diff options
Diffstat (limited to 'splitops/README.md')
-rw-r--r-- | splitops/README.md | 128 |
1 files changed, 128 insertions, 0 deletions
diff --git a/splitops/README.md b/splitops/README.md new file mode 100644 index 0000000..7a92b9b --- /dev/null +++ b/splitops/README.md @@ -0,0 +1,128 @@ +# Splitops +================ + +Splitops is a script to allow execution of commands only after the approval of +multiple users. + +It is intended to be used with OpenSSH by specifiying it as the "command" option +for authorized users in `~/.ssh/authorized_keys` (explained below). + +Server requirements: +===================== + +GNU/linux server. +The Splitops program is written in the Python programming language, so you will need to have installed the +python3 package in your server, please check in your terminal by typing "python3 -V", to see if you have this package already installed. + +Please do before using the program +===================================== + +1) From your local computer git clone the deployment.git repository, and within the "splitops" folder, +copy the file "splitops" from your computer to the remote server (path:/usr/local/bin/). There is no need for you +to clone the whole deployment.git repository from the remote server to grab this program. + +You can use the command "scp" for this. + +scp /home/user/deployment/splitops/splitops root@server:/usr/local/bin/ + +2) In your remote server SSH configuration (/etc/ssh/sshd_config), +please make sure you have the option "PubkeyAuthentication yes" is +de-commented. If not, decomment the line, and --reload your ssh service. + +3) In your /root/.ssh/authorized_keys, please add the next lines: + +command="/usr/local/bin/splitops alice" [... key of alice ...] +command="/usr/local/bin/splitops bob" [... key of bob ...] + +(one for each user, that you want to have approval from for each command request) + +"Alice" and "Bob" are just usernames, they don't need to be real user system accounts in the remote server. + +The way the splitops program works, is by associating a public SSH key to a username, but this username doesn't need to match, +with the real username you are using for a specific SSH public key. + +Having these 2 lines in the .ssh/authorized_key files, will *force* --anyone trying to login in as root through SSH, +to execute the program: "splitops", so any other user not listed in this root/.ssh/authorized_key file, won't be able to do anything. + +4) Logout from the remote server, and from your client machine, in order to start using the program Splitops, +try to "request" your very first command. This is done by using the splitops sub-command "propose". + +e.g: ssh root@server propose rm -rf /opt/something + +After executing this, you will have some sort of answer from the server such as next: + +- authenticated as: bob +- requested command: ['rm', '-rf', '/opt/something'] +- assigned id: ccafbd + +That means, your new command request, is waiting for approval. + +Now, you (if you are either Alice or Bob), you can "approve" this command request, and afterwards wait for +others to do the same thing (until the approval is complete for the number of users listed on the .ssh/authorized keys of the remote server). + +Let's say you are Bob for now, +--------------------------------- + +bob@computer:~$ root@server get # To see if you have anything pending to approve + +And you will see a list of pending requests. Now get the the ID of any request you want to approve, +let's say "ccafbd", then type: + +bob@computer:~$ root@server approve ccafbd + +Now you have to ask Alice, to approve the same request "ccafbd" + +Alice will do, + +alice@computer:~$ root@server approve ccafbd + +And finally you will be able to --remotely execute "as root", that specific and --approved command: + +bob@computer:~$ ssh root@server run ccafbd + +Summary +======== + +Once the production remote server is up an running using the "splitops" command, a routine for you as "double-check systems administrator" +would be to use the next splitops sub-commands (get, propose,approve, discargd, run...) + +alice@computer:~$ root@server get # To see if you any pending commands to approve +alice@computer:~$ root@server approve "some ID" # To approve a specific command +alice@computer:~$ root@server run "some ID" # To run, a specific approved command +alice@computer:~$ root@server propose cp /opt/something /usr/local/something # (and wait) + +e.g 1) IF you try to "run" a command, but you don't have enough approvals, you will receive some output as this: + +- authenticated as: --user=javier +- running command with ID bcb6a5 +- not enough approvals, got 1 but need 2 + +e.g 2) If you try to connect to the remote server as --root, and without using any Splitops sub-command, you will receive the +next answer from the server: + +alice@computer:~$ ssh root@server +- authenticated as: --user=alice +- no command provided, try help +- Connection to 78.141.227.64 closed. + + +Full command list +=================== +CMDID= The hash assigned to each command request. + +whoami: Check authentication +propose CMD ...: Propose a new command +get: Get the currently proposed command +approve CMDID: Approve a command +run CMDID: Run a sufficiently approved command +discard: Discard the currently proposed command + +Please remember you have to use this sub-command remotely from your computer, towards the remote server, by using the "root" user. +Or with the user of your choice, who has on its .ssh/authorized_key file, the users list, with the OpenSSH "command= ..." option. + +[*]- Also take into account, if any other user "propose" a new command, the last "proposed" command will be discarded. The program doesn't use a stack +to store all requests, it works just with 1 single request. So even if you have been approved by several users, a specific CMDID, you won't be able +to run it, if a new command --proposal has been requested. + +[*] We encourage all users interested in using the Splitops command to use it first with a --normal user, and not with the root user. +So this way you can learn how the program behaves, without losing the connection with your server as the root user. |