23
[SOLVED] Send commands to Linux box via e-mail? (programming.dev)
submitted 2 days ago* (last edited 2 days ago) by emotional_soup_88@programming.dev to c/linux@programming.dev
31 comments fedilink hide all child comments

Edit/Solved: Thank you for all the great input! Both on alternative solutions and on security implications. I'm going to make a draft on how I would setup the e-mail method as securely as possible as a programming/scripting exercise, but will IRL probably end up using either some reverse tunnel/shell variant.

Edit 2: or, as a hardware solution, install an extra NIC that I expose to the opennet - thus enabling remote port forwarding - while binding all my sensitive processes/traffic to my encrypted NIC.

I cannot ssh into my Linux box from outside of my LAN since I'm behind a VPN that doesn't support port forwarding. Is it possible to make my Linux box receive, interpret and execute commands through e-mail instead? I've tried looking for answers through DuckDuckGo's search engine, to no avail. If I may dream, I would like to setup an e-mail server with a systemd service or just run a script that continuously downloads the emails, prints their content to stdin and executes, perhaps through command substitution, whatever is in stdin.

you are viewing a single comment's thread
view the rest of the comments
[-] BlackEco@lemmy.blackeco.com 21 points 2 days ago

You could, but I'm not sure that's a good idea security-wise. Also how would you interact with commands that require interaction?

[-] emotional_soup_88@programming.dev 6 points 2 days ago

Hm... I'd run the script/service with root privileges and make the commands concise one-liners, maybe... I'm actually only looking at the shutdown command , presuming that it does sync and umount gracefully...

Maybe I could reduce security risks by creating a user that can only run shutdown. And make it so that only that user can access (download, print, execute) emails?

[-] clay_pidgin@sh.itjust.works 12 points 2 days ago

Or don't execute she'll commands written in the email, and instead have a plain English command that, if detected, triggers a specific shell command. That way nobody could arbitrarily run code, only the commands you've built into the listener.

[-] wildbus8979@sh.itjust.works 3 points 2 days ago

I'm not sure that's a good idea security-wise.

You could always sign the messages with GPG or S/MIME.

this post was submitted on 30 Dec 2025
23 points (96.0% liked)

Linux

10864 readers
568 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev