forced-commands-only and authorized_keys - SSH

This is a discussion on forced-commands-only and authorized_keys - SSH ; When using PermitRootLogin forced-commands-only, is there a way to add multiple commands in to authorized_keys file? If so, could you please be so kind to explain how it can be accomplished? Is it one command and key per line? Can ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: forced-commands-only and authorized_keys

  1. forced-commands-only and authorized_keys


    When using PermitRootLogin forced-commands-only, is there a way to add
    multiple commands in to authorized_keys file? If so, could you please
    be so kind to explain how it can be accomplished? Is it one command
    and key per line? Can I string multiple commands to the same key line?
    Please help!

    Cheers!


  2. Re: forced-commands-only and authorized_keys

    shpot4@yahoo.com wrote:

    > When using PermitRootLogin forced-commands-only, is there a way to add
    > multiple commands in to authorized_keys file? If so, could you please
    > be so kind to explain how it can be accomplished? Is it one command
    > and key per line? Can I string multiple commands to the same key line?
    > Please help!


    Why don't you just create a program on the host that runs those commands
    and then just put that one in the authorized keys?

    --
    Darren Dunham ddunham@taos.com
    Senior Technical Consultant TAOS http://www.taos.com/
    Got some Dr Pepper? San Francisco, CA bay area
    < This line left intentionally blank to confuse you. >

  3. Re: forced-commands-only and authorized_keys

    Why don't you just create a program on the host that runs those
    commands
    and then just put that one in the authorized keys?

    Thank you for your response, but that will not work for what I am
    trying to do. I would like to know if multiple commands can be listed
    in the authorized_keys file.


  4. Re: forced-commands-only and authorized_keys

    shpot4@yahoo.com wrote:
    > Thank you for your response, but that will not work for what I am
    > trying to do.


    What are you trying to do, then? (and why would running another program
    that then fired the commands not work?)

    > I would like to know if multiple commands can be listed in the
    > authorized_keys file.


    As far as I'm aware, no.

    Even if it did, I'm not sure how you'd attach STDIN/STDOUT to multiple
    processes.. How would you expect these separate commands to be
    invoked? All at once? Each in sequence?

    --
    Darren Dunham ddunham@taos.com
    Senior Technical Consultant TAOS http://www.taos.com/
    Got some Dr Pepper? San Francisco, CA bay area
    < This line left intentionally blank to confuse you. >

  5. Re: forced-commands-only and authorized_keys

    In article Darren
    Dunham writes:
    >shpot4@yahoo.com wrote:
    >> Thank you for your response, but that will not work for what I am
    >> trying to do.

    >
    >What are you trying to do, then? (and why would running another program
    >that then fired the commands not work?)


    Good questions.:-)

    >> I would like to know if multiple commands can be listed in the
    >> authorized_keys file.

    >
    >As far as I'm aware, no.


    Me neither.

    >Even if it did, I'm not sure how you'd attach STDIN/STDOUT to multiple
    >processes.. How would you expect these separate commands to be
    >invoked? All at once? Each in sequence?


    I'm guessing that he doesn't want all of the commands run, just wants to
    be able to specify multiple commands, any of which would be allowed to
    run separately. Of course this is not what the 'command' option does
    even for a single command - it says "run this command regardless of what
    the user requested" (i.e. it wouldn't be meaningful to have multiple
    instances of the option since only one can be chosen anyway).

    And hence, the way to implement the desired functionality is to specify
    a wrapper command/script via the 'command' option, have that examine the
    SSH_ORIGINAL_COMMAND environment variable (hm, why are the environment
    variables set by sshd described in the ssh man page...?) to see if the
    command is in the allowed list, and if so execute it (argument checking
    is possible too of course). Checking whether SSH_ORIGINAL_COMMAND
    actually includes multiple commands should probably be considered
    non-optional.

    --Per Hedeland
    per@hedeland.org



+ Reply to Thread