Limiting your password-less ssh login via command

home | blog | Terrible people and places | Covid-19 links | Teh Internet | guest blog |rants | placeholder | political | projects | Gwen and Liam | Citadel patched | Tools | Scouts




If you have a ssh limited login shell that runs only one command via the authorized_keys file,
but you want to extend it, try this:
In your authorized_keys for the login, extend the "command=" bit:

command="/bin/limitedcommand; ${SSH_ORIGINAL_COMMAND}"

That way you can tack on 'other things' to do should you need to...
ssh  user@machine 'other command'


You have just opened it up for other commands to be passed in.
Not useful if you want to limit for security reasons, but could be
useful if you want to extend some login say for check_mk
to allow for event handler to restart a service.



[æ]