[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Execute a SSH command



Hi Joao,

you have to do the following:

First generate a Public-Private-Key Pair for
xpto _and root_.
(You do this on the Client machines.)
Don`t forget to encrypt the private Key with a
passphrase.

Then copy the public key`s to the Server.
Target:
root: ~root/.ssh/authorized_keys
xpto: ~xpto/.ssh/authorized_keys

find / -name authorized_keys | xargs chmod 600

Warning !!!
Don`t overwrite an existing authorized_keys!!

Now!!
Test the root login.
and !!! Stay logged in. !!!

Then disable Passwword authentication on Server.
Kill the Master-SSHD.
Start sshd new.

Test the root login again.

Now you`re save.

Edit  ~xpto/.ssh/authorized_keys
Add command="[command]"[space] at the beginning of the line
containing the public key.

Test the login as xpto, and [command] should be executed.
Be aware [command] does not allow Shell escape.
That means "vi /etc/config" would be a bad idea due to :sh[enter]

Greetings

           Dirk







Joao Reis schrieb:

Hi Ingo,

But sudo isn't to be used just in the local machine? I want to remotely execute a command, and the user should not have permissions to execute any other command, even if he has permissions on the remote to do so.


On Thu, 24 Jun 2004 15:09:47 +0200, Ingo Börnig <ingo@xxxxxxxxxx> wrote:

Hi Joao,

Am 24.06.2004 um 12:07 schrieb Joao Reis:

Hi to all,

I need to execute a command in a remote machine throw ssh, but that command only can be executed by one user, for example xpto. This and all other users (except root) cannot execute commands in the remote machine with ssh except this particular user for this particular command. Resuming, only the user xpto can execute only this command with ssh. All others cannot
execute any command.


You should use sudo for this.

man sudo

Any help ?
Any reference ?

Thanks to all in advance

Joao Reis

--
Ingo Börnig <ingo at boernig.de>

pls ask for phone or snail address





TRIA IT-consulting GmbH Joseph-Wild-Straße 20 81829 München Germany Tel: +49 (89) 92907-0 Fax: +49 (89) 92907-100 http://www.tria.de --------------------------------------------------------

working hard | for your success
--------------------------------------------------------

Registergericht München HRB 113466 USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600 Geschäftsführer: Hubertus Wagenhäuser
--------------------------------------------------------
Nachricht von: dirk.schreiner@xxxxxxx Nachricht an: suse-security@xxxxxxxx # Dateianhänge: 0 Die Mitteilung dieser E-Mail ist vertraulich und nur für den oben genannten Empfänger bestimmt. Wenn Sie nicht der vorgesehene Empfänger dieser E-Mail oder mit der Aushändigung an ihn betraut sind, weisen wir darauf hin, daß jede Form der Kenntnisnahme, Veröffentlichung, Vervielfältigung sowie Weitergabe des Inhalts untersagt ist. Wir bitten Sie uns in diesem Fall umgehend zu unterrichten. Vielen Dank The information contained in this E-Mail is privileged and confidental intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient or competent to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this E-Mail is strictly prohibited. If you have received this E-Mail in error, please notify us immediately. Thank you

















--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here