Re: Send a remote command?
On Thu, Nov 07, 2002 at 03:39:28PM -0800, nate wrote:
> this is a good method, another is to create passphrase-less RSA(ssh1)
> or DSA(ssh2) keys. that way SSH (either native or using rsync with
> ssh) does not prompt for a password.
Seconded.
> I would only do this on trusted systems however. One slipup can reveal
> your key to an intruder then they have easy access to all the other
> servers.
Then you use a restricted key. Your authorized_keys file at the remote
end looks something like this:
command="bsmtp-pull-server",no-pty,no-port-forwarding ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA5QLS+9Sxp/F1I3LjTxHoChbw6aK5KchSfoKLOOqXACkGE349LT5Wk9OsUFoHDw/ek8qOvsLoRczpEsaqLmRmueRr2KzXGmfHdKfvPpzv0JkBvloGF71VeE6Z+4ezOqqcjLBiJE3nxUYuR3siR0hAt0g5QURhMl0icEHeyLkuvIU= cjwatson@riva
That allows the named key to connect only for the purpose of running the
command 'bsmtp-pull-server'.
The key should still be kept secure of course, but the consequences of a
compromise aren't quite so bad.
--
Colin Watson [cjwatson@flatline.org.uk]
Reply to: