AutoSSH Module for Prey

Prey

Prey is software that allows you to track computers and other devices in case they are stolen. After it’s installed on a machine, it periodically checks to see if you have reported it as stolen, and if you have, it will contact you with details about the machine’s current status. This information includes its IP address, GPS position, a screenshot of the current desktop and a picture (or video) of the perpetrator using the webcam.


This makes it much easier to recover your property. However, I also wanted to be able to have full control of the machine in order to access my data and to be able to directly monitor the thief. The easiest option is to ssh directly into the machine; however, this is only possible if the router they are connected to doesn’t block outside connections. One solution is to set up Prey to open a remote port on another machine that forwards back to itself; this way, your laptop initiates an outbound connection and evades the block.

Prerequisites

To accomplish this, you will need root access on a server that’s running OpenSSH so that you can add a user that’s only used for Prey. You could conceivably use your own account instead of creating a new one, but if your laptop is stolen, the thief would be given full access to your account. Your laptop also needs to be running Linux (the same procedures should work for other *nix systems, but modifications will have to be made to the directory structure of the download).

Account preparation

To allow Prey to access your server, we will be setting up SSH keys that allow automatic login onto a server. Because of this, it is very important that you create a new user on the server and disable their shell, so that if your laptop is stolen, the thief won’t be given access to an account.

On the server, run the following as root to add a new user:
root@server:~# adduser preyuser
Set a password and whatever other options it asks for.

On your laptop, run all of the following commands as root:
root@laptop:~# ssh-keygen -t rsa
Do not enter a passphrase.
Now use ssh to create a ~/.ssh directory by running:
root@laptop:~# ssh preyuser@server mkdir -p .ssh
Enter the password for the user you just created.
Now append the laptop’s public key to the authorized keys on the server:
root@laptop:~# cat ~/.ssh/id_rsa.pub | ssh preyuser@server 'cat >> .ssh/authorized_keys'
You should now be able to log into the server as preyuser without entering a password.

Finally, back on the server, disable preyuser‘s ability to login by disabling their login shell:
root@server:~# which nologin
/usr/sbin/nologin
root@server:~# chsh -s /usr/sbin/nologin preyuser

Trying to log into the server should now give give you the message that the account is currently not available.

Configuring your laptop

The only thing to do now is to configure Prey. Download the AutoSSH module onto your laptop and decompress it:
root@laptop:~# wget http://www.skari.org/blog/prey-autossh.tgz
root@laptop:~# tar -xzvf prey-autossh.tgz
Edit the autossh/config file and fill in your server, username, and remote port. When you’re done, move the folder into the Prey modules directory:
root@laptop:~# mv autossh /usr/share/prey/modules/
That’s it!

Prey should now open a forwarded tunnel from your server to your laptop when activated. However, if the connection is interrupted, the tunnel will die. You may want to consider installing autossh which will start and actively monitor an SSH connection and restart it as necessary. This module will use autossh if it is available and fall back to plain ssh otherwise.

Logging into your stolen laptop

Now, if your laptop is stolen, Prey should activate and send you a report. To access your laptop, login to your server and run:
user@server:~$ ssh user@localhost -p port

Enter the laptop’s user‘s password,and you should be in. Now go catch the bastard!

Advertisements
This entry was posted in Uncategorized and tagged . Bookmark the permalink.

2 Responses to AutoSSH Module for Prey

  1. Cory Logan says:

    Hey there, wanted to check out that module, I’m thinking about doing something similar with my fleet… But your link gives a 404… Is that repo up somewhere? Thanks!

    • bskari says:

      Whoops! Sorry about that, I migrated servers over the weekend and I guess I forgot to double check that everything was working. Everything should be fixed now.

      That being said, since I wrote this module, it looks like the Prey maintainers added some similar functionality to the mainline project, buy it’s undcumented and the last time I looked (which was over 6 months ago) it didn’t appear to be fully functional. If this works for you, I’ll try to go and submit a patch to the Prey maintainers and get this rolled into the main distribution.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s