6 Matching Annotations
  1. Apr 2021
  2. Dec 2019
    1. An ssh public key in a ~/.ssh/authorized_keys file can have a command="" option which forces a particular command to be executed when the key is used to authenticate an ssh connection. This is a security control that mitigates against private key compromise. This is great when you only need to execute a single command. But if you need to perform multiple tasks, you would normally need to create and install a separate key pair for each command, or just not bother making use of forced commands and allow the key to be used to execute any command.
    1. echo "from="${MYIP%% *}",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="rsync ${SSH_ORIGINAL_COMMAND#* }" $(ssh-keygen -yf ~/.ssh/rsync_rsa)" | ssh targetserver "cat - >>~/.ssh/authorized_keys" Note that the ‘command=’ restriction (http://larstobi.blogspot.ch/2011/01/restrict-ssh-access-to-one-command-but.html) will not apply if ‘/etc/sshd_config’ has already a ‘ForceCommand’ directive.