Difference between revisions of "Ssh Server"

From RogueBasin
Jump to navigation Jump to search
 
(One intermediate revision by one other user not shown)
Line 63: Line 63:
== Other Considerations ==
== Other Considerations ==


Depending on how your game starts up, you might want to write a simple shell that provides user accounts
Depending on how your game starts up, you might want to write a simple shell that provides user accounts.
For instance, nethack automatically uses the user's name as the character name for a new game, so if you use this method, anyone who connects will play on the same character.
For instance, nethack automatically uses the user's name as the character name for a new game, so if you use this method, anyone who connects will play on the same character.
So to set up a nethack server, your shell should let players create a new account, login to that account, and then launch nethack with the command <code>nethack -u $username</code>
So to set up a nethack server, your shell should let players create a new account, login to that account, and then launch nethack with the command <code>nethack -u $username</code>
Other games, which handle character names on their own, don't need such a wrapper.
Other games, which handle character names on their own, don't need such a wrapper.
[[Category:Developing]]

Latest revision as of 12:23, 12 November 2012

Setting up an ssh server for your ncurses roguelike is very simple, and requires root access to perform.

The Basics

First, install sshd. This varies from distribution to distribution, but on Debian-based distros like Ubuntu, "sudo apt-get install sshd" should work.

Setting up a user account

For these instructions, let's assume you're setting up a server for the game cataclysm.

1. Add a new user account.

sudo adduser cataclysm
This will prompt you to enter a password; see below for instructions if you want a passwordless SSH server.

2. (Possibly optional) Make the user's home directory readable to all users, for ease of administration. You could instead add your normal account to the the new user's group, for greater security.

sudo chmod a+rw /home/cataclysm

3. Move any required executables or data files to the user's directory, if you want or need to.

cp /path/to/cataclysm/cataclysm /home/cataclysm
cp -R /path/to/cataclysm/data /home/cataclysm

4. Change the user's login shell to the game executable

sudo usermod -s /home/cataclysm/cataclysm cataclysm

And you're done! You can now try "ssh cataclysm@127.0.0.1" from the host to test that it's working.

Passwordless Login

Security Implications

Warning: Enabling a passwordless login potentially opens you up to attack. Buffer overflow exploits are possible if your game ever crashes, or people could grief you by writing a bot to continually log in, create a savefile, and log out, until your hard drive fills up. That said, I've been running a passwordless cataclysm server for a long time without incident, and the danger is probably not too prominent.

Possible countermeasures:

  • Put the user in a chroot jail
  • Run your sshd on a non-standard port (something other than 22), though this requires your end-users to change the options in their client... which people seem to find difficult sometimes.

Implementation

This implementation involves running a second sshd, specifically for your passwordless accounts, which is a little more secure.

1. Delete the password for the desired account.

sudo passwd -d cataclysm

2. Create a custom sshd_config with the following lines in it (along with any other desired options)

AllowUsers cataclysm
PermitRootLogin no
RSAAuthentication no
PubkeyAuthentication no
PasswordAuthentication yes
PermitEmptyPasswords yes
X11Forwarding no
PrintMotd no
UsePAM no
And optionally, for greater security:
Port 1234
Save the file someplace that makes sense, like /etc/ssh/sshd_config_roguelikes. It should be owned by root, with permissions 644.

3. Set up a new sshd to run on startup

Add this to /etc/rc.local, or create a startup script however your distro likes to do them.
/usr/sbin/sshd -f /etc/ssh/sshd_config_roguelikes

Your account is now accessible via ssh with no password bothering your players.

Other Considerations

Depending on how your game starts up, you might want to write a simple shell that provides user accounts. For instance, nethack automatically uses the user's name as the character name for a new game, so if you use this method, anyone who connects will play on the same character. So to set up a nethack server, your shell should let players create a new account, login to that account, and then launch nethack with the command nethack -u $username Other games, which handle character names on their own, don't need such a wrapper.