Date: Thu, 28 Mar 2002 00:46:05 -0800 (PST) From: Jason Stone <jason@shalott.net> To: Fernan Aguero <fernan@iib.unsam.edu.ar> Cc: FreeBSD Security <freebsd-security@freebsd.org> Subject: Re: using ssh to run remote commands? Message-ID: <20020328003857.J5333-100000@walter> In-Reply-To: <20020327152947.B443@iib.unsam.edu.ar>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > I'd like to know how to run remote commands using ssh. I know I can do > it as myself, but I'd like to know how can I set up my systems to > allow non-login users (root, operator, amanda) to run remote commands > on other hosts. You can't - ssh will always try to run a command by calling the user's shell, so unless you patch it, you _must_ give the user a valid shell. The best you can do is to give the user a valid shell but an invalid password (eg, "*") and use ssh keys to authenticate. For additional security, you can specify a command along with the key in the authorized_keys file so that the key can _only_ be used to run that command (and not to get a shell). man ssh, ssh-keygen. -Jason ----------------------------------------------------------------------- I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -- Mike Godwin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE8othXswXMWWtptckRAsYLAJ9Xkk7nHT5v96DxvTIiagd0elMvAACgn1qO 4TtJLt7YCkrAMmgWtskX7sk= =jZLv -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020328003857.J5333-100000>