Date: Fri, 20 Jul 2001 08:45:48 +1000 From: "Shevland, Joseph (AU - Hobart)" <jshevland@deloitte.com.au> To: "'Karsten W. Rohrbach'" <karsten@rohrbach.de> Cc: "'security@FreeBSD.ORG'" <security@FreeBSD.ORG> Subject: RE: Piping and scripts with scp Message-ID: <CDDF6190494B6648934181A2719E72C1019E83F1@ausyd0405.au.deloitte.com>
next in thread | raw e-mail | index | archive | help
Hi Karsten, I wasn't aware you could command restrict the key-pair, sounds like quite a cool feature and one I could use in an application I'm dealing with at the moment. Couldn't find any doco on the format to use in the man page though, or on OpenSSH (quicky search admittedly), do you have a pointer to some more information on this setup? Cheers, Joe > -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Karsten W. > Rohrbach > Sent: Friday, 20 July 2001 12:42 AM > To: Brett Glass > Cc: security@FreeBSD.ORG > Subject: Re: Piping and scripts with scp > > > generate ssh keys with ssh-keygen(1) and limit the remote command to > something that makes sense. > generate one key pair for every command you want to run and > name the key > files appropriately to reference the in you ssh(1) invocation. > > a command restricted pubkey looks like this (example for > self-contained > scp to a defined subdirectory): > command="scp -t /path/to/data",from="1.2.3.4" <keydata comes here...> > [snip] apologies about the whopping big sig thats going to get appended ***********Confidentiality/Limited Liability Statement*************** Have the latest business news and in depth analysis delivered to your desktop. Subscribe to "Insights", Deloitte's fortnightly email business bulletin . . . http://www.deloitte.com.au/preferences/preference.asp This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message, you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Deloitte Touche Tohmatsu immediately. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Deloitte. The liability of Deloitte Touche Tohmatsu, is limited by, and to the extent of, the Accountants' Scheme under the Professional Standards Act 1994 (NSW). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CDDF6190494B6648934181A2719E72C1019E83F1>