Suramya's Blog : Welcome to my crazy life…

September 5, 2005

Restricting SSH to allow users to only run allowed commands

Filed under: Computer Security,Security Tutorials — Suramya @ 7:54 AM

To restrict access to a server by allowing an authorized user to only run a specific command add an authorized_keys file entry that looks like (this is all in one line one line)

from=”202.41.95.13″,command=”rsync -aCz –server –sender $SRCDIR .”,
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty
ssh-dss
AAAAB3NzaC1kc3M

Here you must put the appropriate source directory in $SRCDIR.

The authorized key file can be put in a dummy users directory. This dummy user should have appropriate read/write permissions for the directory in question.

As an alternative you can use a configuration file “–config=$FILE” in place of $SRCDIR.

Once this is done, the owner of the SSH private key associated with the public-key (which is the bit that starts ssh-dss AAA….) can connect to the ssh server and start the above command and *only* the above command.

– Suramya

PS: Thanks to Kapil from the Linux Gazette Answer Gang for the above tip.

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment

Powered by WordPress