[lug] replacing login shell

Hugh Brown hugh at vecna.com
Tue Jun 25 14:30:21 MDT 2002


I just did this

useradd -d /tmp -s /bin/telnetshell telnetguest

added /bin/telnetshell to /etc/shells

and the contents of /bin/telnetshell

#!/bin/bash

trap 'echo "Control-C disabled."' 2

/usr/bin/telnet somehost

I have tried ^] out and tried to shell out but I just get telnetshell
run again.  I haven't been able to get it to do anything interesting.

What sorts of things can I try to break it (Jonathan mentioned the need
for a special telnet binary)?  I want to test all avenues for getting
out to a shell  (e.g. I got to a telnet> prompt and did a !/bin/sh date
but didn't get anything but another login prompt on somehost).

I don't think I need expect here, because I am able to interact with the
telnet process that is run.

Hugh


On Tue, 2002-06-25 at 15:45, Chip Atkinson wrote:
> You could probably use an expect script to do this.  At the end of the
> expect script you'd just call interact, which allows the user to interact
> directly with the other end.
> 
> Chip
>  On 25 Jun 2002, Hugh Brown wrote:
> 
> > It just needs to show the login prompt.  It is an attempt to secure more
> > of the traffic between an end user and the legacy telnet host.
> >
> > Right now the host is mostly wide open with straight telnet access.  We
> > are setting up an ssh port forwarding tunnel to a machine that is "next
> > to" the legacy host.  This way, only the last leg is unencrypted instead
> > of the whole path.
> >
> > I'm just trying to be careful so that even though anyone can log on to
> > the port forwarding host, all they get is a login prompt to the legacy
> > application instead of the ability to play around on the linux system.
> >
> > Hugh
> >
> >
> > On Tue, 2002-06-25 at 13:55, Chip Atkinson wrote:
> > > It depends on the complexity of the telnet session, but you may wish to
> > > consider either expect or the expect perl modules.
> > >
> > > One of the best things about expect is that you can control the speed at
> > > which characters are sent.  This is very important in some situations
> > > because most of the characters that are just blasted at the speed of a
> > > bash here document come so fast that they get lost.
> > >
> > > Chip
> > >
> > >  On 25 Jun 2002, Hugh Brown wrote:
> > >
> > > > I have tasked with creating a replacement login shell to force telnet to
> > > > another machine.
> > > >
> > > > We have a web applet that uses jta to login via ssh (no keys) to a
> > > > system.  when it logs in we want it to start up telnet to a legacy host
> > > > that only accepts telnet.
> > > >
> > > > what is the right way to do it?
> > > >
> > > > I was looking at writing a bash script that trapped all signals and
> > > > started up a telnet session.
> > > >
> > > > Are there any gotchas I should watch out for?
> > > >
> > > > Hugh
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > Web Page:  http://lug.boulder.co.us
> > > > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > > > Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
> > > >
> > >
> > > _______________________________________________
> > > Web Page:  http://lug.boulder.co.us
> > > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > > Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
> >
> >
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
> >
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug





More information about the LUG mailing list