Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 29 Mar 2002 20:45:52 -0500 (EST)
From:      Peter Leftwich <Hostmaster@Video2Video.Com>
To:        Jason Stone <jason@shalott.net>
Cc:        Fernan Aguero <fernan@iib.unsam.edu.ar>, FreeBSD Security <freebsd-security@FreeBSD.ORG>
Subject:   Re: using ssh to run remote commands? [ssh -T, scp/ssh flags]
Message-ID:  <20020329204245.N81735-100000@earl-grey.cloud9.net>
In-Reply-To: <20020328003857.J5333-100000@walter>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 28 Mar 2002, Jason Stone wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> > I'd like to know how to run remote commands using ssh. I know I can do it as myself, but I'd like to know how can I set up my systems to allow non-login users (root, operator, amanda) to run remote commands on other hosts.
> You can't - ssh will always try to run a command by calling the user's shell, so unless you patch it, you _must_ give the user a valid shell.

I thought there was some way to run "ssh -T user@host" to bypass your shell, no?

> The best you can do is to give the user a valid shell but an invalid password (eg, "*") and use ssh keys to authenticate.  For additional security, you can specify a command along with the key in the authorized_keys file so that the key can _only_ be used to run that command (and not to get a shell).  man ssh, ssh-keygen.
>  -Jason

Why are the man page and options for the command "scp" so LIMITED compared
to those of "ssh?"

> I worry about my child and the Internet all the time, even though she's too young to have logged on yet.  Here's what I worry about.  I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -Mike Godwin

GREAT quote, depressing, but great.

> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (FreeBSD)
> Comment: See https://private.idealab.com/public/jason/jason.gpg
>
> iD8DBQE8othXswXMWWtptckRAsYLAJ9Xkk7nHT5v96DxvTIiagd0elMvAACgn1qO
> 4TtJLt7YCkrAMmgWtskX7sk=
> =jZLv
> -----END PGP SIGNATURE-----

Please comment on "ssh -T" and "scp vs ssh options."

--
Peter Leftwich
President & Founder
Video2Video Services
Box 13692, La Jolla, CA, 92039 USA
+1-413-403-9555


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020329204245.N81735-100000>