Login or Register to Ask a Question and Join Our Community


UNIX for Beginners Questions & Answers

Remote command in PuTTY

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums UNIX for Beginners Questions & Answers Remote command in PuTTY
# 1  
Old 08-31-2018
Remote command in PuTTY
I have an issue with all of my AIX servers where a user can execute a remote command (bash in this case) using PuTTY and bypass all of the application security that we setup in the users .profile. How do I secure this without breaking the rest of the users?
# 2  
Old 08-31-2018
Welcome to the forum.

Data, please. Show the remote access and how it is achieved, the users authentication model / process, his/her authorizations, the .profile. This way you'll get more detailed and precise answers back than when people are just guessing.
Last edited by RudiC; 09-01-2018 at 05:30 AM..
# 3  
Old 08-31-2018
in the PuTTY connect dialog box under connection -> ssh the user enters "bash -norc" in the Remote command box and then clicks open. I'd post the image but I'm not allowed yet .
Last edited by RudiC; 09-01-2018 at 05:31 AM..
# 4  
Old 09-01-2018
Quote:
Originally Posted by d_brodie
I have an issue with all of my AIX servers where a user can execute a remote command (bash in this case) using PuTTY and bypass all of the application security that we setup in the users .profile. How do I secure this without breaking the rest of the users?
Sorry, but i don't understand: PuTTY is a SSH-client which i use myself. If the user can connect to a system and execute bash -norc that means he has

1) identified himself to the system (by password, SSH-key, whatever)
2) has the right to execute whatever it is he executes

What exactly is breaking the security now? And, finally, if you don't want users to use bash why do you install it onto the system? AIX has Korn shell as the system default and you can either deinstall bash or disable its use as login shell in /etc/security/login.cfg.

I hope this helps.

bakunin
This User Gave Thanks to bakunin For This Post:
RudiC
# 5  
Old 09-01-2018
Yes the user has a valid login and can login normally but a snippet of the .profile may help explain.


the .profile has:
Code:
--------------------------------------------------------------------

stty erase ^H
stty intr '^c' kill '^x' erase '^h' quit '^_' susp '' dsusp '' echoe ixon -parit
y

case $TERM in
        "vp")
                TERM=vp60
                export TERM
                ;;
        "unknown")
                TERM=vp60
                export TERM
                ;;
        *)
                ;;
esac
MEDA=${MEDA:=/opt/meda}
OPENWINHOME=${OPENWINHOME:=/usr/openwin}
UVHOME=/u1/uv/bin:/u1/mpsc/bin:/u1/mpsc/custom
MANPATH=${MANPATH:=/usr/share/man:${OPENWINHOME}/share/man}
PATH=.:${UVHOME}:${OPENWINHOME}/bin:${MEDA}/bin:/bin:/usr/bin:/usr/sbin:/usr/loc
al/bin:/usr/ucb:/apps/local/bin

PS1='$LOGNAME $PWD $ '
export MANPATH PATH UVHOME OPENWINHOME MEDA TERM PS1if [ `tty` = /dev/console ]; then
        exec ${OPENWINHOME}/bin/openwin
else
        if [ -d /u1/LOGIN ]; then
#               /apps/local/bin/inform.ksh
                cd /u1/LOGIN
                exec /u1/uv/bin/uv
        fi
fi
----------------------------------------

The key to the issue is the the "exec /u1/uv/bin/uv" forces them into the application where they a trapped and cannot execute any UNIX commands.
# 6  
Old 09-01-2018
Slowly but constantly we seem to get down to the real question. Nothing to do with PuTTy.


You want to prevent people from circumventing the lock to your application.


Did you consider assigning the respective user(s) a "restricted shell" in their /etc/passwd entry?
Last edited by RudiC; 09-05-2018 at 12:59 PM..
# 7  
Old 09-01-2018
Quote:
Originally Posted by RudiC
Did you consider assigning the respective user(s) a "restricted shell" in their /etc/passwd entry?
Or, maybe, the application itself?

In AIX there is a file /etc/profile which should always be executed. Put a read-only variable ENV there and set it to a rc-script which starts the application.

I hope this helps.

bakunin
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Execute ssh command with additional terminal command to any remote user not working script

Hello i am having an issue with bash script and this is the code now=$(cat hosts1.txt | awk '{print $2;}') while read n ;do ssh root@$now 'useradd test1; echo -e "test1\ntest1" | passwd test1 && echo "test1 ALL=(ALL:ALL) ALL" >> /etc/sudoers' When i execute only part with cat, it... (8 Replies)
Discussion started by: tomislav91
8 Replies

2. Shell Programming and Scripting

Check/get the exit status of a remote command executed on remote host through script

Geeks, Could you please help me out in my script and identify the missing piece. I need to check/get the exit status of a remote command executed on remote host through script and send out an email when process/processes is/are not running on any/all server(s). Here's the complete... (5 Replies)
Discussion started by: lovesaikrishna
5 Replies

3. UNIX for Dummies Questions & Answers

Getting command output to putty window title.

Hi, Last 2 weeks I have searched many forums and i haven't found the answer for the question: How to get all command output to Putty title? Needed it for other programs to know when some jobs on a server is done and is it done right or wrong. Plink stdout and stdin wasn't working, i used many... (1 Reply)
Discussion started by: domagaj
1 Replies

4. Shell Programming and Scripting

Until string from remote command equals value run remote command

I solved my issue by using the following code #!/bin/bash function GET_STATUS { #values Active Passive Failed ssh -a localhost '/home/user/fakecommand.sh' } STATE="unknown" until ] do echo $STATE sleep 5 STATUS=`GET_STATUS` echo $STATUS | grep Active &&... (1 Reply)
Discussion started by: $scipt_Kid
1 Replies

5. Red Hat

Putty Command

Hi, I am trying to update my site using putty. My server is in linux. I found few commands that help me to access and do few stuffs in the server. Please add additional command. ls - to list files in a directory: cd - change directory (navigate to some directory): cp - copy a file: mv - move... (5 Replies)
Discussion started by: khadkabirendra
5 Replies

6. UNIX for Dummies Questions & Answers

Command to delay password entry - putty connection manager

Hi all, putty connection manager is great but when attempting to sudo or ssh to another box via the post login commands it is subject to issues due to network latency (what happens is that pcm enters the password before the unix box is ready to receive it). Is there any clever way I can make... (1 Reply)
Discussion started by: skinnygav
1 Replies

7. Shell Programming and Scripting

Remote simulation and 'at' command

Hey, Task seems to be quite easy, but I'm still a bit green in shell scripting. I hope you can help me a bit. I have to run some simulation at the distance by remote terminal. Normally when I'm working on the server directly I just type: mpirun -np 8 compressibleInterFoam -parallel > log.txt... (7 Replies)
Discussion started by: PiPrus
7 Replies

8. UNIX for Advanced & Expert Users

Reading putty command line parameters from Linux

I am running Putty 0.60 from Windows XP and I am connecting to a Linux box. I would like to be able to pass a command line parameter to my Linux session so that my Linux session can execute a specific command, depending on the command line parameter. I have looked on the Internet and tried... (1 Reply)
Discussion started by: SFNYC
1 Replies

9. SCO

Execute command in remote

Hi, How to execute unix commands in remote unix servers? Thanks, Pintu (2 Replies)
Discussion started by: pintupatro
2 Replies

10. UNIX for Dummies Questions & Answers

Putty KeepAlive command

Could anyone pls tell me what's the Putty KeepAlive command, use to prevent the putty disconnected from server.thanks (8 Replies)
Discussion started by: dannyd_y
8 Replies
Login or Register to Ask a Question