check_by_ssh question

Matt Pounsett matt.pounsett at cira.ca
Thu Mar 25 17:27:11 CET 2004


On Thu, 25 Mar 2004, Andreas Ericsson wrote:

> > things significantly.  It's quite easy to limit one's passwordless ssh keys to
> > ONLY run certain commands, and to prevent the invocation of shells and so
> > forth, thus preventing those keys from being used to invade other machines.
> > 
> Didn't know about the commands bit. How does that work?

The details are all in the sshd(8) man page.. on my system under the
"AUTHORIZED_KEYS FILE FORMAT" heading.

> As for the shell; disable it and you won't get much checking done since 
> SSH forks a shell to take care of the command you want to.

True.  But you can prevent the key from being used to get an interactive
shell, which was my point.

-- 
Matt Pounsett                 CIRA - Canadian Internet Registration Authority
Technical Support Programmer                    350 Sparks Street, Suite 1110
matt.pounsett at cira.ca                                 Ottawa, Ontario, Canada
613.237.5335 ext. 231                                      http://www.cira.ca



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list