Warning! This is a test release ONLY! The security and authenicity of this program provides is not guaranteed! Therefore, by default the server program will NOT execute any commands, even if a correct key combination is used. Please wait for a stable version before deploying on a system.
If you do test and find a bug, please submit it to wilbjor@iit.edu
Thanks!
Jordan Wilberding
About
One-time cipher based back door program for executing emergency commands.
Secure Back Door(SBD) is an alternative to leaving SSH open all the time. It is based on a secure one-time keypad method, that insures maximum security. Since SBD is very small, it is less likely to have security exploits, as compared to SSH. Therefore, you could leave an important computer up and running with just sbdd running in the background, and if an emergency came about, you could simple execute a command to bring ssh up, then work on the computer as regular. It would be as simple as doing ./sbd domain.com "/etc/init.d/sshd start", and with the proper key file set, the remote computer would have ssh up and running shortly.
Protocol
The protocol is detailed to an extent in the text file PROTOCOL, I will update it with more details as I have time, but the most important details are included already.
If you are a crypt analysis, or just like a challenge, I appreciate anyone who is willing to look through the protocol and/or code and point out possible security implications and flaws in design! If you do find something wrong please e-mail me at wilbjor@iit.edu
Compilation In Linux
g++ -Wall -O2 -o sbdd ssocket.cpp sha1.cpp utils.cpp sbdd.cpp g++ -Wall -O2 -o sbd csocket.cpp sha1.cpp utils.cpp sbd.cpp
Compilation In Windows
Open sbdd.dsp and sbd.dsp and build normally.
Running Server
./sbdd port -- Default port is 31415
Example 1: ./sbdd
Example 2: ./sbdd 5151
Running Client
./sbd hostname port message
Example 1: ./sbd localhost "/etc/init.d/sshd start"
Example 2: ./sbd localhost 5151 "/etc/init.d/sshd start"
Random Bytes Setup
In order for the client and server to properly work, you will need to have identical files enckey.bits for client, and deckey.bits for the server. You should also have an additional file of random bytes named athkey.bits for the server, which is used for authenticating the client against basic IP sproofs. There is a copy of each provided with the distribution for testing, but they should not be used for production, you need to generate your OWN random bytes. The easiest way might be to goto http://www.random.org, or create your own grand scheme. The production of random bytes is not provided by sbd.
Contact
Report bugs at http://sourceforge.net/tracker/?group_id=120366&atid=686787 or email me at wilbjor@iit.edu