11 Jun
2010
11 Jun
'10
4:56 p.m.
On Fri, June 11, 2010 12:41, Ralph Mitchell wrote:
On Fri, Jun 11, 2010 at 11:21 AM, Xymon User in Richmond < hobbit at epperson.homelinux.net> wrote:
On Fri, June 11, 2010 09:30, chap at anastigmatix.net wrote:
- the identity should not be allowed to run arbitrary commands. an entry in authorized_keys can be limited to running a single fixed command.
Just give the identity a login shell of /bin/true in /etc/passwd and you won't have to be concerned about commands from a shell at all.
You can also use a command such as /bin/hostname - that would give you a way to verify you reached the target system.
/bin/true will return exit 0. If you don't get that far, ssh will return nonzero.