 |
joeyh.name_comments_ikiwiki.rss.xml - sfeed_tests - sfeed tests and RSS and Ato… |
 |
git clone git://git.codemadness.org/sfeed_tests |
 |
Log |
|
Files |
|
Refs |
|
README |
|
LICENSE |
|
--- |
|
joeyh.name_comments_ikiwiki.rss.xml (7296B) |
|
--- |
|
1 <?xml version="1.0"?> |
|
2 <rss version="2.0" |
|
3 xmlns:dc="http://purl.org/dc/elements/1.1/" |
|
4 xmlns:dcterms="http://purl.org/dc/terms/" |
|
5 xmlns:atom="http://www.w3.org/2005/Atom"> |
|
6 <channel> |
|
7 <title>blog/entry/locking down ssh authorized keys</title> |
|
8 <link>http://joeyh.name/blog/entry/locking_down_ssh_authorized_keys/</li… |
|
9 <atom:link href="http://joeyh.name/blog/entry/locking_down_ssh_authorize… |
|
10 |
|
11 <description>joey</description> |
|
12 <generator>ikiwiki</generator> |
|
13 <pubDate>Mon, 22 Apr 2019 22:31:01 -0400</pubDate> |
|
14 <item> |
|
15 <title>comment 1</title> |
|
16 |
|
17 <guid isPermaLink="false">http://joeyh.name/blog/entry/locking_d… |
|
18 |
|
19 <link>http://joeyh.name/blog/entry/locking_down_ssh_authorized_k… |
|
20 |
|
21 <dc:creator>svend [myopenid.com]</dc:creator> |
|
22 |
|
23 |
|
24 <pubDate>Tue, 13 Jan 2009 16:25:34 -0500</pubDate> |
|
25 <dcterms:modified>2009-01-13T21:25:34Z</dcterms:modified> |
|
26 |
|
27 |
|
28 <description><blockquote><p>(I also tried the simple… |
|
29 |
|
30 <p>I found that <code>command="git shell -c \"$SSH… |
|
31 |
|
32 <p><code>command="git shell -c $SSH_ORIGINAL_COMMAND&qu… |
|
33 |
|
34 </description> |
|
35 |
|
36 |
|
37 </item> |
|
38 <item> |
|
39 <title>Limiting shell access to multiple </title> |
|
40 |
|
41 <guid isPermaLink="false">http://joeyh.name/blog/entry/locking_d… |
|
42 |
|
43 <link>http://joeyh.name/blog/entry/locking_down_ssh_authorized_k… |
|
44 |
|
45 <dc:creator>Galen</dc:creator> |
|
46 |
|
47 |
|
48 <pubDate>Wed, 30 Jan 2013 02:12:13 -0500</pubDate> |
|
49 <dcterms:modified>2013-01-30T07:12:16Z</dcterms:modified> |
|
50 |
|
51 |
|
52 <description><p>Since git 1.7.4, you can extend git-shell … |
|
53 |
|
54 <pre><code>#!/bin/bash … |
|
55 |
|
56 cmdline=($1) |
|
57 cmd=$(basename "${cmdline[0]}") |
|
58 |
|
59 if [ -z "$cmd" ] ; then |
|
60 exec git-shell |
|
61 elif [ -n "$cmd" -a -x ~/git-shell-commands/"$cmd" ]… |
|
62 ~/git-shell-commands/"$cmd" "${cmdline[@]:1}" |
|
63 else |
|
64 exec git-shell -c "$1" |
|
65 fi |
|
66 </code></pre> |
|
67 |
|
68 <p>Use this in place of git-shell in the authorize_keys "comm… |
|
69 |
|
70 <pre><code>command="sshsh \"$SSH_ORIGINAL_COMMAND\… |
|
71 </code></pre> |
|
72 |
|
73 <p>If you'd rather not require <code>$SSH_ORIGINAL_COMMA… |
|
74 |
|
75 <pre><code>#!/bin/bash … |
|
76 |
|
77 cmd=$(basename $1) |
|
78 |
|
79 if [ -z "$cmd" ] ; then |
|
80 exec git-shell |
|
81 elif [ -n "$cmd" -a -x ~/git-shell-commands/"$cmd" ]… |
|
82 shift |
|
83 ~/git-shell-commands/"$cmd" "$@" |
|
84 else |
|
85 exec git-shell -c "$*" |
|
86 fi |
|
87 </code></pre> |
|
88 |
|
89 <p>The authorized_key entry then becomes:</p> |
|
90 |
|
91 <pre><code>command="sshsh $SSH_ORIGINAL_COMMAND" .… |
|
92 </code></pre> |
|
93 |
|
94 <p>Any other commands you wish to allow through ssh can be created… |
|
95 |
|
96 <pre><code>$ ln -s $(which rsync) ~/git-shell-commands/ |
|
97 </code></pre> |
|
98 |
|
99 </description> |
|
100 |
|
101 |
|
102 </item> |
|
103 <item> |
|
104 <title>With unison</title> |
|
105 |
|
106 <guid isPermaLink="false">http://joeyh.name/blog/entry/locking_d… |
|
107 |
|
108 <link>http://joeyh.name/blog/entry/locking_down_ssh_authorized_k… |
|
109 |
|
110 <dc:creator>cassou</dc:creator> |
|
111 |
|
112 |
|
113 <pubDate>Wed, 12 Sep 2018 04:56:25 -0400</pubDate> |
|
114 <dcterms:modified>2018-09-12T08:56:26Z</dcterms:modified> |
|
115 |
|
116 |
|
117 <description><p>Add that to your authorized_keys file on t… |
|
118 |
|
119 <pre><code># Look at manpage sshd(8) for more information on… |
|
120 command="unison -server",restrict ssh-rsa ...the key... |
|
121 </code></pre> |
|
122 |
|
123 </description> |
|
124 |
|
125 |
|
126 </item> |
|
127 <item> |
|
128 <title>sshdo</title> |
|
129 |
|
130 <guid isPermaLink="false">http://joeyh.name/blog/entry/locking_d… |
|
131 |
|
132 <link>http://joeyh.name/blog/entry/locking_down_ssh_authorized_k… |
|
133 |
|
134 <dc:creator>joeyh</dc:creator> |
|
135 |
|
136 |
|
137 <pubDate>Mon, 22 Apr 2019 22:31:00 -0400</pubDate> |
|
138 <dcterms:modified>2019-04-23T02:31:01Z</dcterms:modified> |
|
139 |
|
140 |
|
141 <description><p>[Disclosure: I wrote sshdo which is descri… |
|
142 |
|
143 <p>There's a program called sshdo for doing this. It controls … |
|
144 |
|
145 <pre><code>http://raf.org/sshdo/ (read manual pages here) |
|
146 https://github.com/raforg/sshdo/ |
|
147 </code></pre> |
|
148 |
|
149 <p>It has a training mode to allow all commands that are attempted… |
|
150 |
|
151 <p>It also has an --unlearn option to stop allowing commands that … |
|
152 |
|
153 <p>It is very fussy about what it allows. It won't allow a com… |
|
154 |
|
155 <p>But it does support simple patterns to represent similar comman… |
|
156 |
|
157 <p>It's like a firewall or whitelisting control for ssh comman… |
|
158 |
|
159 </description> |
|
160 |
|
161 |
|
162 </item> |
|
163 |
|
164 </channel> |
|
165 </rss> |
