November 15, 2010
AutoSSH Module for Prey
Prey
Prey is software that allows you to track computers and other devices in case they are stolen. After it's installed on a machine, it periodically checks to see if you have reported it as stolen, and if you have, it will contact you with details about the machine's current status. This information includes its IP address, GPS position, a screenshot of the current desktop and a picture (or video) of the perpetrator using the webcam.
This makes it much easier to recover your property. However, I also wanted to be able to have full control of the machine in order to access my data and to be able to directly monitor the thief. The easiest option is to ssh directly into the machine; however, this is only possible if the router they are connected to doesn't block outside connections. One solution is to set up Prey to open a remote port on another machine that forwards back to itself; this way, your laptop initiates an outbound connection and evades the block.
Prerequisites
To accomplish this, you will need root access on a server that's running OpenSSH so that you can add a user that's only used for Prey. You could conceivably use your own account instead of creating a new one, but if your laptop is stolen, the thief would be given full access to your account. Your laptop also needs to be running Linux (the same procedures should work for other *nix systems, but modifications will have to be made to the directory structure of the download).
Account preparation
To allow Prey to access your server, we will be setting up SSH keys that allow automatic login onto a server. Because of this, it is very important that you create a new user on the server and disable their shell, so that if your laptop is stolen, the thief won't be given access to an account.
On the server, run the following as root to add a new user:
root@server:~# adduser preyuser
Set a password and whatever other options it asks for.
On your laptop, run all of the following commands as root:
root@laptop:~# ssh-keygen -t rsa
Do not enter a passphrase.
Now use ssh to create a ~/.ssh directory by running:
root@laptop:~# ssh preyuser@server mkdir -p .ssh
Enter the password for the user you just created.
Now append the laptop's public key to the authorized keys on the server:
root@laptop:~# cat ~/.ssh/id_rsa.pub | ssh preyuser@server 'cat >> .ssh/authorized_keys'
You should now be able to log into the server as preyuser without entering a password.
Finally, back on the server, disable preyuser's ability to login by disabling their login shell:
root@server:~# which nologin
/usr/sbin/nologin
root@server:~# chsh -s /usr/sbin/nologin preyuser
Trying to log into the server should now give give you the message that the account is currently not available.
Configuring your laptop
The only thing to do now is to configure Prey. Download the AutoSSH module onto your laptop and decompress it:
root@laptop:~# wget http://www.skari.org/blogger/prey-autossh.tgz
root@laptop:~# tar -xzvf prey-autossh.tgz
Edit the autossh/config file and fill in your server, username, and remote port. When you're done, move the folder into the Prey modules directory:
root@laptop:~# mv autossh /usr/share/prey/modules/
That's it!
Prey should now open a forwarded tunnel from your server to your laptop when activated. However, if the connection is interrupted, the tunnel will die. You may want to consider installing autossh which will start and actively monitor an SSH connection and restart it as necessary. This module will use autossh if it is available and fall back to plain ssh otherwise.
Logging into your stolen laptop
Now, if your laptop is stolen, Prey should activate and send you a report. To access your laptop, login to your server and run:
user@server:~$ ssh user@localhost -p port
Enter the laptop's user's password,and you should be in. Now go catch the bastard!
Labels: prey ssh autossh
Subscribe to Posts [Atom]