From owner-freebsd-questions@FreeBSD.ORG  Thu Nov 29 08:07:33 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0EC6B16A418
	for <freebsd-questions@freebsd.org>;
	Thu, 29 Nov 2007 08:07:33 +0000 (UTC) (envelope-from on@cs.ait.ac.th)
Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16])
	by mx1.freebsd.org (Postfix) with ESMTP id 9CDB613C46E
	for <freebsd-questions@freebsd.org>;
	Thu, 29 Nov 2007 08:07:32 +0000 (UTC) (envelope-from on@cs.ait.ac.th)
Received: from banyan.cs.ait.ac.th (banyan.cs.ait.ac.th [192.41.170.5])
	by mail.cs.ait.ac.th (8.13.1/8.12.11) with ESMTP id lAT87UNj044913
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <freebsd-questions@freebsd.org>;
	Thu, 29 Nov 2007 15:07:31 +0700 (ICT)
Received: (from on@localhost)
	by banyan.cs.ait.ac.th (8.13.6/8.12.11) id lAT87UOo068193;
	Thu, 29 Nov 2007 15:07:30 +0700 (ICT)
Date: Thu, 29 Nov 2007 15:07:30 +0700 (ICT)
Message-Id: <200711290807.lAT87UOo068193@banyan.cs.ait.ac.th>
From: Olivier Nicole <on@cs.ait.ac.th>
To: freebsd-questions@freebsd.org
In-reply-to: <1d3ed48c0711282112g389407ddyed367561910adfe4@mail.gmail.com>
	(redchin@gmail.com)
References: <200711290428.lAT4SOLd065598@banyan.cs.ait.ac.th>
	<1d3ed48c0711282112g389407ddyed367561910adfe4@mail.gmail.com>
X-Virus-Scanned: on CSIM by amavisd-milter (http://www.amavis.org/)
Subject: Re: Secure remote shell
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Nov 2007 08:07:33 -0000

> ssh using key authentication and sudo configured to allow a certain
> user to run the needed commands and only the needed commands as root.
> rsh? Are you living in a cave? :)

Thanks for the replies.

The original script was written at the cave era, only I am trying to
improve it today.

Would that be better? Using key authentication so ssh needs no
password (and key access limit to limit the client connecting via ssh)
and limiting sudo to run only the mentionned script.

/usr/bin/ssh remote_user@remote_machine.com /usr/local/bin/sudo /usr/local/sbin/remove_user foor_bar

TIA.

Olivier