4 Matching Annotations
- Dec 2019
-
security.stackexchange.com security.stackexchange.com
-
github.com github.com
-
An ssh public key in a ~/.ssh/authorized_keys file can have a command="" option which forces a particular command to be executed when the key is used to authenticate an ssh connection. This is a security control that mitigates against private key compromise. This is great when you only need to execute a single command. But if you need to perform multiple tasks, you would normally need to create and install a separate key pair for each command, or just not bother making use of forced commands and allow the key to be used to execute any command.
-
-
serverfault.com serverfault.com
-
from="<ip>",command="/usr/local/sbin/validate-rsync" ssh-dss AAAAZ5Hbl......
-
-
www.pointsoftware.ch www.pointsoftware.ch
-
echo "from="${MYIP%% *}",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="rsync ${SSH_ORIGINAL_COMMAND#* }" $(ssh-keygen -yf ~/.ssh/rsync_rsa)" | ssh targetserver "cat - >>~/.ssh/authorized_keys" Note that the ‘command=’ restriction (http://larstobi.blogspot.ch/2011/01/restrict-ssh-access-to-one-command-but.html) will not apply if ‘/etc/sshd_config’ has already a ‘ForceCommand’ directive.
-