From owner-freebsd-security Tue Jun 11 16:13:22 2002 Delivered-To: freebsd-security@freebsd.org Received: from osi-east2.nersc.gov (osi-east2.nersc.gov [128.55.6.20]) by hub.freebsd.org (Postfix) with ESMTP id 26E3137B40A for ; Tue, 11 Jun 2002 16:13:14 -0700 (PDT) Received: from gemini.nersc.gov (gemini.nersc.gov [128.55.16.111]) by osi-east2.nersc.gov (8.9.2/8.9.2) with ESMTP id QAA26674 for ; Tue, 11 Jun 2002 16:13:09 -0700 (PDT) Received: from gemini.nersc.gov (localhost [127.0.0.1]) by gemini.nersc.gov (Postfix) with ESMTP id D651F3B1AC for ; Tue, 11 Jun 2002 16:13:12 -0700 (PDT) X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: freebsd-security@FreeBSD.ORG Subject: Re: ssh questions In-Reply-To: Message from Lowell Gilbert of "11 Jun 2002 17:55:21 EDT." <44ptyx7a5y.fsf@be-well.ilk.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_303021056P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Tue, 11 Jun 2002 16:13:12 -0700 From: Eli Dart Message-Id: <20020611231312.D651F3B1AC@gemini.nersc.gov> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --==_Exmh_303021056P Content-Type: text/plain; charset=us-ascii You can also edit the public key so that access granted to the private key is only for running a given command. For example, if you want to check the status of network connections on the remote machine periodically, you can do this: from="ip_address_of_polling_host",command="/usr/bin/netstat -inb",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-dss AAA...(rest of key) The output of netstat -inb will show up on stdout on the local machine. --eli In reply to Lowell Gilbert : > "jack xiao" writes: > > > I am ruunig ssh under FreeBSD4.5. It works=A0fine, but I am=A0wondering i= > f anybody > > has any experience of using ssh without inputing username and password. I= > t's > > for a cron job on my box... > > Sure. You use DSA or RSA authentication, and no passphrase.=20=20 > See the manual. > > [You need to be very careful about this kind of configuration, though; > if possible, give the ssh identity a userid with no login privileges...] > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message --==_Exmh_303021056P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: This is a comment. iD8DBQE9BoQILTFEeF+CsrMRAtPWAKCjGNaRrmUdVaHbKgxr/Apt/2XYwQCeLLU6 kttJfe3I3DicXGhnhKa2JWU= =UuYt -----END PGP SIGNATURE----- --==_Exmh_303021056P-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message