"Restrictive" mode for kermit? - Protocols

This is a discussion on "Restrictive" mode for kermit? - Protocols ; Hello, I'm attempting to architect a solution that provides a convenient "front end" for dialing into remote sites via dialup. In doing this, I plan on writing a kermit script that takes care of dealing with the specifics of connecting ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: "Restrictive" mode for kermit?

  1. "Restrictive" mode for kermit?

    Hello,

    I'm attempting to architect a solution that provides a convenient
    "front end" for dialing into remote sites via dialup. In doing this, I
    plan on writing a kermit script that takes care of dealing with the
    specifics of connecting to the remote sites, including providing
    passwords.

    Ideally, I'd like to have the users execute the kermit script using
    something like sudo so that they do not have access to the contents of
    the kermit script, which will contain passwords. This works, except
    for the fact that once the user is let loose on the remote site (the
    script hits the CONNECT command), he or she may escape to a command
    prompt and subsequently execute shell commands, one of which could
    "cat" the script and reveal the passwords.

    Is there any way to execute kermit in a "restricted" mode, where once
    it is placed in a CONNECTed mode, there's nowhere to go except exiting?
    I know that this is not exactly a foolproof solution, but since other
    controls (e.g. external logging) will be in place, the goal is to only
    make it "rather difficult" rather than "impossible".

    Thank you,
    Steve


  2. Re: "Restrictive" mode for kermit?

    If I understand correctly, this should work:
    SET TERMINAL ESCAPE-CHARACTER DISABLE (or DISABLED, I forget).

    Prevents the user from attempting to manually go back to the prompt while in
    CONNECT mode.



    wrote in message
    news:1143670171.731135.259530@v46g2000cwv.googlegr oups.com...
    > Hello,
    >
    > I'm attempting to architect a solution that provides a convenient
    > "front end" for dialing into remote sites via dialup. In doing this, I
    > plan on writing a kermit script that takes care of dealing with the
    > specifics of connecting to the remote sites, including providing
    > passwords.
    >
    > Ideally, I'd like to have the users execute the kermit script using
    > something like sudo so that they do not have access to the contents of
    > the kermit script, which will contain passwords. This works, except
    > for the fact that once the user is let loose on the remote site (the
    > script hits the CONNECT command), he or she may escape to a command
    > prompt and subsequently execute shell commands, one of which could
    > "cat" the script and reveal the passwords.
    >
    > Is there any way to execute kermit in a "restricted" mode, where once
    > it is placed in a CONNECTed mode, there's nowhere to go except exiting?
    > I know that this is not exactly a foolproof solution, but since other
    > controls (e.g. external logging) will be in place, the goal is to only
    > make it "rather difficult" rather than "impossible".
    >
    > Thank you,
    > Steve
    >




  3. Re: "Restrictive" mode for kermit?

    On 2006-03-29, moxiefreak@gmail.com wrote:
    : I'm attempting to architect a solution that provides a convenient
    : "front end" for dialing into remote sites via dialup. In doing this, I
    : plan on writing a kermit script that takes care of dealing with the
    : specifics of connecting to the remote sites, including providing
    : passwords.
    :
    : Ideally, I'd like to have the users execute the kermit script using
    : something like sudo so that they do not have access to the contents of
    : the kermit script, which will contain passwords.
    >

    So this is C-Kermit, not Kermit 95...

    : This works, except
    : for the fact that once the user is let loose on the remote site (the
    : script hits the CONNECT command), he or she may escape to a command
    : prompt and subsequently execute shell commands, one of which could
    : "cat" the script and reveal the passwords.
    :
    This seems to be the topic of the week! See the recent messages in this
    newsgroup.

    : Is there any way to execute kermit in a "restricted" mode, where once
    : it is placed in a CONNECTed mode, there's nowhere to go except exiting?
    :
    Like so:

    SET CARRIER-WATCH ON
    (make connection, log in, etc...)
    SET TERMINAL ESCAPE-CHARACTER DISABLED
    CONNECT
    EXIT

    The only way they can return from CONNECT mode is if the connection is lost,
    which will happen when they log out from the remote, assuming you have the
    Carrier Detect wire hooked up. The SET CARRIER-WATCH ON command is included
    to emhasize that this should happen (it's the default setting for modem
    connections anyway).

    If any files are to be transferred, this can be controlled from the remote
    side via auto-upload and -download -- just tell the Kermit program on the
    far end to SEND or GET the desired file(s).

    : I know that this is not exactly a foolproof solution, but since other
    : controls (e.g. external logging) will be in place, the goal is to only
    : make it "rather difficult" rather than "impossible".

    The above configuration should make it at least rather difficult.

    - Frank

+ Reply to Thread