Re: Setup SSH to login from Internet to system behind firewal and sudo for few commands
On Wed, Mar 21, 2012 at 07:15:38PM +0100, Csanyi Pal wrote:
> Hi,
>
> I have a desktop machine: Debian GNU/Linux wheezy/sid system that is
> behind a Debian GNU/Linux Squeeze firewall/gateway.
>
> I want to setup firewall/gateway for an user to can login with SSH into
> my desktop from the Internet.
>
> After the user logged in with SSH, I want to let it run commands:
> apt-get and apt-cache only.
>
> Is this possyble?
> If yes, how can I log the activities of that user?
>
> Any advices will be appreciated!
Well, you *could* do that:
1. man sshd, read the section AUTHORIZED_KEYS FILE FORMAT to
restrict commands
2. remember that you need to authorize them to do this with
sudo, so edit /etc/sudoers appropriately.
but I really suggest you NOT do this, unless you are the user in
question. Remember that the power of apt-get as root can trash
your machine.
If what you want is automated or semi-automated updates, you
could do worse than run apticron.
A little more advanced would be to create your own apt
repository, and only move packages into it when you have already
vetted them and want them applied. Then you can safely run
apticron with automatic installation.
You'll get better advice if you explain what you're trying to
do.
-dsr-
--
http://randomstring.org/~dsr/eula.html is hereby incorporated by reference.
You can't fight for freedom by taking away rights.
Reply to: