Solutions overview
This topic discusses replacing the login shell to implement a secure server.
When users log in, the system determines which shell to give them, based on a value in the /etc/passwd file. We will replace this shell with a shell script that will parse the values passed to it and set the environment accordingly. The application that is started will be from a list of valid applications; no other options will be accepted (thus controlling what a user can do).
Passing Values to the Script
The Genero Desktop Client must pass specific information to the script:
- The application name must be passed if more than one application exists. You can add additional logic to the script to control which users have access to specific applications.
- The port accepting connections for the Genero Desktop Client is important so that the application can connect back to the Genero Desktop Client to display information.
- The two security values prevent anyone from spoofing the connection. The DVM must make a socket connection to the Genero Desktop Client for the application screens and user interaction. @FEID and @FEID2 contain a value that must match on both the client and server. The Genero Desktop Client compares the @FEID value it has internally and the one it received from the DVM attempting to connect. If they do not match, it assumes an application it did not start is trying to connect and rejects the connection. Likewise, @FEID2 contains a value that the DVM must receive from the Genero Desktop Client in order to validate that the Genero Desktop Client is the one that started it. These security values are enabled by specifying '-A 3' as a command-line argument when starting the Genero Desktop Client.
Auto Port Forwarding
With version 1.30, the automatic assignment of the port to use for port forwarding was added to the feature set of the Genero Desktop Client. Port Forwarding is the term used for tunneling with ssh. It allows applications to connect back to the client via a port that is open on the server, tunneled through the ssh secure client connection, then connects to the Genero Desktop Client on the client. The port is specified by the client, but it is usually not known whether this port is in use on the server prior to initiating the connection. In an enterprise this could be a problem, because every forwarded port must be unique between users.
The solution is to ask the server system for a port number to use. Because there is no way to reserve the port, we must get the number and open it quickly. Once we have the port opened for our session, we will have it until we log off and the connection is closed. We use a small C program that uses network system calls to allow the server to assign a port number. This port number is produced by the operating system by incrementing some internal OS counter and issuing numbers from a pool. If the port it would assign is in use, it will automatically increment the value until it finds an unused port. The next number it assigns to us, or to any other network request, will be managed the same way. This process insures to a large degree that the number we get will not be reassigned or used for some time, certainly long enough for our purposes.
Process Summary
- Log in.
- Get a port number from the system.
- Close the connection.
- Establish another connection and provide that port number for the tunnel.
- Log in (again).
- Start the application.
In normal situations the terminal activity of this process is hidden. The users simply see their application appear.