On Sat, 16 Nov 2002 09:56:53 +0200 (IST), Tzafrir Cohen <[EMAIL PROTECTED]> wrote: > > Can that key be limited to running only one command (or script?) > > This will limit the impact of a possible breach.
Yes the key can be limited, I already described it in my answer to Eran. Here it is again: Add the public key to your authorized_keys2 with syntax like this: command="exec COMMAND",no-pty,permitopen="another-machine:5900" ssh-dss <public-key> Where COMMAND is some program or script that will show the current status and allow the user to terminate but nothing else. (I have written several scripts that are used for users who use the ssh server just to connect to another machines, mostly using VNC). There are more options to limit the incoming ssh connection. See the section "AUTHORIZED_KEYS FILE FORMAT" in the sshd man page. Ehud. -- Ehud Karni Tel: +972-3-7966-561 /"\ Mivtach - Simon Fax: +972-3-7966-667 \ / ASCII Ribbon Campaign Insurance agencies (USA) voice mail and X Against HTML Mail http://www.mvs.co.il FAX: 1-815-5509341 / \ mailto:[EMAIL PROTECTED] Better Safe Than Sorry ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
