Re: limiting allowed commands to rsync for a key
From: Brian Hatch (secure-shell@ifokr.org)
Date: 03/07/03
- Previous message: Conor Daly: "Re: limiting allowed commands to rsync for a key"
- In reply to: Denis McCarthy: "limiting allowed commands to rsync for a key"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 7 Mar 2003 13:22:09 -0800 From: Brian Hatch <secure-shell@ifokr.org> To: Denis McCarthy <dmccarthy@fexco.ie>
> I have a no-passphrase key on a couple of remote machines which I use to
> rsync the /etc/passwd, /etc/group and /etc/shadow files. I would like to
> restrict the no-passphrase key on the remote machines to only allow rsync to
> be run. When I put command="rsync" into the authorized_keys file, it just
> literally runs 'rsync' on the remote machine. What I would like is for the
> key to only allow commands that are running rsync to pass through the key.
> Is this possible?
You need to know the command actually being run on the remote
server, and it's not 'rsync' it's something more like
rsync --server --sender blah blah
and the args depend on what rsync command you're using.
You might want to check out
http://www.hackinglinuxexposed.com/articles/20021211.html
It is a series of articles showing how to create passwordless pubkey
access. The last part shows 'authprogs' which can be stuck in the
command= part of an authorized_keys file that allows multiple commands
to be executed on a host-by-host basis without creating bunches of
different pubkeys.
-- Brian Hatch Do infants enjoy infancy Systems and as much as adults enjoy Security Engineer adultery? http://www.ifokr.org/bri/ Every message PGP signed
- application/pgp-signature attachment: stored
- Previous message: Conor Daly: "Re: limiting allowed commands to rsync for a key"
- In reply to: Denis McCarthy: "limiting allowed commands to rsync for a key"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
