Page 1 of 5 1 23 Last »
Reply
Thread Tools
coderus's Avatar
coderus is offline coderus
2015-02-08 , 03:22
Posts: 6,431 | Thanked: 12,683 times | Joined on Nov 2011 @ Open Mobile Platform, Innopolis, Russia
#1
Simple application using pam to control ssh connections. Will show confirmation dialog and notification with sound and led indication when new incoming connection estabilishing.
Contains settings (System -> Security -> SSH) with simple options.

Pam remote host value may contain hostname or ip depends on your network/ssh/dns configuration, so it's allowed to write anything to whitelist config and user responsible to control this himself.

Openrepos: https://openrepos.net/content/coderu...s-confirmation
Github: https://github.com/CODeRUS/ssh-pam-access-control

__________________
Twitter | Openrepos | GitHub | PayPal.Me
Last edited by coderus; 2015-02-11 at 12:09.
 

The Following 13 Users Say Thank You to coderus For This Useful Post:
Mentalist Traceur is offline Mentalist Traceur
2015-02-08 , 05:42
Posts: 2,225 | Thanked: 3,819 times | Joined on Jun 2010 @ Florida
#2
This is awesome. I'm glad it's fairly easy to do this on the Jolla. (V.s., for example, the N900, where the work to set this up would likely be much greater, since by default I don't believe there's any sort of PAM support whatsoever.)
__________________
If you want to donate in support of anything that I do, you can do so with either of these options:
PayPal | Bitcoin: 1J4XG2z97iFEKNZXThHdFHq6AeyWEHs8BJ | [Will add other donation options eventually]
 
coderus's Avatar
coderus is offline coderus
2015-02-08 , 07:39
Posts: 6,431 | Thanked: 12,683 times | Joined on Nov 2011 @ Open Mobile Platform, Innopolis, Russia
#3
Originally Posted by Mentalist Traceur View Post
This is awesome. I'm glad it's fairly easy to do this on the Jolla. (V.s., for example, the N900, where the work to set this up would likely be much greater, since by default I don't believe there's any sort of PAM support whatsoever.)
There is should be pam in N900, as N9 also using /etc/pam.d/sshd. You can do exactly same on your N900, just replace QGuiApplication and Sailfish parts.
__________________
Twitter | Openrepos | GitHub | PayPal.Me
 

The Following 3 Users Say Thank You to coderus For This Useful Post:
nieldk is offline nieldk
2015-02-08 , 08:19
Posts: 1,255 | Thanked: 4,243 times | Joined on Oct 2014
#4
Seems to not work with my build of openssh, work for me he he.
__________________
You can still support my work by donation - click here

ETH: 0xFcD031609DB739C62730589361940C68ceEbC913
 
coderus's Avatar
coderus is offline coderus
2015-02-08 , 08:40
Posts: 6,431 | Thanked: 12,683 times | Joined on Nov 2011 @ Open Mobile Platform, Innopolis, Russia
#5
Originally Posted by nieldk View Post
Seems to not work with my build of openssh, work for me he he.
what matter of openssh difference? it does nothing with pam. check systemctl --user status ssh-pam-access-control
__________________
Twitter | Openrepos | GitHub | PayPal.Me
 
nieldk is offline nieldk
2015-02-08 , 08:57
Posts: 1,255 | Thanked: 4,243 times | Joined on Oct 2014
#6
Originally Posted by coderus View Post
what matter of openssh difference? it does nothing with pam. check systemctl --user status ssh-pam-access-control
nemo@Jolla]$ systemctl --user status ssh-pam-access-control
ssh-pam-access-control.service - SSH Pam access control
Loaded: loaded (/usr/lib/systemd/user/ssh-pam-access-control.service; disabled)
Active: active (running) since Sun 2015-02-08 09:16:49 CET; 38min ago
Main PID: 2439 (ssh-pam-access-)
CGroup: /user.slice/user-100000.slice/user@100000.service/ssh-pam-access-control.service
└─2439 /usr/bin/ssh-pam-access-daemon
__________________
You can still support my work by donation - click here

ETH: 0xFcD031609DB739C62730589361940C68ceEbC913
 
nieldk is offline nieldk
2015-02-08 , 09:19
Posts: 1,255 | Thanked: 4,243 times | Joined on Oct 2014
#7
My pam sshd config

[nemo@Jolla ~]$ cat /etc/pam.d/sshd
#%PAM-1.0
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
session include system-auth
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session optional pam_keyinit.so force revoke
session required pam_exec.so quiet stdout /usr/bin/ssh-pam-access-control
__________________
You can still support my work by donation - click here

ETH: 0xFcD031609DB739C62730589361940C68ceEbC913
 
coderus's Avatar
coderus is offline coderus
2015-02-08 , 10:14
Posts: 6,431 | Thanked: 12,683 times | Joined on Nov 2011 @ Open Mobile Platform, Innopolis, Russia
#8
it's absolutely original. do you installed latest 0.2.0 version? can you stop service and start ssh-pam-access-daemon in terminal, try connect to phone via ssh and give me terminal output?
__________________
Twitter | Openrepos | GitHub | PayPal.Me
 
nieldk is offline nieldk
2015-02-08 , 10:20
Posts: 1,255 | Thanked: 4,243 times | Joined on Oct 2014
#9
Yes, latest version installed.
Stopped service, and started again. Service running.
ssh acts as normal, ssh nemo@x.x.x.x from PC asks for password and connects.
But, no notifications on Jolla, nor asking for permissions.
__________________
You can still support my work by donation - click here

ETH: 0xFcD031609DB739C62730589361940C68ceEbC913
 
coderus's Avatar
coderus is offline coderus
2015-02-08 , 10:22
Posts: 6,431 | Thanked: 12,683 times | Joined on Nov 2011 @ Open Mobile Platform, Innopolis, Russia
#10
i mean stop servicce and start process in terminal to get debug output.
__________________
Twitter | Openrepos | GitHub | PayPal.Me
 
Reply
Page 1 of 5 1 23 Last »

Tags
sailfish os, ssh access

« Previous Thread | Next Thread »
Thread Tools

 
Forum Jump


All times are GMT. The time now is 18:26.

Contact Us - Home - Archive - Top