 |
Post AtKATt1daEaWf5fY2K by [email protected] |
 |
More posts by [email protected] |
|
Post #AtJg3eKAccYGufuX6u by [email protected] |
|
0 likes, 1 repeats |
|
|
|
TIL you can configure ssh to only allow a client to run 1 specific command http… |
|
|
|
Post #AtJg3eSK8J4dJxj2oq by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@b0rk Yes, this is a very useful feature! I have all sorts of single-purpose co… |
|
|
|
Post #AtJpaQ05nWCxdGDh3Y by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@b0rk SSH has so much configurability hidden behind inscrutable config file for… |
|
|
|
Post #AtJpahUqkPubtZjzrE by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@b0rk oh yeah, this is a great feature for automation, eg a backup system where… |
|
|
|
Post #AtJpiATRPQtLnHduRU by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@b0rk you can also configure an ssh server to run a command to fetch a user'… |
|
|
|
Post #AtJpkZZz2ResEiqjpI by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@b0rk cc: @dvl |
|
|
|
Post #AtJprPtpQVSwF3OZcm by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@b0rk isn't that how standalone git config through ssh and git protocol mak… |
|
|
|
Post #AtJpvFygG0lKd1UoEK by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@b0rk there is various options in authorized keys,.like authorizing jumphost on… |
|
|
|
Post #AtJpxcTDbLwMy0uG6C by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@b0rk extremely handy when you want to have a user for CI tooling that can only… |
|
|
|
Post #AtJpxd4nLdzwqYUGfY by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@b0rk with, sorry, replied before I read the article |
|
|
|
Post #AtJpyqgeEJqBLfm3aC by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@b0rk this is how sourcehut lets you ssh into build VMs to inspect the environm… |
|
|
|
Post #AtJq07SXM8UfemmP3Y by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@b0rk oh the important point here is you can do it in authorized keys, how inte… |
|
|
|
Post #AtJq4M4Wy4Yq8UZReS by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@b0rk isn't that basically how using SSH for GitHub or other git access wor… |
|
|
|
Post #AtJq4WFt6haTibxek4 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@b0rk ha! I have actually done this, in the wild, for money!Had a customer a lo… |
|
|
|
Post #AtJqA4Wn6rVVSeW0qe by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@b0rk wow neat!is there anywhere you wouldn't use this? l.ike to let anyone… |
|
|
|
Post #AtJqACmKQygn39qXB2 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@b0rk Yes!! It's a really powerful tool since you can set the command to a … |
|
|
|
Post #AtJqBmh4O6iEjE8iaO by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@b0rk FYI, I believe that using only `command=` still allows the client to set … |
|
|
|
Post #AtJqCTXJ6HS9bOu1q4 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@b0rk it's amazing with rsync, called rrsync (for restricted rsync). Safe b… |
|
|
|
Post #AtJqEcoxYDbEyfBVJo by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@b0rk also, per-key environment variable setting is 👌 |
|
|
|
Post #AtJqFrqNBLTxrLRDiC by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@b0rk @shawnhooper ‘shutdown -h now’? |
|
|
|
Post #AtJrDivJTbRfZJI480 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@b0rk Yep, that's how git works via ssh. You can do all sorts of useful thi… |
|
|
|
Post #AtK3Tz8u8lhfxGAUQi by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@ttyS1 @b0rk How vastly useful is that?It means a stolen passphrase-less ssh-ke… |
|
|
|
Post #AtK6Vj5r57Y4cYGPiK by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@dvl @b0rk it also means that server operators can lock down to single command … |
|
|
|
Post #AtK8BiquT4slzQrWcq by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@b0rk I use Borg backup this way. |
|
|
|
Post #AtK8uc28fQTTsAWI0O by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@ttyS1 @b0rk rsync is precisely what I use it for.See also the rrsync tool, pro… |
|
|
|
Post #AtKA5lzU5RYxtUADce by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@b0rk a fun option is to setup a honeypot that accepts all logins, prints a jui… |
|
|
|
Post #AtKAAxVqfxBT4om68O by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@b0rk I use this to automatically put me in my tmux session whenever I SSH into… |
|
|
|
Post #AtKAAxdIEH8fRuG2jo by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@paddy oh that's a cool idea |
|
|
|
Post #AtKATt1daEaWf5fY2K by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@b0rk There's also some examples of this in the gitea documentation for how… |
|
|
|
Post #AtKAr0uSR6u1m5L3w0 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@b0rk *huh*. Well, that's handy/ <files away> |
