Mailinglist Archive: opensuse-security (49 mails)

< Previous Next >
Re: [opensuse-security] Restrict ssh command execution
  • From: Martti Laaksonen <martti.laaksonen@xxxxxx>
  • Date: Sat, 16 Dec 2006 16:56:25 +0200
  • Message-id: <93B5756A-B2E2-48C1-A0AA-CC64DF5918C4@xxxxxx>

Boyan Tabakov kirjoitti 16.12.2006 kello 0.36:

Is it possible to restrict certain users to executing only one specific
command on the server with ssh? No interactive login should be allowed and no
other commands should be accepted. If possible - how? Didn't see any options
in sshd_config that looked promising... One think that came to mind is using
the shell field in the /etc/passwd file (setting it to some custom script).
Any other ideas?

You might want to look into using public keys for user authentication and setting some options to a specific key(s) in ~/.ssh/ authorized_keys file.

There's more info in sshd's man page (paragraph Authorized_keys file format), but basically you can restrict a specific public key to execute only a certain command by placing command="command_name" option before the public key data in the authorized_keys file.

-- Martti
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >