Executable commands are predefined on the server in a format (JSON in this case). These commands are parsed by the backend system and sent over to the client via a REST API. The client receives randomly unique IDs of the commands and requests execution of the commands by sending back the ID to the server. The server executed the command defined on its end and returns the result to the client. The communication between the client and server is encrypted using AES-256-GCM and optional SSL.
This repo consists of 3 folders:
backend: The Golang backendfrontend: The Flutter mobile app frontendwebapp: An HTML GUI for admins to manage SecMob
You can go through the components in the above mentioned order. Each folder is a whole project in itself and has its own documentation in the README. Backend Repo
-
Since SecMob has commands predefined, no action except them can be performed by the user. Thus the risk of user mishaps in sensitive environments is eliminated
-
Considering an enterprise sharepoint giving access to sensitive infrastructure, the engineers don't have to be on call and actively monitor the systems.
-
Enterprises can have fine grained access provisions for their vendors
-
Logs Monitoring & Service Restarts as elaborated in the above cases
-
If a user should only have access to a very specific command or sequence of commands
-
Users away from shell environments like sysadmins on vacation can utilize SecMob for routine health checks and monitoring
-
If a mobile device with SSH provision is compromised, the french pack might be deleted (rm -fr /) but on SecMob it isn't that easy
Consider SSH as a sword and SecMob as a knife and the use cases mentioned above as apples. Surely you can cut an apple with a sword but a knife might be better suited.
While SSH can be used for the mentioned use cases, from our my experience it wasn't feasible.
It all depends on the use cases that exist, SecMob doesn't aim to be an SSH replacement, it aims to offer a convenience factor to certain use cases.