Short description: Secret algorithm method for authentification of linux users.(guard bash)
Go on http://www.iprogrammers.ro for more documentations, support and to http://sourceforge.net/projects/squrelayerproxy for DOWNLOAD

Purpose of gbash:
• Shell wrapper that will execute an authentication phase before any command is executed
• Use of secret (user owned) algorithm method
• Per user customizable procedure

Any use of this ? If you need to connect to your computer from outside of your safe environment, even if you use ssh, you are vulnerable to simple attacks like keys sniffing or to more complex attacks against ssh. If you have more than just one authentications method - password based, you could more safely log in your account from an insecure Internet host. The best method ever, I found is to use a secret algorithm (even a simple one) and to change it often. Warning: you have to hack gbash sources for your purpose - but the main idea is there.If you are not a resonable good linux programmer don't dare :)

Generic family of algorithms:
• Display current time and a random string.
• The authentication is successful if the user inputs a number of characters from displayed string in an order suggested by displayed string.

A simple example:
Display: Secret 0153! Current time is Mon Nov 18 21:17:26 EET 2002
Algorithm is successful if the user inputs 3 characters (digit) from the end of the string starting from sum of the secret number (from 1 + 5 + 3 = 9) - The solution for displayed string is 627.
Adding new algorithms is simple and depends only by your imagination and your memory :) It's also possible to create a program as client side that could assist you in managing and creation of such algorithms and also in helping to solve them - but this is just an idea for future

Implementation and install
The main idea is to create a simple program that will act as a shell wrapper( gbash is the name I will give from now to this program) Before doing anything else, gbash will look in /usr/local/lib/guard/ for a guardlib_user.so and will execute some verification code from this file before executing the normal bash. To make it effective you have to put gbash in the sistem (/usr.local/bin for example). add a line in /etc/shells (/usr/local/bin/gbash), and change the shell for your user to this, using chsh

Use:
• Unzip guard.tgz
• Copy guardlib_user.c to guardlib_user.c (where user is name of your user)
• Uncoment this lines from Makefile and change user to your user name

#user:
#       $(CC)  -fPIC -O3 -fomit-frame-pointer -c guardlib_user.c
#       $(LD) -Bshareable -s -o guardlib_user.so guardlib_user.o -ldl
#       cp guardlib_user.so $(GUARD_LIB)

Execute
• make init
• make install
• make user
• change user shell as specified before
• play with guardlib_user.c as you want


• I recommend that the GUARD_LIB directory to have access permissions only to a special group and you will set gbash group-id, to allow only to this program to read and execute the library files for each user. An alternative solution is to change owner for that file to the proper user. (in both cases you will need root access or suport from your system adiminstrator )