You might want to look into using public keys for user authentication and setting some options to a specific key(s) in ~/.ssh/authorized_keys file.
There's more info in sshd's man page (paragraph Authorized_keys file format), but basically you can restrict a specific public key to execute only a certain command by placing command="command_name" option before the public key data in the authorized_keys file. Martti's suggestion and mine work very well together. The above enforces
Martti Laaksonen wrote: that a user ssh'ing into the machine can only run a single command, and my suggestion gives you mandatory policy control over what that command can do. Using the hardlink hack, you can make the command unique to a user, or generic to a role. Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering, Novell http://novell.com Hacking is exploiting the gap between "intent" and "implementation" --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org