Bug#798639: ITP: restricted-ssh-commands -- Restrict SSH users to a predefined set of commands
Am Freitag, den 11.09.2015, 13:19 +0100 schrieb Alessio Treglia:
> On Fri, Sep 11, 2015 at 11:37 AM, Benjamin Drung
> <benjamin.drung@profitbricks.com> wrote:
> > Package: wnpp
> > Severity: wishlist
> > Owner: Benjamin Drung <benjamin.drung@profitbricks.com>
> >
> > * Package name : restricted-ssh-commands
> > Version : TBD
> > Upstream Author : Benjamin Drung <benjamin.drung@profitbricks.com>
> > * URL : TBD
> > * License : MIT
> > Programming Lang: Bash
> > Description : Restrict SSH users to a predefined set of commands
>
> I uploaded something like restricted-ssh-commands already:
> https://packages.qa.debian.org/s/sshcommand.html
Thanks for pointing it out. I looked at sshcommand and it serves a
slightly different purpose. sshcommand creates different users for each
command, but restricted-ssh-commands allows to run multiple command
under one user. One configuration /etc/restricted-ssh-commands/reprepro
could be:
############
^scp -p( -d)? -t( --)? /srv/reprepro/incoming(/[^ /]*)?$
^chmod 0644 /srv/reprepro/incoming/[^ /]*$
^reprepro ( -V)? -b /srv/reprepro processincoming foobar$
############
Then you could dput to reprepro@host via scp and run "ssh reprepro@host
reprepro -b /srv/reprepro processincoming foobar" as post-upload
command.
--
Benjamin Drung
System Developer
Debian & Ubuntu Developer
ProfitBricks GmbH
Greifswalder Str. 207
D - 10405 Berlin
Email: benjamin.drung@profitbricks.com
URL: http://www.profitbricks.com
Sitz der Gesellschaft: Berlin.
Registergericht: Amtsgericht Charlottenburg, HRB 125506B.
Geschäftsführer: Andreas Gauger, Achim Weiss.
Reply to: