[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Limiting ssh usage on remote machine.
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: Limiting ssh usage on remote machine.
- From: Chuck Yerkes <chuck+obsd_(_at_)_feb2004_(_dot_)_snew_(_dot_)_com>
- Date: Fri, 12 Dec 2003 20:11:11 -0500
Well, on the remote machine, I can log in easily enough with
a passwordless key.
rdist (which handles things like "copy new files over with integrity"
and "run commands perhaps using said new files") goes to the remote
machine and runs (I believe "/bin/sh rdistd"). So I'm (re)learning
rdist a bit. I'd like to restrict REMOTE to running /usr/local/sbin/rdistd
but haven't worked that out yet. Letting is use a restricted shell
(rsh, not remote shell) is a step towards what I need.
File integrity isn't an issue with rdist (I believe). The command
run afterwards is "make" so the Makefile takes care of moving handled
data into place. And I can use a limited "sudo myscript" to do deal
with ownership and final locations.