Interactive SSH in SH

wintermute000 · February 09, 2017, 02:31:16 PM

1) run no listening services except for ssh
2) ssh key login only
3) selinux and keep updated
4) fail2ban

deanwebb · February 09, 2017, 03:14:41 PM

What's wrong with just root / password?

Hunterman1043 · February 11, 2017, 06:06:50 AM

Couldn't you just make a docker container to do everything you want in?

deanwebb · February 11, 2017, 08:10:45 AM

Quote from: Hunterman1043 on February 11, 2017, 06:06:50 AM
Couldn't you just make a docker container to do everything you want in?

We have a docker environment?

By that, I mean that I know about our VM environment, so I can imagine a solution that involves a VM.

icecream-guy · February 11, 2017, 10:00:34 AM

Quote from: deanwebb on February 11, 2017, 08:10:45 AM
Quote from: Hunterman1043 on February 11, 2017, 06:06:50 AM
Couldn't you just make a docker container to do everything you want in?

We have a docker environment?

By that, I mean that I know about our VM environment, so I can imagine a solution that involves a VM.

https://blogs.vmware.com/vsphere/2015/10/vsphere-integrated-containers-technology-walkthrough.html

Hunterman1043 · February 11, 2017, 08:10:26 PM

Quote from: deanwebb on February 11, 2017, 08:10:45 AM
We have a docker environment?

By that, I mean that I know about our VM environment, so I can imagine a solution that involves a VM.

You can install docker-machine on a Windows box and run it as both the client and the server.

EDIT: Or look at that link. It may help you.

Hunterman1043 · February 12, 2017, 03:58:05 AM

If you install docker-machine on windows (get the toolbox version), you can open powershell and run the following command:

Code Select

docker run --rm -ti -p realport:fakeport ubuntu:16.04 bash

This will download and start a docker container of an image of Ubuntu 16.04 running just the bash shell (bash) in interactive mode (-ti). You can map it to the real network with (-p) by providing a real port on the host computer and assigning a virtual port in the container. The container will remove itself and clean up after you stop the bash process (--rm, optional). From there you can ssh in the shell to the machines you need and get ur work done that way. However, since you've already req'd the linux box maybe just wait for that. Idk what the proper procedure would be since I'm a nub at this stuff. lol

Here's a link to the toolbox for Windows or Mac:
https://docs.docker.com/toolbox/overview/
https://docs.docker.com/toolbox/toolbox_install_windows/

If you have a Win10 Pro/Enterprise machine updated post-November, you should consider running "Docker for Windows" natively..
https://docs.docker.com/docker-for-windows

Hunterman1043 · February 12, 2017, 04:08:50 AM

Though, honestly being Enterprise you should probably go with the "support included" method using the VMWare route that ristau posted.

deanwebb · February 13, 2017, 10:01:38 AM

Now I just have to find out if it's legal to do what's technically development on the production network...

wintermute000 · February 13, 2017, 10:27:58 PM

To circle back to the OP question, If docker was an option I'm sure bash/python/ansible is an option =as well....

Hunterman1043 · February 14, 2017, 02:35:33 AM

If at the very least, docker for windows would be able to provide a bash shell.

wintermute000 · February 14, 2017, 08:05:02 PM

you're missing the point I think.
If he can install docker (off the internet to boot) then there would be no obstacles to getting standard bash/python etc. in his mgt environment. The whole thread is about how to jump through this artificial hoop of only having sh

deanwebb · February 15, 2017, 08:48:01 AM

... and it seems that the conclusion is to get a Linux host with python and other nice utilities in place because sh alone is very limited in what it can do in terms of interactive scripting.

Hunterman1043 · February 15, 2017, 09:37:49 AM

Corporate management sucks. Lol