Once we've got our VPS protected from unauthorized logins using LATCH, it's possible that some of you have noticed that there is a little bug in the method used.
Exactly, in case the attacker presses
Ctrl+C just after typing the password, he could prevent the script from making the request, so he would skip our security measure and make it worthless.
In order to prevent it, we only need to do a little modification:
At the script we check the account status (called
stat.sh in our tutorial), we'll add this line at the beggining of the script:
prettyprint-bash nowrap trap pathtoourscript 2
So, if the script is at /home/LATCH/stat.sh, it would be
prettyprint-bash linenums nowrap trap /home/LATCH/./stat.sh 2 applicationId="PHKXXXXXXXXXXX" secretkey="TBKXXXXXXXXXXXXXXXXXXX"
trap command is doing is to "catch" a command sent, in this case
Ctrl+C (Interrupt from keyboard), which is identified with number 2, and it pairs it to a command which will be run when the "signal" it's detected.
I know that it's a little bit tricky to understand, but by reading the syntax you will get the idea:
trap command signal
Being "signal" an integer and "command" the action the system will make,
More info about UNIX signals: http://unixhelp.ed.ac.uk/CGI/man-cgi?signal+7
What we are making in this case is forcing the script to be run again in case of receiving a
Ctrl+C, so the request would be done at some time, and the connection would be shut down.
It would also be possible to make it more agressive by writing
trap "pkill ssh" 2
so when the system detects the
Ctrl+C, it would automatically close the connection as a prevention of a possible intrusion.
Notice that the command is included between quotation marks, as the command needs arguments to be passed.
With all the work made among this 3 posts we've managed to secure our VPS from unauthorized logins, and all using 3 simple scripts and the power of LATCH.
I hope it has been useful to you!
Thanks to Arasthel (@arasthel92) we can also secure a little bit more our system, by making the script running in background, so even if the attacker pressed
Ctrl+C, the script would remain executing, so it would receive the LATCH response and close the SSH process if it's necessary.
If we want this, the only thing we need to do is adding a "&" after calling the script at the
prettyprint-bash nowrap /home/LATCH/./stat.sh &
The only thing that may happen is that after writing the first command, we may see a message alerting us that the execution of the script has ended:
But if this is not a big problem to us, this is a way to secure even more that the attacker will not trick our LATCH verification!