What alternatives exist to send remote commands to a server?
Note the connection must be secure such that the server cannot be controlled by any person apart from those provided access.
Thanks for the advice.
4
1 Answer
There are a number of possible solutions including -
- An HTTPS site with client side authentication.
- Via an email framework triggered with PGP encapsulated messages
- Using anything suitably secured and based on stunnel.
- C&C server style using encrypted IRC
- Using regular unencrypted protocols (including telnet or nc) over a suitably secured VPN.
Ultimately if for almost any way any 2 machines to talk to each other, you can secure it and then put a framework in place to execute commands across it.
-
Thanks, would there be a way to have such connections automatically created securely, such as with scripting? Eg. A new device is added to the network that fits a list of prerequisites defined on the server, the server then initiates a script (either on the server, the new device, or both) to create the necessary framework for a secure connection (such as RSA keys that are randomly generated). Commented Jan 27, 2016 at 22:50
-
1There are, again, lots of ways of doing this - how you do it will depend on your environment, but this is quite possible (although I'm not sure why you would not use SSH in such an environment). You should restart puppet, chef, cfengine for automated deployments, also, if its a Redhat or CentOS environment, look at kickstarter files, and, investigate TFTP/PXEBoot - using these technologies you can create a system which is both secure and scales up, but depending on your environment they may not be what you want.– davidgoCommented Jan 27, 2016 at 23:00
-
That's great information davidgo, thanks again - I think SSH really is the ideal way to go about this, and I'll have a look into automation now. Commented Jan 27, 2016 at 23:05
openssl s_clientandopenssl s_server(redirecting IO to a shell) orncat --ssl. This gives you encrypted transmission, but you will still need an authentication solution. You might pipe the IO of these commands to a login shell if you are fine with "just" password protection.(Note that you are implying to be fine with "just" password protection if you are using any of the aws/gcp/azure cloud services because the machines running on your account there can be accessed knowing only your account password. It does not matter how long your secret ssh key is, I only have to guess your pwd)