From owner-freebsd-security Thu Jul 19 15:45:57 2001 Delivered-To: freebsd-security@freebsd.org Received: from mx1.deloitte.com.au (mx1.deloitte.com.au [210.11.17.9]) by hub.freebsd.org (Postfix) with ESMTP id DC0E737B401 for ; Thu, 19 Jul 2001 15:45:50 -0700 (PDT) (envelope-from jshevland@deloitte.com.au) Received: from ausyd0490.deloitte.com.au (unverified) by mx1.deloitte.com.au (Content Technologies SMTPRS 4.1.5) with ESMTP id ; Fri, 20 Jul 2001 08:37:13 +1000 Received: by ausyd0490.deloitte.com.au with Internet Mail Service (5.5.2653.19) id ; Fri, 20 Jul 2001 08:45:48 +1000 Message-ID: From: "Shevland, Joseph (AU - Hobart)" To: "'Karsten W. Rohrbach'" Cc: "'security@FreeBSD.ORG'" Subject: RE: Piping and scripts with scp Date: Fri, 20 Jul 2001 08:45:48 +1000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi Karsten, I wasn't aware you could command restrict the key-pair, sounds like quite a cool feature and one I could use in an application I'm dealing with at the moment. Couldn't find any doco on the format to use in the man page though, or on OpenSSH (quicky search admittedly), do you have a pointer to some more information on this setup? Cheers, Joe > -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Karsten W. > Rohrbach > Sent: Friday, 20 July 2001 12:42 AM > To: Brett Glass > Cc: security@FreeBSD.ORG > Subject: Re: Piping and scripts with scp > > > generate ssh keys with ssh-keygen(1) and limit the remote command to > something that makes sense. > generate one key pair for every command you want to run and > name the key > files appropriately to reference the in you ssh(1) invocation. > > a command restricted pubkey looks like this (example for > self-contained > scp to a defined subdirectory): > command="scp -t /path/to/data",from="1.2.3.4" > [snip] apologies about the whopping big sig thats going to get appended ***********Confidentiality/Limited Liability Statement*************** Have the latest business news and in depth analysis delivered to your desktop. Subscribe to "Insights", Deloitte's fortnightly email business bulletin . . . http://www.deloitte.com.au/preferences/preference.asp This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message, you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Deloitte Touche Tohmatsu immediately. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Deloitte. The liability of Deloitte Touche Tohmatsu, is limited by, and to the extent of, the Accountants' Scheme under the Professional Standards Act 1994 (NSW). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message