Safer way to run scripts remotely?

[plabberrunt]

I'm setting up a program that runs locally on a desktop, but will SSH into the merlin asuswrt router and dump the current clients list (using arp for now but I might go for something like this https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=461340).

I'm not very familiar with linux, I haven't used it in a couple decades... but I would like to do this program remoting without having to leave full admin login capability in the program.

My first thought was just to add a user and figure out the minimum rights it would need to run arp. But I found discussions suggesting that adding users in asuswrt is... difficult.

Any ideas for how to accomplish this?

 

[RMerlin]

Asuswrt isn't really designed to support multiple users. More is, you actually want to access data that is quite possibly only available to the admin anyway.

What you might want to do however is use an SSH keypair to login instead of a password.

 

[plabberrunt]

Asuswrt isn't really designed to support multiple users. More is, you actually want to access data that is quite possibly only available to the admin anyway.

What you might want to do however is use an SSH keypair to login instead of a password.

Ah yes, I was assuming SSH keypair for login but that means leaving the private key with the program of course which is equivalent to storing the username/pass.

You're right about permissions - I wasn't sure there were any methods of restricted access to the router to evaluate if those methods would allow the limitation I was shooting for. I was thinking of a workaround already though - a constantly running script on admin that generates the data and dumps it into a file with limited access.

Anyhow, I guess there aren't any options short of learning how to recompile with a different distro, too much work for what I'm doing so I'll just work with what I've got. Thanks for your reply.

 

[Jeffrey Young]

You could write your own script on the router, then create a cron job via the init-start or services-start script to run the script daily. If you need to get a hold of the produced files remotely, use the router's samba/nfs/ftp features.

Not meaning to get nosey, but knowing what you want to accomplish would help in getting a solution.

 

[plabberrunt]

You could write your own script on the router, then create a cron job via the init-start or services-start script to run the script daily. If you need to get a hold of the produced files remotely, use the router's samba/nfs/ftp features.

Not meaning to get nosey, but knowing what you want to accomplish would help in getting a solution.

Nice idea! Trying to go the other way might work, I'm already running an sftp so I could scp the data. Limits my ability to interact with it.. but maybe I could also have it pull a "do this" type of file at the same time or something. Very clunky roundabout but it might just work fine for this to not have an admin login key sitting around.

The eventual goal is just a tracking system for users, a user connect to the router or leaves I'll adjust some IOT settings.