There are two ways to forced command. One is through public-key authentication configuration in the file authorized_keys as we saw here. The other is thought the usage of the keyword ForceCommand in sshd_config. To restrict users run nothing but the alpine command, we put the following line in sshd_config:
ForceCommand /usr/bin/alpine
The major difference between these two are: configuration though public-key authentication applies to one user, and each user may have her/his own option; configuration through ForceCommand keyword may be system-wide, keyword Match should be used combinedly if ForceCommand should apply to certain user(s).
What if we want the user to not only execute a single command, but few fixed commands at user's choice, such as:
- show process list (ps aux),
- print system information (uname -a),
- show who is logged on (who), or
- start rdiff-backup server (rdiff-backup --server --restrict-read-only /)
With environment variable SSH_ORIGINAL_COMMAND,
the following script (wrapper.sh) wraps all permitted commands:
#!/bin/sh
# Script: /usr/local/bin/wrapper.sh
case "$SSH_ORIGINAL_COMMAND" in
"ps")
ps aux
;;
"uname")
uname -a
;;
"who")
who
;;
"rdiff")
rdiff-backup --server --restrict-read-only /
;;
*)
echo "Only the following commands are available to you:"
echo "ps, uname, who and rdiff"
exit 1
;;
esac
The configuration (sshd_config) of ForceCommand with Match (user backup) is as follows:
Match User backup
ForceCommand /usr/local/bin/wrapper.sh
To show process list on ssh server, one issues:
ssh backup@server ps
where original command "ps" was passed to the wrapper script by environment variable SSH_ORIGINAL_COMMAND.
To backup directory tree /path_to_src on server to local directory /path_to_dst, one issues:
rdiff-backup --remote-schema "ssh -C %s rdiff" backup@server::/path_to_src /path_to_dst
No comments:
Post a Comment