Re: limiting allowed commands to rsync for a key
From: Brian Hatch (firstname.lastname@example.org)
Date: Fri, 7 Mar 2003 13:22:09 -0800 From: Brian Hatch <email@example.com> To: Denis McCarthy <firstname.lastname@example.org>
> I have a no-passphrase key on a couple of remote machines which I use to
> rsync the /etc/passwd, /etc/group and /etc/shadow files. I would like to
> restrict the no-passphrase key on the remote machines to only allow rsync to
> be run. When I put command="rsync" into the authorized_keys file, it just
> literally runs 'rsync' on the remote machine. What I would like is for the
> key to only allow commands that are running rsync to pass through the key.
> Is this possible?
You need to know the command actually being run on the remote
server, and it's not 'rsync' it's something more like
rsync --server --sender blah blah
and the args depend on what rsync command you're using.
You might want to check out
It is a series of articles showing how to create passwordless pubkey
access. The last part shows 'authprogs' which can be stuck in the
command= part of an authorized_keys file that allows multiple commands
to be executed on a host-by-host basis without creating bunches of
-- Brian Hatch Do infants enjoy infancy Systems and as much as adults enjoy Security Engineer adultery? http://www.ifokr.org/bri/ Every message PGP signed
- application/pgp-signature attachment: stored