Manuel Arostegui Ramirez wrote: > > Morning Dave, > > This is such a dangerous thing, I have to say. > First off, and regarding to the fact of what a bad guy could do... > If he had acces to $command it means it would be able to know the key, > so he can log in without a problem in the remote machine (not just > executing remote commands which would involve a wee bit of experience > in Linux enviroments to know the remote paths and all that, if he got > access to the machine it would be easier. I hope I´m explaining myself > quite clear). > I don't believe this is true. From the sshd man page: command="command" Specifies that the command is executed whenever this key is used for authentication. The command supplied by the user (if any) is ignored. The command is run on a pty if the client requests a pty; otherwise it is run without a tty. If an 8-bit clean channel is required, one must not request a pty or should specify no-pty. A quote may be included in the command by quoting it with a backslash. This option might be useful to restrict certain public keys to perform just a specific operation. An example might be a key that permits remote backups but nothing else. Note that the client may specify TCP and/or X11 forwarding unless they are explicitly prohibited. Note that this option applies to shell, command or subsystem execution. Mikkel -- Do not meddle in the affairs of dragons, for thou art crunchy and taste good with Ketchup!
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list