I'm currently building an (experimental) webapp to login and control a (linux) server (especially for monitoring) in node.js. For authentification i would like to use the linux users.
Either via /etc/passwd
and /etc/shadow
, reading information works quite good, but i can not authenticate ( crypto
, bcrypt
won't work), via child_process.exec
i can execute openssl passwd
, this only generates md5 ( 1
), but the passwords stored in /etc/shadow
are encrypted with SHA512 ( 6
). Is there any way I'm missing out?
The other way i tried, is using the login
command (via child_process.spawn
). but this always exits with code 1
. All other commands (eg apt-get upgrade
) work as expected.
PS: my server is running on root
so there should be no problem with permissions.
Thanks for your help
EDIT : As i already pointed out, this is an EXPERIMENTAL project, so I'm not planning to use it in production, i was just curious about it. It's a bit similar to PCMonitor
I know running it as root
is not a good idea, and thats not what i would use in production apps.
To clarify : My question was more about, why every command (i have tried so far) works good with child_process.spawn
except login
. And how i could generate a SHA512
password with a salt (exactly like the ones in /etc/shadow
Well this question is rather old, but I stumbled upon a similar problem verifying the entered password against the systems user db. Maybe this can help others having the same task.
I finally did it via the expect tool.
So I came up with this expect script:
#!/usr/bin/expect
set username [lindex $argv 0];
set password [lindex $argv 1];
set timeout 5
puts "$username $password"
if {[file exists /usr/bin/su]} {
spawn /usr/bin/su $username
}
if {[file exists /bin/su]} {
spawn /bin/su $username
}
expect -exact "Password:"
send "$password\n"
expect {
-ex "su: " {
puts "login failed"
exit 1
}
-ex "@" {
puts "login successful"
send "exit\n"
exit 0
}
timeout {
puts "login failed (timeout)"
exit 1
}
default {
puts "login failed (unknown reason)"
exit 1
}
}
If you save this script for example as pw_check.sh you then can call it like this in nodejs
var child = execFile(
'/path/to/pw_check.sh',
[username,password],
{stdio: ['pipe', 'pipe', 'pipe']});
child.on('exit', function(code, signal) {
if (code === 0) {
//pw check was successful
} else {
console.log("Authentication error.")
//pw check failed
}
});
I must admit that this is not a very secure way to do this, but I found no better one yet. And creating a separate user db was no option for me.
You can use node.js to connect via SSH to the localhost server, check out this module https://github.com/mscdex/ssh2 . You can forward the commands sent via the web api to the ssh connection.
This way it would be a lot safer than exec-ing commands, and you would be able to use any users allowed to ssh.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.