Net::SSH::Perl security question

J

Joe

We have a need to allow users to submit a job through a web server
(front end machine) to run on back end cluster machines. I made use of
Net::SSH::perl in a CGI program to realize this. One thing I notice
is that the CGI program requires a "/.ssh/known_hosts2" at the top
path of the file system on the front end machine where Apache is
running. I wonder does this potentially compromise any security on the
system? Need expert advice ...

Thanks in advance!

Joe
 
J

J. Gleixner

Joe said:
We have a need to allow users to submit a job through a web server
(front end machine) to run on back end cluster machines. I made use of
Net::SSH::perl in a CGI program to realize this. One thing I notice
is that the CGI program requires a "/.ssh/known_hosts2" at the top
path of the file system on the front end machine where Apache is
running. I wonder does this potentially compromise any security on the
system? Need expert advice ...

Nothing to do with perl, however, the answer to your question is "No."

For more details, read the documentation for ssh:

man ssh

or discuss in a security/ssh related newsgroup.

Also, the CGI program doesn't require it, SSH is what uses/creates it.
Furthermore, the directory should be under the username running
the Apache process, not under root ( '/' ).
 
M

Martijn Lievaart

We have a need to allow users to submit a job through a web server
(front end machine) to run on back end cluster machines. I made use of
Net::SSH::perl in a CGI program to realize this. One thing I notice is
that the CGI program requires a "/.ssh/known_hosts2" at the top path of
the file system on the front end machine where Apache is running. I
wonder does this potentially compromise any security on the system?
Need expert advice ...

Just guessing but....

The CGI is probably looking for $HOME/.ssh/known_hosts2. Which means that
either the HOME variable is not filled, or the user has / as his homedir.

M4
 
J

Joe

The CGI is probably looking for $HOME/.ssh/known_hosts2. Which means that
either the HOME variable is not filled, or the user has / as his homedir.

M4

Thanks for the clue -- Just found out that when the web server's
account is
set to "/bin/nologin" or "/bin/false", the account's "HOME" becomes
"/".
When it's set to a shell, the home dir is properly identified.

This might be a web server question, but since we are here -- how may
I
"cheat" in the perl/CGI program in order to designate an env $HOME
variable?
(I tried a few options from within perl/CGI to "setenv" but never got
it right;
also had no luck with Google on this).

Thanks in advance,

Joe
 
B

Ben Morrow

Quoth Joe said:
This might be a web server question, but since we are here -- how may
I "cheat" in the perl/CGI program in order to designate an env $HOME
variable?

$ENV{HOME} = '...';

It might be better to do it in a BEGIN block, in case something checks
it at use time, and you can extract the correct value from /etc/passwd
(or equivalent) using User::pwent:

use User::pwent;

BEGIN { $ENV{HOME} = getpwuid($<)->dir }

Ben
 
M

Martijn Lievaart

Thanks for the clue -- Just found out that when the web server's account
is
set to "/bin/nologin" or "/bin/false", the account's "HOME" becomes "/".
When it's set to a shell, the home dir is properly identified.

This might be a web server question, but since we are here -- how may I
"cheat" in the perl/CGI program in order to designate an env $HOME
variable?
(I tried a few options from within perl/CGI to "setenv" but never got it
right;
also had no luck with Google on this).

The home directory can be set normally, probably choosing a shell gives a
suitable default. Consult your systems documentation aboud modifying
users.

HTH,
M4
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

CGI NET::SSH browser problem 1
installing Net::SSH::Perl 2
Net::SSH::Perl Help 17
ssh ssh 4
system(@ssh) steals stdin 2
Net::SSH::Perl question 2
Net::SSH::Perl install Hangs 0
Problem using Net::SSH::Perl 4

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top