A community for everything relating to the GNU/Linux operating system (except the memes!)
Also, check out:
Original icon base courtesy of lewing@isc.tamu.edu and The GIMP
Sounds like ~~A/B~~ X/Y problem.
If you just want to ssh into it - there is a thing that you can find by searching "reverse remote shell over HTTPS/WebSocket".
Solutions like these pop up, but I have not personally used any of them:
Check out whether they could do what you want them to do.
*xy problem. A/B is a user testing thing.
right, right, sorry, my brain is foggy rn.
This.
Look at tailscale.
Seconded - just use Tailscale and SSH.
This is the best solution. Look into Tailscale, it's brilliant for your use-case.
Do you mean you're behind a NAT and can't forward maybe?
Tailscale or ZeroTier will work around that.
@emotional_soup_88 possible, but sounds like an extremely bad idea. If you can send commands, then everybody else can.
True. Hadn't thought of that. Maybe I could make the address extremely long and arbitrary? And "hide" it behind my e-mail alias service?
But I absolutely understand the security implications.
Security by obscurity as single line of defense is generally not a good idea.
And then there is user management and permissions that I could sprinkle on top that.
Yes but your script can check who the email is from and check its certs before doing any operations on it. The only security issue is the email being read in transit but that can be worked around by not sending sensitive info.
If you can arrange a fixed IP address externally (or dynamic DNS that follows your IP around) you can set up a reverse SSH connection instead.
Basically your server connects to your external computer via SSH and then sets up port forwarding so that when you connect to localhost:2222 or similar on your PC, you're actually connecting back to the server.
Now THAT sounds like a smart solution! I'll look into it! :) I can ask my ISP to give me a static address for my home. But something needs to prompt the ssh command "at home" to connect to my second computer, right (actually Termux on my Android phone)?
It can be a Cron job that runs every minute. Run a script that:
Thanks! I'll noodle it around a little. :)
Something like selfhosted Matrix might be better securitywise. Email is pretty unsecure, anyone could send an email to you with a command. But with Matrix you'd at least need a token.
Plus there are plenty of hooks/bots you can add to Matrix. NodeRed is an easy one for automations. Send a message to a channel, and it executes different automations. Can easily be a shutdown/ssh command.
There are a couple of apps on f droid that implement this with SMS.
It's possible—I've used Perl scripts to pull data automatically out of email attachments stored in a maildir setup, and you should be able to pick commands out of a plain-text email body with a scripting language even more easily—but I will add my voice to the chorus that's saying you should look into any other method you can find before settling on this. If it turns out you must proceed along these lines, think long and hard about security.
Meshvpn like zerotier?
I'll check it out.
I've never needed to do this but have you looked into creating a Reverse SSH Tunnel? Maybe that can accomplish what you want https://www.howtogeek.com/428413/what-is-reverse-ssh-tunneling-and-how-to-use-it/
Similar to what you are trying to do - A while back when I needed to remote connect to a firewalled Windows computer I set up a reverse VNC connection on that Windows computer that would get initiated whenever I sync'd a file over to the Windows system via Dropbox/Syncthing (those work without port forwarding). Reverse VNC, like Reverse SSH or other connections basically try to initiate the connection out of the firewalled system, it's an interesting workaround when you have no incoming port forwards. Not sure if I'd recommend that type of set up but it is more secure than sending emails so there's that.
If you're able to set up a mesh VPN that might work better but you do have other options if you need them.
Yes, that is technically possible, but you’ll probably have to design it yourself, because I don’t think anyone else has/will. You need to really consider the security implications of this kind of setup. If anyone discovers how to send an email in the way you’re talking about to your box, they would 100% be able to take over your box.