{"id":973,"date":"2013-06-17T00:20:55","date_gmt":"2013-06-16T23:20:55","guid":{"rendered":"https:\/\/www.aerian.fr\/?p=973"},"modified":"2018-02-18T13:52:58","modified_gmt":"2018-02-18T12:52:58","slug":"ajouter-une-saisie-utilisateur-a-anyterm","status":"publish","type":"post","link":"https:\/\/www.aerian.fr\/en\/ajouter-une-saisie-utilisateur-a-anyterm\/","title":{"rendered":"Add an user prompt to Anyterm"},"content":{"rendered":"

Sorry, this entry is only available in Fran\u00e7ais<\/a>.<\/p>

Anyterm<\/a> est une application permettant d’avoir acc\u00e8s \u00e0 une console \u00e0 travers une interface web \u00e0 l’ide de ssh.<\/p>\n

La configuration de base d’Anyterm peut \u00eatre trouv\u00e9e sur le site de l’application<\/a> ou sur le net, les tutoriels ne manquant pas. Cependant, le site d’Anyterm n’indique aucune proc\u00e9dure permettant de proposer une saisie de l’utilisateur avant de lancer la commande ssh.<\/p>\n

J’ai tout d’abord penser \u00e0 utiliser la commande “read” combin\u00e9e \u00e0 la commande “echo” pour palier \u00e0 ce manque car c’\u00e9tait la solution la plus facile \u00e0 mettre en place. Cependant cette solution est loin d’\u00eatre s\u00e9curis\u00e9e: il suffit \u00e0 l’utilisateur malveillant d’injecter des commandes apr\u00e8s le read et celles-ci seront interpr\u00e9t\u00e9s.<\/p>\n

J’ai donc d\u00e9cid\u00e9 de passer par un script externe qui ferait appel \u00e0 la commande ssh. En recherchant je suis tomb\u00e9 sur un script Perl pr\u00e9sent\u00e9 sur le forum Ubuntu<\/a> permettant de satisfaire mes besoins. En examinant le code, j’ai remarqu\u00e9 que la variable fournie par l’utilisateur n’\u00e9tait pas s\u00e9curis\u00e9e et que certaines parties \u00e9taient inutile pour ce que voulait faire. Je l’ai donc s\u00e9curis\u00e9 en supprimant tous les caract\u00e8res non alpha-num\u00e9rique dans la variable saisie et en supprimant le code inutile.<\/p>\n

Le code r\u00e9sultant est donc le suivant:<\/p>\n

#!\/usr\/bin\/perl\r\nwhile ( length($username) >= 3 ) {\r\nprint \"Enter your username: \"\r\nmy $_ = $username = ;\r\nchomp ( $username );\r\n$OK_CHARS='a-zA-Z0-9';\r\ns\/[^$OK_CHARS]\/\/go;\r\n$username = $_;\r\n}\r\nif ( $^O == 'linux' )\r\n{\r\nexec (\"\/usr\/bin\/ssh $username\\@$ARGV[0]\");\r\n}<\/code><\/pre>\n
<\/p>","protected":false},"excerpt":{"rendered":"
Sorry, this entry is only available in Fran\u00e7ais.Anyterm est une application permettant d’avoir acc\u00e8s \u00e0 une console \u00e0 travers une interface web […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[174],"tags":[183,190,184,188,187,189,185,186],"class_list":["post-973","post","type-post","status-publish","format-standard","hentry","category-notes","tag-anyterm","tag-perl","tag-prompt","tag-saisie","tag-saisir","tag-ssh","tag-user","tag-utilisateur"],"yoast_head":"\nAdd an user prompt to Anyterm - Aerian.fr<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aerian.fr\/en\/ajouter-une-saisie-utilisateur-a-anyterm\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Add an user prompt to Anyterm - Aerian.fr\" \/>\n<meta property=\"og:description\" content=\"Sorry, this entry is only available in Fran\u00e7ais.Anyterm est une application permettant d’avoir acc\u00e8s \u00e0 une console \u00e0 travers une interface web […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aerian.fr\/en\/ajouter-une-saisie-utilisateur-a-anyterm\/\" \/>\n<meta property=\"og:site_name\" content=\"Aerian.fr\" \/>\n<meta property=\"article:published_time\" content=\"2013-06-16T23:20:55+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2018-02-18T12:52:58+00:00\" \/>\n<meta name=\"author\" content=\"42\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@LinceAerian\" \/>\n<meta name=\"twitter:site\" content=\"@LinceAerian\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"42\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.aerian.fr\/ajouter-une-saisie-utilisateur-a-anyterm\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.aerian.fr\/ajouter-une-saisie-utilisateur-a-anyterm\/\"},\"author\":{\"name\":\"42\",\"@id\":\"https:\/\/www.aerian.fr\/#\/schema\/person\/622c3cefbea11a0be741137608b4bf8b\"},\"headline\":\"Add an user prompt to Anyterm\",\"datePublished\":\"2013-06-16T23:20:55+00:00\",\"dateModified\":\"2018-02-18T12:52:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.aerian.fr\/ajouter-une-saisie-utilisateur-a-anyterm\/\"},\"wordCount\":242,\"publisher\":{\"@id\":\"https:\/\/www.aerian.fr\/#organization\"},\"keywords\":[\"anyterm\",\"perl\",\"prompt\",\"saisie\",\"saisir\",\"ssh\",\"user\",\"utilisateur\"],\"articleSection\":[\"Notes\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aerian.fr\/en\/ajouter-une-saisie-utilisateur-a-anyterm\/\",\"url\":\"https:\/\/www.aerian.fr\/en\/ajouter-une-saisie-utilisateur-a-anyterm\/\",\"name\":\"Add an user prompt to Anyterm - Aerian.fr\",\"isPartOf\":{\"@id\":\"https:\/\/www.aerian.fr\/en\/#website\"},\"datePublished\":\"2013-06-16T23:20:55+00:00\",\"dateModified\":\"2018-02-18T12:52:58+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.aerian.fr\/en\/ajouter-une-saisie-utilisateur-a-anyterm\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[[\"https:\/\/www.aerian.fr\/en\/ajouter-une-saisie-utilisateur-a-anyterm\/\"]]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aerian.fr\/en\/ajouter-une-saisie-utilisateur-a-anyterm\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aerian.fr\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Ajouter une saisie utilisateur \u00e0 Anyterm\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aerian.fr\/en\/#website\",\"url\":\"https:\/\/www.aerian.fr\/en\/\",\"name\":\"Aerian.fr\",\"description\":\"Welcome to Aerian.fr\",\"publisher\":{\"@id\":\"https:\/\/www.aerian.fr\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aerian.fr\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.aerian.fr\/en\/#organization\",\"name\":\"Aerian.fr\",\"url\":\"https:\/\/www.aerian.fr\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.aerian.fr\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.aerian.fr\/wp-content\/uploads\/2012\/01\/logo.png\",\"contentUrl\":\"https:\/\/www.aerian.fr\/wp-content\/uploads\/2012\/01\/logo.png\",\"width\":667,\"height\":522,\"caption\":\"Aerian.fr\"},\"image\":{\"@id\":\"https:\/\/www.aerian.fr\/en\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/LinceAerian\",\"https:\/\/www.linkedin.com\/in\/marleixmathieu\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aerian.fr\/#\/schema\/person\/622c3cefbea11a0be741137608b4bf8b\",\"name\":\"42\",\"sameAs\":[\"http:\/\/www.aerian.fr\"],\"url\":\"https:\/\/www.aerian.fr\/en\/author\/lince\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Add an user prompt to Anyterm - Aerian.fr","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aerian.fr\/en\/ajouter-une-saisie-utilisateur-a-anyterm\/","og_locale":"en_US","og_type":"article","og_title":"Add an user prompt to Anyterm - Aerian.fr","og_description":"Sorry, this entry is only available in Fran\u00e7ais.Anyterm est une application permettant d’avoir acc\u00e8s \u00e0 une console \u00e0 travers une interface web […]","og_url":"https:\/\/www.aerian.fr\/en\/ajouter-une-saisie-utilisateur-a-anyterm\/","og_site_name":"Aerian.fr","article_published_time":"2013-06-16T23:20:55+00:00","article_modified_time":"2018-02-18T12:52:58+00:00","author":"42","twitter_card":"summary_large_image","twitter_creator":"@LinceAerian","twitter_site":"@LinceAerian","twitter_misc":{"Written by":"42","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.aerian.fr\/ajouter-une-saisie-utilisateur-a-anyterm\/#article","isPartOf":{"@id":"https:\/\/www.aerian.fr\/ajouter-une-saisie-utilisateur-a-anyterm\/"},"author":{"name":"42","@id":"https:\/\/www.aerian.fr\/#\/schema\/person\/622c3cefbea11a0be741137608b4bf8b"},"headline":"Add an user prompt to Anyterm","datePublished":"2013-06-16T23:20:55+00:00","dateModified":"2018-02-18T12:52:58+00:00","mainEntityOfPage":{"@id":"https:\/\/www.aerian.fr\/ajouter-une-saisie-utilisateur-a-anyterm\/"},"wordCount":242,"publisher":{"@id":"https:\/\/www.aerian.fr\/#organization"},"keywords":["anyterm","perl","prompt","saisie","saisir","ssh","user","utilisateur"],"articleSection":["Notes"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.aerian.fr\/en\/ajouter-une-saisie-utilisateur-a-anyterm\/","url":"https:\/\/www.aerian.fr\/en\/ajouter-une-saisie-utilisateur-a-anyterm\/","name":"Add an user prompt to Anyterm - Aerian.fr","isPartOf":{"@id":"https:\/\/www.aerian.fr\/en\/#website"},"datePublished":"2013-06-16T23:20:55+00:00","dateModified":"2018-02-18T12:52:58+00:00","breadcrumb":{"@id":"https:\/\/www.aerian.fr\/en\/ajouter-une-saisie-utilisateur-a-anyterm\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":[["https:\/\/www.aerian.fr\/en\/ajouter-une-saisie-utilisateur-a-anyterm\/"]]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aerian.fr\/en\/ajouter-une-saisie-utilisateur-a-anyterm\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aerian.fr\/en\/"},{"@type":"ListItem","position":2,"name":"Ajouter une saisie utilisateur \u00e0 Anyterm"}]},{"@type":"WebSite","@id":"https:\/\/www.aerian.fr\/en\/#website","url":"https:\/\/www.aerian.fr\/en\/","name":"Aerian.fr","description":"Welcome to Aerian.fr","publisher":{"@id":"https:\/\/www.aerian.fr\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aerian.fr\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.aerian.fr\/en\/#organization","name":"Aerian.fr","url":"https:\/\/www.aerian.fr\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.aerian.fr\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.aerian.fr\/wp-content\/uploads\/2012\/01\/logo.png","contentUrl":"https:\/\/www.aerian.fr\/wp-content\/uploads\/2012\/01\/logo.png","width":667,"height":522,"caption":"Aerian.fr"},"image":{"@id":"https:\/\/www.aerian.fr\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/LinceAerian","https:\/\/www.linkedin.com\/in\/marleixmathieu"]},{"@type":"Person","@id":"https:\/\/www.aerian.fr\/#\/schema\/person\/622c3cefbea11a0be741137608b4bf8b","name":"42","sameAs":["http:\/\/www.aerian.fr"],"url":"https:\/\/www.aerian.fr\/en\/author\/lince\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aerian.fr\/en\/wp-json\/wp\/v2\/posts\/973","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.aerian.fr\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aerian.fr\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aerian.fr\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aerian.fr\/en\/wp-json\/wp\/v2\/comments?post=973"}],"version-history":[{"count":18,"href":"https:\/\/www.aerian.fr\/en\/wp-json\/wp\/v2\/posts\/973\/revisions"}],"predecessor-version":[{"id":2126,"href":"https:\/\/www.aerian.fr\/en\/wp-json\/wp\/v2\/posts\/973\/revisions\/2126"}],"wp:attachment":[{"href":"https:\/\/www.aerian.fr\/en\/wp-json\/wp\/v2\/media?parent=973"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aerian.fr\/en\/wp-json\/wp\/v2\/categories?post=973"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aerian.fr\/en\/wp-json\/wp\/v2\/tags?post=973"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}