One of my long time client, often taking different solution if many different projects and paying me with very good money, is often travelling here and there. Thus required for him to login from different source IP from different network type.
That's let me to inspire learn perl and program this package. This program will actually allow you a web interface asking secret to allow your current public IP to get access to the server. Once your secret is correct your current IP will allowed to system and all others will blocked (DROP). This IP will remain unchanged until you did the above task again.
--> You also need to uncommend line 40 to get the DROP function active. Uncomment it with your own risk.
--> Once you forgot the secret, with DROP all command active - you'll not able to login your own server until your current public IP not mached with the IP last time your system updated.
I must say, that its not properly secure - as you need to put ssl and encryption technique also not upto par. As program Source code contain the key. So better use ssl and use random value and updated hash algorithm.
In mean time, if I'm able to a save time dispite hunting food and cloths, I'll update it.
-
You need perl and perl-cgi enabled in your machine and apache.
-
Need Crypt:CBC - use CPAN to install it
# perl -MCPAN -e shell > install Crypt::CBC -
Default Pass is - khubGopon
-
You need to change your sudoers file [or use visudo] to allow apache user to run iptables.
## Allow root to run any commands anywhere root ALL=(ALL) ALL user-foo ALL= NOPASSWD: /sbin/iptables -
And follow all other settings that need to run a perl script, i.e. let file executable, giving right owner/group(ship) etc.