Create an account


Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[SOLVED] [Q] Restrict RCON sessions to local host only

#1
Afternoon everyone,

I should like to have the Xonotic server on port 26000 reject all rcon connections from all IP addresses except 127.0.0.1. This way rcon commands could only be sent from the localhost.

Why?
This stops cracking attempts on server.
This restricts access to locally logged in users (which shall send commands via ssh scripts ).
Makes me feel safer Smile (Subjective as ever)

Alternatively, is there an implementation of rcon/xenotic that uses SSL+client certificates?

Regards.

PS. Is there an rcon command to change the server game from e.g ctf to kh ?
Reply

#2
The command for game types is gametype.

And no, there is no way to restrict rcon to localhost without inspecting the packets I think. You'll need to mod the engine to check the source IP for that.

If you can manage to hide the rcon password from the shell script users (by having the scripts be SUID xonotic and read the pw somewhere hidden?), just set it to something very complex...

There is AES crypto but I don't think it's used for rcon auth.
[Image:http://i.imgur.com/4XODR.png]640K ought to be enough for anybody.
     ― Linux Torvalds
Reply

#3
Thank-you.

I have only enabled the restictive rcon command, but did add gametype to the list and restarted the service.

However the command was rejected.:
server denied rcon access to 127.0.0.1:33362

I passed these as values to rcon:
gametype=kh
gametype kh

For those who read this thread eons later, then the actual format is :

'gametype kh'

E.g full command is:
Code:
rcon_address=127.0.0.1:26000 rcon_password=XXXXXXXXXXXX /usr/local/xonotic/server/rcon.pl 'gametype kh'
Reply

#4
There is currently no certificate-based rcon, but the password is still not sent in plain by rcon protocol.

Limiting rcon to a specific source IP range sounds like a good idea, but is currently not possible yet.
BRLOGENSHFEGLE (core dumped)

The Bot Orchestra is back! | Xoylent Easter Egg | 5bots1piano
My music on Google Play and SoundCloud
Reply

#5
Hi divVerent,

Thanks for the information.

Cheers.
Reply



Possibly Related Threads...
Thread Author Replies Views Last Post
  Local LAN Xonotic game server player Stats animatedjay 3 1,324 11-23-2018, 12:38 AM
Last Post: BuddyFriendGuy
Thumbs Up rcon and bots billyjoe 3 1,212 04-13-2017, 12:08 PM
Last Post: billyjoe
  Host custom maps on Google Drive sgtsob 3 2,159 10-27-2016, 12:05 AM
Last Post: sgtsob
  using rcon with ${....} TheGoodGamer 6 3,284 05-24-2015, 02:51 AM
Last Post: TheGoodGamer
Brick Shell script to execute rcon commands Melanosuchus 0 4,672 06-05-2014, 04:17 PM
Last Post: Melanosuchus
  Another RCON IRC bot Melanosuchus 5 4,772 04-27-2014, 02:10 PM
Last Post: Melanosuchus
  rcon command resets bots, gamtype etc. darkzun 12 6,851 10-03-2013, 02:01 PM
Last Post: Mr. Bougo
  Looking for a company to host Xonotic for me tbutlerPBL 2 2,306 08-10-2013, 05:41 AM
Last Post: roxservers
  How do I host a single map on a hosted Windows Server tbutlerPBL 19 10,738 07-22-2013, 03:38 PM
Last Post: Mr. Bougo
  [WIP] Xon_Rcon - In-Game Rcon Tool sqamsqam 12 8,879 06-20-2013, 12:20 PM
Last Post: Mr. Bougo

Forum Jump:


Users browsing this thread:
1 Guest(s)

Forum software by © MyBB original theme © iAndrew 2016, remixed by -z-