How to add commands in authorized keys 在公钥添加命令
跳到导航
跳到搜索
how to add commands in authorized_keys 在公钥添加命令
SSH authorized_keys command option: multiple commands? No. Is is not "allowed" command, but "forced" command (as ForceCommand option). The only possibility is to use different keys for different commands or read parameters from stdin [game@bin .ssh]$ cat /home/game/.ssh/authorized_keys <br/> command="~/.ssh/wrapper.sh",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwG9rdQ//94aIkejb6oGnb+R0IgXs11X11u9o2qbUqEoRDOYsS7Xlx4chEgtWquOMcjLWqzPw71DXaWIxdVxmY3/bQIc8FHQuT5FfjES35qsz7wml/gQJGuadxJ2MuR/auamj6JZgmBy5vwyJ+cSSx+u7VVq/Hws33DY8dVM6QGBqcQerUG/gsfMbbOZG8ras/xzWmgPuNWNMfwoZWdvlb7G6FRpjhdypjqu1Gf6CHc/SJ+/EL57Mzwy9Md51J5qw4fcvbTp9l11wEX6+Njxt70WbxGNRRpQ== test key
原理
了解authorized_keys中的command等一系列选项可以用于限定使用公钥验证登录后只能执行的命令,服务器在完成该脚本额执行后,SSH也会中端和客户端的通信。 authorized_keys中的command选项描述如下: command=”command” Specifies that the command is executed whenever this key is used for authentication. The command supplied by the user (if any) is ignored. The command is run on a pty if the client requests a pty; otherwise it is run without a tty. If an 8-bit clean chan- nel is required, one must not request a pty or should specify no-pty. A quote may be included in the command by quoting it with a backslash. This option might be useful to restrict cer- tain public keys to perform just a specific operation. An exam- ple might be a key that permits remote backups but nothing else. Note that the client may specify TCP and/or X11 forwarding unless they are explicitly prohibited. The command originally supplied by the client is available in the SSH_ORIGINAL_COMMAND environ- ment variable. Note that this option applies to shell, command or subsystem execution.
参考
how to add commands in .ssh/authorized_keys
http://stackoverflow.com/questions/26171836/how-to-add-commands-in-ssh-authorized-keys
http://serverfault.com/questions/749474/ssh-authorized-keys-command-option-multiple-commands
