2
osspartysh - reverse "telnet" utility for OSs technical support
5
osspartysh -d -p <port> (by the support engineer)
6
osspartysh -h <support_host> -p <support_port> (by the customer)
10
The osspartysh is an utility that makes it possible to a remote suport
11
engineer to share the session with a customer. The session runs in customer's
12
computer but both the customer and the support engineer can type comands
13
and see the output. It is possible to run commands like vi to edit files.
15
There is limited chat mechanism based on the comments of the shell (bash)
16
command language. Both peers can send messages by typing the comment character
17
(#) in the beginning of the line.
21
The osspartysh sessions are established in reverse way when compared to usual
22
remote terminal programs like ssh or telnet. This gives improved security
23
for both sides. The actual internet connection is not crypted so it
24
cannot be used for editing confidential files, etc. However there is no need to
25
send passwords over internet since the protocol doesn't rely on them.
27
SECURITY FOR THE CUSTOMER
29
There is no need to open any incoming TCP ports in the firewall or NAT. In
30
addition there is no need to reset any passwords to give the support engineer an
31
access to the system. In addition the customer can see whatever commands are
32
typed and there is good time to hit ^C or ^Z to abort the commands.
34
Connections opened to the remote terminal server are verified to ensure that
35
using wrong port number doesn't feed invalid commands to the local shell.
36
Otherwise it would be possible that connecting to a wrong port (say http
37
server) sends bad strings to the command interpreter (bash).
39
SECURITY FOR THE SUPPORT ENGINEER
41
The system used as the support terminal needs to have the TCP port opened in
42
the firewall and NAT settings. However this doesn't cause any security risks.
43
If a possible attacker manages to connect to this port then all he can do is
44
sending characters that are (only) shown on the terminal screen.
47
-d Launch the utility in terminal server mode (by default
48
connect to a remote terminal.
49
-h <host> Give the IP address or host name of the remote terminal
51
-p <port> Give the TCP port to use. Must be the same in both sides.
55
o Sometimes it's necessary to hit ^L after running vi or some other
56
curses based program. Without this the keyboard will be locked and
57
typed characters will not be shown on the screen
58
o When the session is ended (by typing ^D or exit) the terminal (support)
59
side will be hanging until enter is hit twice. After this the
60
terminal server will be ready for a new connection by any client. It is
61
also possible to stop the terminal server by hitting ^C.