Securing a VPS with LATCH (III). Avoiding tricky attackers

Once we've got our VPS protected from unauthorized logins using LATCH, it's possible that some of you have noticed that there is a little bug in the method used.

Exactly, in case the attacker presses Ctrl+C just after typing the password, he could prevent the script from making the request, so he would skip our security measure and make it worthless.

In order to prevent it, we only need to do a little modification:

At the script we check the account status (called in our tutorial), we'll add this line at the beggining of the script:

prettyprint-bash nowrap
trap pathtoourscript 2

So, if the script is at /home/LATCH/, it would be

prettyprint-bash linenums nowrap
trap /home/LATCH/./ 2

What the trap command is doing is to "catch" a command sent, in this case Ctrl+C (Interrupt from keyboard), which is identified with number 2, and it pairs it to a command which will be run when the "signal" it's detected.
I know that it's a little bit tricky to understand, but by reading the syntax you will get the idea:

trap command signal

Being "signal" an integer and "command" the action the system will make,

More info about UNIX signals:

What we are making in this case is forcing the script to be run again in case of receiving a Ctrl+C, so the request would be done at some time, and the connection would be shut down.

It would also be possible to make it more agressive by writing
trap "pkill ssh" 2
so when the system detects the Ctrl+C, it would automatically close the connection as a prevention of a possible intrusion.

Notice that the command is included between quotation marks, as the command needs arguments to be passed.

With all the work made among this 3 posts we've managed to secure our VPS from unauthorized logins, and all using 3 simple scripts and the power of LATCH.

I hope it has been useful to you!

Extra point

Thanks to Arasthel (@arasthel92) we can also secure a little bit more our system, by making the script running in background, so even if the attacker pressed Ctrl+C, the script would remain executing, so it would receive the LATCH response and close the SSH process if it's necessary.

If we want this, the only thing we need to do is adding a "&" after calling the script at the .bashrc file:

prettyprint-bash nowrap
/home/LATCH/./ &

The only thing that may happen is that after writing the first command, we may see a message alerting us that the execution of the script has ended:

But if this is not a big problem to us, this is a way to secure even more that the attacker will not trick our LATCH verification!