Date: Fri, 20 Jul 2001 08:45:48 +1000 From: "Shevland, Joseph (AU - Hobart)" <jshevland@deloitte.com.au> To: "'Karsten W. Rohrbach'" <karsten@rohrbach.de> Cc: "'security@FreeBSD.ORG'" <security@FreeBSD.ORG> Subject: RE: Piping and scripts with scp Message-ID: <CDDF6190494B6648934181A2719E72C1019E83F1@ausyd0405.au.deloitte.com>
next in thread | raw e-mail | index | archive | help
Hi Karsten,
I wasn't aware you could command restrict the key-pair, sounds like quite a
cool feature and one I could use in an application I'm dealing with at the
moment. Couldn't find any doco on the format to use in the man page though,
or on OpenSSH (quicky search admittedly), do you have a pointer to some more
information on this setup?
Cheers,
Joe
> -----Original Message-----
> From: owner-freebsd-security@FreeBSD.ORG
> [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Karsten W.
> Rohrbach
> Sent: Friday, 20 July 2001 12:42 AM
> To: Brett Glass
> Cc: security@FreeBSD.ORG
> Subject: Re: Piping and scripts with scp
>
>
> generate ssh keys with ssh-keygen(1) and limit the remote command to
> something that makes sense.
> generate one key pair for every command you want to run and
> name the key
> files appropriately to reference the in you ssh(1) invocation.
>
> a command restricted pubkey looks like this (example for
> self-contained
> scp to a defined subdirectory):
> command="scp -t /path/to/data",from="1.2.3.4" <keydata comes here...>
> [snip] apologies about the whopping big sig thats going to get appended
***********Confidentiality/Limited Liability Statement***************
Have the latest business news and in depth analysis delivered to your
desktop. Subscribe to "Insights", Deloitte's fortnightly email
business bulletin . . .
http://www.deloitte.com.au/preferences/preference.asp
This message contains privileged and confidential information intended
only for the use of the addressee named above. If you are not the
intended recipient of this message, you must not disseminate, copy or
take any action in reliance on it. If you have received this message
in error, please notify Deloitte Touche Tohmatsu immediately. Any
views expressed in this message are those of the individual sender,
except where the sender specifically states them to be the views of
Deloitte.
The liability of Deloitte Touche Tohmatsu, is limited by, and to the
extent of, the Accountants' Scheme under the Professional Standards
Act 1994 (NSW).
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CDDF6190494B6648934181A2719E72C1019E83F1>