24
[SOLVED] Send commands to Linux box via e-mail? (programming.dev)
submitted 6 days ago* (last edited 6 days ago) by emotional_soup_88@programming.dev to c/linux@programming.dev
31 comments fedilink hide all child comments

Edit/Solved: Thank you for all the great input! Both on alternative solutions and on security implications. I'm going to make a draft on how I would setup the e-mail method as securely as possible as a programming/scripting exercise, but will IRL probably end up using either some reverse tunnel/shell variant.

Edit 2: or, as a hardware solution, install an extra NIC that I expose to the opennet - thus enabling remote port forwarding - while binding all my sensitive processes/traffic to my encrypted NIC.

I cannot ssh into my Linux box from outside of my LAN since I'm behind a VPN that doesn't support port forwarding. Is it possible to make my Linux box receive, interpret and execute commands through e-mail instead? I've tried looking for answers through DuckDuckGo's search engine, to no avail. If I may dream, I would like to setup an e-mail server with a systemd service or just run a script that continuously downloads the emails, prints their content to stdin and executes, perhaps through command substitution, whatever is in stdin.

you are viewing a single comment's thread
view the rest of the comments
[-] BlackEco@lemmy.blackeco.com 21 points 6 days ago

You could, but I'm not sure that's a good idea security-wise. Also how would you interact with commands that require interaction?

[-] emotional_soup_88@programming.dev 6 points 6 days ago

Hm... I'd run the script/service with root privileges and make the commands concise one-liners, maybe... I'm actually only looking at the shutdown command , presuming that it does sync and umount gracefully...

Maybe I could reduce security risks by creating a user that can only run shutdown. And make it so that only that user can access (download, print, execute) emails?

[-] clay_pidgin@sh.itjust.works 12 points 6 days ago

Or don't execute she'll commands written in the email, and instead have a plain English command that, if detected, triggers a specific shell command. That way nobody could arbitrarily run code, only the commands you've built into the listener.

load more comments (1 replies)
this post was submitted on 30 Dec 2025
24 points (96.2% liked)

Linux

10937 readers
672 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev