Jump to content
Sign in to follow this  
je82

Krusader as filemanagement, auto start docker when connecting, auto stop docker when disconnecting, works! But how to secure it better?

5 posts in this topic Last Reply

Recommended Posts

Hello,

So i've setup my Remote Desktop Manager (which is a wonderful windows program by the way to keep all my remote stuff in one place) to run a cmd plink script that ssh's into my unraid installation and starts the Krusader docker container.

 

Then after 5 seconds has passed it initiates the actual vnc connection to the now started docked container.

When i exit the vnc connection it sends another cmd plink command to stop the Krusader container.

 

This all works fine, but i have to pass the password in clear text using plink and i use the root login which feels bad.

 

My question to you is: How do i setup a user that i can ssh in to unraid with that ONLY has permission to stop/start manage the docker containers and not the rest of the unraid installation? I would rather use a limited user that only has these privileges than using the root account.

 

Any ideas? Thank you.

 

image.thumb.png.7fd680526c9e1ed344c7b97699916bb0.png

Share this post


Link to post

I do not believe that is possible to do this in any easy way at the moment as Unraid does not have users in the traditional Linux sense.  As a result ‘root’ is the only one who can ssh in as standard.    Making parts of the Unraid GUI accessible to non-privileged users is I believe a roadmap item, but as to any ETA I have no idea.

Share this post


Link to post
4 minutes ago, itimpi said:

I do not believe that is possible to do this in any easy way at the moment as Unraid does not have users in the traditional Linux sense.  As a result ‘root’ is the only one who can ssh in as standard.    Making parts of the Unraid GUI accessible to non-privileged users is I believe a roadmap item, but as to any ETA I have no idea.

alright thanks for the information, would be cool to have that on the roadmap for future features... i am not fully exposed as the rdm encrypts all the data it stores and i only initiate any traffic to the unraid installation on the LAN so i should be fine for now.

Share this post


Link to post

While in no way addressing your actual request, I have a suggestion to further secure your remote file management procedure. Set up a second instance of krusader, this one set with NO mappings, so the only access is inside the krusader container. Set it to auto start, and change your script to shut down the no mapping version and start your mapped version, reversing on exit. That way if someone is poking around they can find the file manager with no real way to damage anything, and your real container won't start because of the port clash.

 

Kind of a modified port knocking type of approach to security.

Share this post


Link to post
1 hour ago, jonathanm said:

While in no way addressing your actual request, I have a suggestion to further secure your remote file management procedure. Set up a second instance of krusader, this one set with NO mappings, so the only access is inside the krusader container. Set it to auto start, and change your script to shut down the no mapping version and start your mapped version, reversing on exit. That way if someone is poking around they can find the file manager with no real way to damage anything, and your real container won't start because of the port clash.

 

Kind of a modified port knocking type of approach to security.

that's not a terrible idea, thanks for the tip!

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this