Saturday, July 30, 2011

SSH Verify Login

What if your username and password to your linux box became compromised? Security is layers. Having a 100 character password doesn't help if someone knows it. What if you didn't even know your password though? Scratch that, what if you had a 2 tier password model for logging into your linux box? Sound good? Then keep reading.

This is a little bash script that will help identify you as a authorized user of a system in case of user/pass compromise. There are two parts to the script. The first part is checking to see if you are logged in via SSH. I do this to make sure you are connected to the internet as the check sends out an email. I also do this in case you are logging in via a gui; you don't want to get locked out from something behind your gui window. The second part is sending out the email/text with a random number. You then check your email/text message and enter the number into the script after ssh login.

Place this script at the end of your .profile
Example: /home/billy/.profile

Just change the [email address] below to your email address.


#############################
# Verify SSH Identity 2011-07
# Written by Joe McShinsky
#############################
wai=`whoami`
getpts=`who am i | awk '{ print $2 }'`
getssh=`ps aux | grep ssh | fgrep "$wai@$getpts" | wc -m`
if [ $getssh -gt 50 ]
then
clear
echo "Verifying Your Identity..."
echo "Enter Passcode:"
send=`echo "$RANDOM"`
echo "$send" | mail -s"`date` SSH Login" [email address]
read pass
if [ $pass = $send ]
then
echo "Welcome Master"
else
exit
fi
fi


Item of note. Some ISP's don't allow you to send mail directly from your computer (prevent spam). I will edit this later with a code change utilizing a smtp program.

Confirmed Platforms:
- OpenSUSE 11.4


No comments: