May 7, 2007

A keyhole for your system's back door

Author: Anže Vidmar

While a properly set up SSH service can give you secure remote access to a server, you might not like the idea of having an SSH server always running on your machine. Secure Back Door (SBD) can open an encrypted connection to your system, allowing you to remotely execute any operating system commands for example start your SSH or Web server or reboot the server.

SBD can listen on any port you like. If you don't specify a port it will default to port 31415. The transport protocol is SBD, which is based on a one-time pad symmetric key and a keyed-hash message authentication code (HMAC), which verify data integrity and the authenticity of a message. The client and server need to have the same key in order for system to accept remote commands. The keys are nothing but two identical files with randomly generated characters that you need to create only once and keep them secret.

Setup and usage

SBD's latest stable version 0.5 was released in February 2005 and is fully functional. Download the source code tarball, extract the package into /usr/local (for example), become root, and compile the binaries:


~# cd /usr/local/
~# tar xvfz sbd-0.5.tar.gz
~# cd sbd
~# g++ -Wall -O2 -o sbdd ssocket.cpp sha1.cpp utils.cpp sbdd.cpp
~# g++ -Wall -O2 -o sbd csocket.cpp sha1.cpp utils.cpp sbd.cpp

You need a C++ compiler and the above development libraries in order to successfully compile the binaries. See the README file inside the extracted folder to learn more about how to compile SBD and use it.

In order for client to successfully execute remote commands on the server machine, you need to create two identical files -- enckey.bits for the client, and deckey.bits for the server. You can create them by typing randomly chosen characters in an empty file and saving it as enckey.bits. Copy that file to deckey.bits and you're done. There are no file characters limits, but the more characters you have, the better.

There is another random character file in the directory named athkey.bits for the server, which is used for authenticating the client against basic IP spoofs. The characters in the files are only for test purposes and you need to change them with your own random generated characters, the same way as for enckey.bits and deckey.bits.

Once the server is all set, install or copy the SBD client binary and enckey.bits file to the client machine. You can try to run the already compiled sbd binary on the client or, if that fails, you can build the binary on the client.

You can now test the SBD server. To start the SBD server on port 12345, run the command ./sbdd 12345.

To start the SSH server from my remote client machine, run the command:

~$ ./sbd server.IP.address 12345 "/etc/init.d/ssh start"

replacing server.IP.address with the server's real address. If you did everything correctly, the client machine will display the notice:

Sent: 41 bytes

That cryptic message is the only indication of success you'll get from SBD, so to make sure the SSH service is really started on the server machine, check /var/log/syslog.

If you don't have identical security keys on client and server, you might see the following error:


sbd: utils.cpp:171: void ComputHMACSHA1Hash(unsigned char*, size_t, char*, size_t,
unsigned char*): Assertion `secret_siz
Aborted (core dumped)

If your SBD server is not running or you're trying to access it on a wrong port, you'll receive an error like this:

Error! Could not connect!

Using SBD, you can execute just about any command remotely, just as you would if you were logged on to the SBD server. By running SBD instead of, for instance, SSH, your vulnerable services won't always be exposed on the network. It's good practice to run services that you use rarely only when you really need to. Secure Back Door can help you worry less about your system's security.

Category:

  • Security