[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Execute a SSH command



Hm,

Am 24.06.2004 um 17:10 schrieb Dirk Schreiner:

Noo,
not sudo (not in this case though i like it ;-)

IMHO best bet is:
Using Public-Private-Key Authentication only.
And Including the Command in the key ;-)

command="/bin/bash ...." [Public-Key]
in authorized_keys

How do take care that the command cannot be executed by another user?
I thought that was the main problem. Executing commands remotely using ssh and Public/Private
keys  have to be used too, of course!

I assumed that the other users are allowed to login to the remote machine using ssh. But reading more carefully, that assumption makes no sense, since if they "cannot execute any command", they cannot login at all!

Well then its simply enough to put the users (and roots) private key into authorized_keys and disable password login in /etc/ssh/sshd_conf.

wkr,
Ingo

Greetings
        Dirk



Ingo Börnig schrieb:
Hi Joao,
Am 24.06.2004 um 12:07 schrieb Joao Reis:
Hi to all,

I need to execute a command in a remote machine throw ssh, but that command only can be executed by one user, for example xpto. This and all other users (except root) cannot execute commands in the remote machine with ssh except this particular user for this particular command. Resuming, only the user xpto can execute only this command with ssh. All others cannot
execute any command.

You should use sudo for this.
man sudo
Any help ?
Any reference ?

Thanks to all in advance

Joao Reis
--
Ingo Börnig <ingo at boernig.de>
pls ask for phone or snail address

TRIA IT-consulting GmbH Joseph-Wild-Straße 20 81829 München Germany Tel: +49 (89) 92907-0 Fax: +49 (89) 92907-100 http://www.tria.de -------------------------------------------------------- working hard | for your success -------------------------------------------------------- Registergericht München HRB 113466 USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600 Geschäftsführer: Hubertus Wagenhäuser -------------------------------------------------------- Nachricht von: dirk.schreiner@xxxxxxx Nachricht an: suse-security@xxxxxxxx # Dateianhänge: 0 Die Mitteilung dieser E-Mail ist vertraulich und nur für den oben genannten Empfänger bestimmt. Wenn Sie nicht der vorgesehene Empfänger dieser E-Mail oder mit der Aushändigung an ihn betraut sind, weisen wir darauf hin, daß jede Form der Kenntnisnahme, Veröffentlichung, Vervielfältigung sowie Weitergabe des Inhalts untersagt ist. Wir bitten Sie uns in diesem Fall umgehend zu unterrichten. Vielen Dank The information contained in this E-Mail is privileged and confidental intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient or competent to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this E-Mail is strictly prohibited. If you have received this E-Mail in error, please notify us immediately. Thank you
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here



--
Ingo Börnig <ingo at boernig.de>

pls ask for phone or snail address


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here