Back to files

DISCLAIMER

Thank you for using cxSSHAdmin !
This program is made by Alf Solli(c) and is licensed under the GPL license Please provide feedback, requests, bugreports, etc to codex@linuxgeekz.net This program comes with NO WARRANTY of any kind! The author can not be held liable for any data loss, dead goldfishes, if anyone in your family gets cancer or anything else.;) If you found this program useful, please consider a PayPal donation to the above mentioned email adress.

Thanks!

Status on the VPN functionality:

• We're using PPPd to create a virtual interface that uses a SSH connection for it's transmissions. This way, we can route any traffic from the cxSSHAdmin box to anywhere in the remote network and back. No need to say that this transmission will be encrypted. Actually, when you log in or execute commands on remote hosts, it will be double-encrypted, as it will be SSH connections within a SSH tunell. ;)
• The remote end-point hostname should NOT be in the same network segment as your cxSSHAdmin box. Else routing tables will be screwed up, and the tunell will not work..
• The remote end-point SHOULD be default gateway for all hosts in the remote network, else you'll have to manually create a route back to your subnet. I might fix this later, but don't hold your breath. :\ (I'm trying to avoid asking the user to many questions before things will work..)
• About usability: It's still a bit hairy, as I don't have too many different environments to test this on properly. Please report any bugs/etc you may encounter using this functionality.
• For the VPN functionality to work, the user running cxSSHAdmin must have permissions to
  1. Run PPPD with the noauth parameter.
  2. Add a route on the cxSSHAdmin machine.
  3. Add a route on the remote gateway. This can be solved by doing one of two things: Give the user the appropriate permissions, or run as root(Not recommended).

Known bugs/Limitations:

• The scan hosts feature only knows how to scan a 16Bit network. (In other words: 254 hosts) I don't plan to fix this in the near future, but if you think it should be more dynamic, suggestions by email is always welcome. That said, there is now known limit on how many hosts you can add manually in any network profile.
• As now; hostname resolution will not work on VPN connected networks. I might fix this later by adding support for a remote DNS server in those cases... Not highly prioritized though...
• Found a bug not listed here? please email me with as much information about the incident as possible, and I'll do my best to fix it.

  FAQ

  Q: What is cxSSHAdmin ? A: Simply put, it's a ncurses driven, menu based front-end to SSH. It's goal was to simplify many sorts of Unix/Linux commandline based administration tasks, and to improve the effectiveness of the network administrator. Q: What can cxSSHAdmin do ? A: Well.. use your imagination! But seriously.. I made this program because I am in control of N number of servers. It's a daunting task to pull up a console everytime I need to log into one of them to check logs, resources or just run a few other simple commands. cxSSHAdmin is really starting to shine when you have ONE command you need to run on N different servers! As of version 0.7, running one command on multiple servers is done in parallel, and it will mail the result back to you as fast as they are done executing it. (Note: It runs in parallel if you choose to get the results in email. For direct console feedback, a serialized method is used instead) I've also implemented a file upload function that works in a similar way. Specify one file/directory and upload it to as many servers you want. Complete it all, by running a command on the same servers, for example "rpm -Uvh ..." Who said software distribution on linux is complicated? :p Q: How about security? A: I'm glad you brought it up. Did you notice the "Enable passwordless access" menu entry? Well, it does exactly that.. A few pointers should be made about that though:

  1. When enabled, the user you executed cxSSHAdmin will have passwordless access to all servers you chose from the list. Not just from the cxSSHAdmin console, but from anywere, as long as it's with the same user, and the same machine you ran cxSSHAdmin from. (You have to type the password for those servers when you enable passwordless access the first time, dough..) If you for some reason need to remove that ability, just delete $HOME/.ssh/id_rsa.* . Be sure you know the consequenses of doing that before you actually do it. ;)
  2. The workstation/server you're running the cxSSHAdmin console from, should be secured any way possible. For example:
     • Don't allow remote access to the cxSSHAdmin console server.
     • Physically secure the box. (bios password, screensaver password, lock the doors, nail it to the desk, etc..)
     • Don't ever give away the credentials of the user you're running cxSSHAdmin as.

That said, SSH is in itself a very secure protocol, and cxSSHAdmin doesn't necessarily make your network less secure.

Q: Oh.. How about multi-user functionality?

1. Sure, as long as the file "cxsshadm.sh" in somwhere in a machine's $PATH, anyone can run it, given the appropriate permissions is set, that is. Btw, just because user A has a bunch of profiles, and enables passwordless access, that doesn't mean user B has access to any of it. cxSSHAdmin stores all configurations in $HOME/.cxsshadm/, and uses ssh keys stored in $HOME/.ssh/* .. All this is spesific to a certain user, and the ssh keys are user specific.
2. Can you implement feature X ?
3. If it's a good idea, yes, certainly. I'd appreciate a donation though.. ;) If it breaks the rest, or just bloats the program out of proportions, well.. No. I can, however, do custom modifications if you have spesific needs. Contact me for a deal.
4. Where do you work?
5. Fine, rub it in. I don't. Why do you think I keep nagging about the donation thing? If you have a job offer for me that involves linux network administration, by all means. :)
6. It crashed! / It doesn't work!!!!
7. That doesn't help me much, I'm afraid.. But if you can mail me with a description with as much as you can remember of what you did before the crash, and any error message that appeared, I'll look into it. (Hint: You CAN scroll up if you're using xterm the likes to run cxSSHAdmin. It's possible an error message was printed, but got hidden by the next dialog window..)
8. Will you be releasing more scripts/programs like this?
9. Yes! I'm currently working on cxBackup. It has many similarities to this, but is intended for backup use (dah). When I have something usable, it will be available at http://linuxgeekz.net/index.php?inc=kode.php and announced on freshmeat.net (linux.softpedia.com have been nice enough to review cxSSHAdmin earlier, so maybe there too. :)
10. I have a question not mentioned here....
11. I have an email adress. ;) (As long as it's somewhat related to cxSSHAdmin, I'll be happy to answer)