advertisement
Premier Club Log In/Registration
  Include Code  Search Tips
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   SKILLBUILDING  |   TIP BANK  |   SOURCEBANK  |   FORUMS  |   NEWSLETTERS
Browse DevX
Download the Code!
Ubuntu Eye for the Debian Guy: Running Linux on Linux
DevX: Open Source Zone
Cook Up Powerful Mail-Processing Scripts with Jython Procmail Recipes
How to Debug Program on Remote Server Using VI
Sidebar 1. Asymmetric Cryptography in This Solution
Sidebar 2. The Problem of Hanging Commands
Partners & Affiliates
advertisement
advertisement
advertisement
Average Rating: 5/5 | Rate this item | 1 user has rated this item.
Email this articleEmail this article
 
Control Your Linux Server Remotely with GnuPG, procmail, and PHP
Build a system to securely talk to your Linux server via email using an email client, GnuPG, procmail, and PHP. 

by Roberto Giorgetti
July 14, 2008  
advertisement
ow many times has this happened to you: you want to access a remote server, but you can't because it is behind a firewall? I frequently found myself in such a situation when I needed to access my Internet-connected server running Linux, so I thought of a system where I could start controlling my server remotely via a simple email.


Of course, this solution had one crucial requirement: it had to be secure. The server had to respond only to senders who were identified and authorized, and the command sent to the server, along with its related output, had to travel over the wire in encrypted form. To meet these security requirements, I used the free GNU Privacy Guard (GnuPG) and some asymmetric encryption techniques (See Sidebar 1. Asymmetric Cryptography in This Solution).

GnuPG is the open source implementation of OpenPGP security software. To implement the message encryption, I employed a patent-free algorithm contained in GnuPG called the ElGamal encryption system.

This article demonstrates how my system enables you to remotely control your server in batch mode with signed and encrypted emails. It uses a fictional, authorized e-mail sender (sender@example.com) and an example remote server (machine@example.com) for the sender to inquiry. The server will run Debian Linux.

The Process Schema
The following are the steps involved in the process of controlling a server via email:

  1. Create the list of all authorized command senders (e.g., sender@example.com).
  2. Let the sender generate private/public key pairs with GnuPG.
  3. Generate a private/public key pair with GnuPG for the server, which has the email address machine@example.com.
  4. Import the sender's public key on the server keyring and server's public key on the sender's keyring.
  5. Let the sender sign and encrypt the command to run remotely on the server, embed it in an email, and send it to the server address.
  6. Let the server download the email messages and process them with a script as follows:
    1. Verify whether the sender is authorized.
    2. Decrypt and run the command.
    3. Capture output from stdout and stderr, possibly killing hanging commands after a reasonable period of time.
    4. Sign and encrypt the outputs, embed them in an email, and send the answer back to the sender address.
  7. Let the sender read the server outputs, verifying and decrypting its reply.

  Next Page: Setting Up GnuPG
Page 1: IntroductionPage 3: Using Procmail, A Pretty Good Mail Filter
Page 2: Setting Up GnuPGPage 4: Final Step: Sending Replies to Sender
Untitled
advertisement
Advertising Info  |   Member Services  |   Permissions  |   Contact Us  |   Help  |   Feedback  |   Site Map  |   Network Map  |   About


JupiterOnlineMedia

internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info


Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers
Solutions
Whitepapers and eBooks
Intel PDF: Virtualization Delivers Data Center Efficiency
Intel eBook: Managing the Evolving Data Center
Microsoft Article: BitLocker Brings Encryption to Windows Server 2008
Symantec eBook: The Guide to E-Mail Archiving and Management
Microsoft Article: RODCs Transform Branch Office Security
Go Parallel Article: James Reinders on the Intel Parallel Studio Beta Program
 Avaya Article: Advancing the State of the Art in Customer Service
Adobe Acrobat Connect Pro: Web Conferencing and eLearning Whitepapers
Avaya Article: Avaya AE Services Provide Rapid Telephony Integration with Facebook
Go Parallel Article: Getting Started with TBB on Windows
HP eBook: Storage Networking , Part 1
MORE WHITEPAPERS, EBOOKS, AND ARTICLES
Webcasts
Intel Seminar: Efficiencies in Hardware/Software Virtualization
HP Webcast: Disaster Recovery Planning
Go Parallel Video: Performance and Threading Tools for Game Developers
 HP Video: StorageWorks EVA4400 and Oracle
HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind
MORE WEBCASTS, PODCASTS, AND VIDEOS
Downloads and eKits
IBM TCO eKIT: Your IT Budget is Under Attack, Get in Control
IBM Energy Efficiency eKIT: Learn How to Reduce Costs
30-Day Trial: SPAMfighter Exchange Module
 Red Gate Download: SQL Toolbelt and free High-Performance SQL Code eBook
Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS
Tutorials and Demos
Microsoft Article: Silverlight Streaming--Free Video Hosting for All
Featured Algorithm: Intel Threading Building Blocks - parallel_reduce
 HP Demo: StorageWorks EVA4400
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES