksh environment on a Solaris Box.
I have 10 files in a directory that I need to pass, as input to a batch job one by one. lets say, the files are named as follows:
abcd.txt ; efgh.bat ; wxyz.temp etc. (random filenames with varied extensions ).... (1 Reply)
Discussion started by: novice82
1 Replies
5. Programming
I saw this formula to generate random number between two specified values in shell script.the following.
$(((RANDOM%(max-min+divisibleBy))/divisibleBy*divisibleBy+min))
Give a example in book.
Generate random number between 6 and 30.like this.
$(((RANDOM%30/3+1)*3))
But I have a... (1 Reply)
Discussion started by: luoluo
1 Replies
6. Programming
hi guys,
I am writing a c program that generates a two dimensional array to make matrix and a vector of random numbers and perform multiplication. I can't figure out whats wrong with my code. It generates a matrix of random numbers but all the numbers in the vector array is same and so is the... (2 Replies)
Discussion started by: saboture88
2 Replies
7. Shell Programming and Scripting
Hi Unix Gurus,
I have a requirement to generate positive random 16 and 13 digit numbers.
Here is the script I have so far.....
number=$RANDOM$RANDOM$RANDOM$RANDOM;
let "number %= 10000000000000";
echo $number
But sometimes it is generating negative numbers and also 15 digit... (8 Replies)
Discussion started by: scorpioraghu
8 Replies
8. Shell Programming and Scripting
Need to use dd to generate a large file from a sample file of random data. This is because I don't have /dev/urandom.
I create a named pipe then:
dd if=mynamed.fifo do=myfile.fifo bs=1024 count=1024
but when I cat a file to the fifo that's 1024 random bytes:
cat randomfile.txt >... (7 Replies)
Discussion started by: Devyn
7 Replies
9. UNIX for Advanced & Expert Users
Hello,
I have a column which have 7200 numbers and I am deciding to pick up 1440 numbers randomly without any reputation? Could any one let me know which script in unix will be work for my case?
Regards
Sajjad (17 Replies)
Discussion started by: sajmar
17 Replies
10. Shell Programming and Scripting
I need awk script to generate part number sequencing based on data in multiple columns like below
Input File
---------
Col A|Col B|Col C|
1|a|x|
2|b|y|
|c|z|
| |m|
| |n|
And out put should be like
1ax
1ay
1az
1am
1an
1bx
1by (6 Replies)
Discussion started by: aramacha
6 Replies
LEARN ABOUT CENTOS
pam_ssh_agent_auth
pam_ssh_agent_auth(8) PAM pam_ssh_agent_auth(8)
PAM_SSH_AGENT_AUTH
This module provides authentication via ssh-agent. If an ssh-agent listening at SSH_AUTH_SOCK can successfully authenticate that it has
the secret key for a public key in the specified file, authentication is granted, otherwise authentication fails.
SUMMARY
/etc/pam.d/sudo: auth sufficient pam_ssh_agent_auth.so file=/etc/security/authorized_keys
/etc/sudoers:
Defaults env_keep += "SSH_AUTH_SOCK"
This configuration would permit anyone who has an SSH_AUTH_SOCK that manages the private key matching a public key in
/etc/security/authorized_keys to execute sudo without having to enter a password. Note that the ssh-agent listening to SSH_AUTH_SOCK can
either be local, or forwarded.
Unlike NOPASSWD, this still requires an authentication, it's just that the authentication is provided by ssh-agent, and not password entry.
ARGUMENTS
file=<path to authorized_keys>
Specify the path to the authorized_keys file(s) you would like to use for authentication. Subject to tilde and % EXPANSIONS (below)
allow_user_owned_authorized_keys_file
A flag which enables authorized_keys files to be owned by the invoking user, instead of root. This flag is enabled automatically
whenever the expansions %h or ~ are used.
debug
A flag which enables verbose logging
sudo_service_name=<service name you compiled sudo to use>
(when compiled with --enable-sudo-hack)
Specify the service name to use to identify the service "sudo". When the PAM_SERVICE identifier matches this string, and if PAM_RUSER
is not set, pam_ssh_agent_auth will attempt to identify the calling user from the environment variable SUDO_USER.
This defaults to "sudo".
EXPANSIONS
~ -- same as in shells, a user's Home directory
Automatically enables allow_user_owned_authorized_keys_file if used in the context of ~/. If used as ~user/, it would expect the file
to be owned by 'user', unless you explicitely set allow_user_owned_authorized_keys_file
%h -- User's Home directory
Automatically enables allow_user_owned_authorized_keys_file
%H -- The short-hostname
%u -- Username
%f -- FQDN
EXAMPLES
in /etc/pam.d/sudo
"auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys"
The default .ssh/authorized_keys file in a user's home-directory
"auth sufficient pam_ssh_agent_auth.so file=%h/.ssh/authorized_keys"
Same as above.
"auth sufficient pam_ssh_agent_auth.so file=~fred/.ssh/authorized_keys"
If the home-directory of user 'fred' was /home/fred, this would expand to /home/fred/.ssh/authorized_keys. In this case, we have not
specified allow_user_owned_authorized_keys_file, so this file must be owned by 'fred'.
"auth sufficient pam_ssh_agent_auth.so file=/secure/%H/%u/authorized_keys allow_user_owned_authorized_keys_file"
On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar/fred/authorized_keys. In this case, we specified
allow_user_owned_authorized_keys_file, so fred would be able to manage that authorized_keys file himself.
"auth sufficient pam_ssh_agent_auth.so file=/secure/%f/%u/authorized_keys"
On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar.baz.com/fred/authorized_keys. In this case, we
have not specified allow_user_owned_authorized_keys_file, so this file must be owned by root.
v0.8 2009-08-09 pam_ssh_agent_auth(8)