Create an account


Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[SOLVED] [Q] Restrict RCON sessions to local host only

#1
Afternoon everyone,

I should like to have the Xonotic server on port 26000 reject all rcon connections from all IP addresses except 127.0.0.1. This way rcon commands could only be sent from the localhost.

Why?
This stops cracking attempts on server.
This restricts access to locally logged in users (which shall send commands via ssh scripts ).
Makes me feel safer Smile (Subjective as ever)

Alternatively, is there an implementation of rcon/xenotic that uses SSL+client certificates?

Regards.

PS. Is there an rcon command to change the server game from e.g ctf to kh ?
Reply

#2
The command for game types is gametype.

And no, there is no way to restrict rcon to localhost without inspecting the packets I think. You'll need to mod the engine to check the source IP for that.

If you can manage to hide the rcon password from the shell script users (by having the scripts be SUID xonotic and read the pw somewhere hidden?), just set it to something very complex...

There is AES crypto but I don't think it's used for rcon auth.
Reply

#3
Thank-you.

I have only enabled the restictive rcon command, but did add gametype to the list and restarted the service.

However the command was rejected.:
server denied rcon access to 127.0.0.1:33362

I passed these as values to rcon:
gametype=kh
gametype kh

For those who read this thread eons later, then the actual format is :

'gametype kh'

E.g full command is:
Code:
rcon_address=127.0.0.1:26000 rcon_password=XXXXXXXXXXXX /usr/local/xonotic/server/rcon.pl 'gametype kh'
Reply

#4
There is currently no certificate-based rcon, but the password is still not sent in plain by rcon protocol.

Limiting rcon to a specific source IP range sounds like a good idea, but is currently not possible yet.
BRLOGENSHFEGLE (core dumped)

The Bot Orchestra is back! | Xoylent Easter Egg | 5bots1piano
My music on Google Play and SoundCloud
Reply

#5
Hi divVerent,

Thanks for the information.

Cheers.
Reply



Possibly Related Threads…
Thread Author Replies Views Last Post
  Host A Server On A Device/Android? Baker 5 1,629 07-07-2024, 06:56 PM
Last Post: Baker
  Local LAN Xonotic game server player Stats animatedjay 5 5,778 03-23-2023, 02:23 PM
Last Post: FAF
  New CA only Server ".broccoli | Clan Arena" - EU Based aeh 1 1,308 03-07-2023, 03:53 AM
Last Post: FAF
  Unjust ban on the only active DM server, what can be done? nj 30 13,238 08-02-2022, 07:04 AM
Last Post: nj
  how to have blue team only with bots and red team 1 human player and 2 bots billyjoe 7 8,482 09-04-2021, 11:53 AM
Last Post: AndK
  [MoFo] With A Shotgun [Shotgun Only] end user 12 15,636 08-19-2017, 02:22 PM
Last Post: end user
Thumbs Up rcon and bots billyjoe 3 4,083 04-13-2017, 12:08 PM
Last Post: billyjoe
  Host custom maps on Google Drive sgtsob 3 4,171 10-27-2016, 12:05 AM
Last Post: sgtsob
  using rcon with ${....} TheGoodGamer 6 6,144 05-24-2015, 02:51 AM
Last Post: TheGoodGamer
Brick Shell script to execute rcon commands Melanosuchus 0 7,774 06-05-2014, 04:17 PM
Last Post: Melanosuchus

Forum Jump:


Users browsing this thread:
1 Guest(s)

Forum software by © MyBB original theme © iAndrew 2016, remixed by -z-