Re: Bug#798639: ITP: restricted-ssh-commands -- Restrict SSH users to a predefined set of commands

To: Alessio Treglia <alessio@debian.org>
Cc: 798639@bugs.debian.org, Debian Developers <debian-devel@lists.debian.org>
Subject: Re: Bug#798639: ITP: restricted-ssh-commands -- Restrict SSH users to a predefined set of commands
From: Benjamin Drung <benjamin.drung@profitbricks.com>
Date: Fri, 11 Sep 2015 16:01:58 +0200
Message-id: <[🔎] 1441980118.12588.68.camel@profitbricks.com>
In-reply-to: <[🔎] CAMHuwoxfzP_i=1JmauU00xYuidVVrSEU497=8Nb_3UkCr2ewkg@mail.gmail.com>
References: <[🔎] 20150911103728.29738.19466.reportbug@konstrukt.pb.local> <[🔎] CAMHuwoxfzP_i=1JmauU00xYuidVVrSEU497=8Nb_3UkCr2ewkg@mail.gmail.com>

Am Freitag, den 11.09.2015, 13:19 +0100 schrieb Alessio Treglia:
> On Fri, Sep 11, 2015 at 11:37 AM, Benjamin Drung
> <benjamin.drung@profitbricks.com> wrote:
> > Package: wnpp
> > Severity: wishlist
> > Owner: Benjamin Drung <benjamin.drung@profitbricks.com>
> >
> > * Package name    : restricted-ssh-commands
> >   Version         : TBD
> >   Upstream Author : Benjamin Drung <benjamin.drung@profitbricks.com>
> > * URL             : TBD
> > * License         : MIT
> >   Programming Lang: Bash
> >   Description     : Restrict SSH users to a predefined set of commands
> 
> I uploaded something like restricted-ssh-commands already:
>     https://packages.qa.debian.org/s/sshcommand.html

Thanks for pointing it out. I looked at sshcommand and it serves a
slightly different purpose. sshcommand creates different users for each
command, but restricted-ssh-commands allows to run multiple command
under one user. One configuration /etc/restricted-ssh-commands/reprepro
could be:

############
^scp -p( -d)? -t( --)? /srv/reprepro/incoming(/[^ /]*)?$
^chmod 0644 /srv/reprepro/incoming/[^ /]*$
^reprepro ( -V)? -b /srv/reprepro processincoming foobar$
############

Then you could dput to reprepro@host via scp and run "ssh reprepro@host
reprepro -b /srv/reprepro processincoming foobar" as post-upload
command.

-- 
Benjamin Drung
System Developer
Debian & Ubuntu Developer

ProfitBricks GmbH
Greifswalder Str. 207
D - 10405 Berlin

Email: benjamin.drung@profitbricks.com
URL:  http://www.profitbricks.com

Sitz der Gesellschaft: Berlin.
Registergericht: Amtsgericht Charlottenburg, HRB 125506B.
Geschäftsführer: Andreas Gauger, Achim Weiss.

Reply to:

Follow-Ups:
- Re: Bug#798639: ITP: restricted-ssh-commands -- Restrict SSH users to a predefined set of commands
  - From: Alessio Treglia <alessio@debian.org>

References:
- Bug#798639: ITP: restricted-ssh-commands -- Restrict SSH users to a predefined set of commands
  - From: Benjamin Drung <benjamin.drung@profitbricks.com>
- Re: Bug#798639: ITP: restricted-ssh-commands -- Restrict SSH users to a predefined set of commands
  - From: Alessio Treglia <alessio@debian.org>

Prev by Date: Re: Bug#798639: ITP: restricted-ssh-commands -- Restrict SSH users to a predefined set of commands
Next by Date: debian-update-8.1.0-source-DVD-1 checksum different
Previous by thread: Re: Bug#798639: ITP: restricted-ssh-commands -- Restrict SSH users to a predefined set of commands
Next by thread: Re: Bug#798639: ITP: restricted-ssh-commands -- Restrict SSH users to a predefined set of commands
Index(es):
- Date
- Thread