authorized_keys and command=

From: David Magda (dmagda+trace040423_at_ee.ryerson.ca)
Date: 06/18/04

  • Next message: Per Hedeland: "Re: authorized_keys and command=" 
    Date: 18 Jun 2004 16:42:50 -0400

    Hello,

    Trying to use the command="" keyword in OpenSSH 3.4p1 (Debian woody)
    and having a small issue.

        ----- /\/\/\/\/\ -----
       | A |---< Internet >----| B |
        ----- \/\/\/\/\/ -----

    I can't get to B directly, so I'm creating a tunnel from B to A so I
    can log into B.

      B:~$ ssh -R 10000:localhost:22 vpn@A

    On A, I can now connect to port 10,000 and reach sshd(8) on B.

    To increase security a bit I have a special user ("vpn") setup on A
    that allows public-key logins, but has a disabled password. To keep
    the connection going, I have the vmstat(8) command running (to
    minimize issues with connections timing out).

    My A:~vpn/.ssh/authorized_keys looks like this:

    command="vmstat 3 > /dev/null" ssh-dss AAAAB3Nzaakdghkas ... Vw== user@B

    When I kill the login on B (with a ^C), the vmstat is still running
    on A. However, if I get rid of the redirection to /dev/null and ^C
    the connection then the vmstat dies.

    How is the /dev/null redirection changing the behaviour of the shell
    on A?

    (It's not a big deal for me to get rid of it, I just want to
    understand what's occuring.)

    Thanks for any info. 

    -- 
David Magda <dmagda at ee.ryerson.ca>, http://www.magda.ca/
Because the innovator has for enemies all those who have done well under
the old conditions, and lukewarm defenders in those who may do well 
under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI
  • Next message: Per Hedeland: "Re: authorized_keys and command="

    Relevant Pages

    • RE: Dialin problem
      ... # /etc/ppp/ppp.conf File for dial out modem to ISP and Dial in modem ... # connection to this FBSD system. ... # it's default options profile set to, NO command echo ATE0 and NO ... Edit /etc/ttys to enable a getty on the port where the dialin ...
      (freebsd-questions)
    • Re: [SLE] Setting up DSL on SUSE 10.1
      ... I won't faint at command line. ... SUSE or Mepis and the non computer oriented PCLinuxOS. ... In some OS's such as MS's the network will be confiured and on. ... on the DSL connection? ...
      (SuSE)
    • Re: More ASP.Net Newbie Questions
      ... The Command is then what you're doing with this connection, ... In regards to your final point, making grids and controls in general do ... > Connection and Recordset objects into, like, 37 different things. ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: Dial-up clients drop connections
      ... Both products physically synchronize with the respondent modem, authenticate, attempt to "talk to the network", then drop the connection. ... Extreme cases may warrant the removal of the TCP/IP protocol..With the NetShell utility, you can reset the TCP/IP stack to restore it to its state that existed when the operating system was installed. ... When you run the reset command, it rewrites pertinent registry keys that are used by the Internet Protocol stack to reach the same result as the removal and the reinstallation of the protocol. ...
      (microsoft.public.windowsxp.general)
    • Re: Troubleshooting connection loss (continued)
      ... If that is the problem, the broken connection must be short-lived, ... Run as is and I think it should fail on testing ISP gateway to modem. ... command line starts with a $ so you can tell command linefrom results ... nameserver 0.238.0.12 ...
      (comp.os.linux.networking)