-
The security of the ssh connection
Hi,
I did a few modifications to the ssh configuration to make the connection between agents and the server.When the public/private key configuration is running fine between agents and server, I created a script valid.sh in the pandora_server directory on the server as follow:
[code:1]#!/bin/sh
case “$SSH_ORIGINAL_COMMAND” in
*&*)
echo “Rejected 1 ”
;;
*(*)
echo “Rejected 2 ”
;;
*{*)
echo “Rejected 3 ”
;;
*;*)
echo “Rejected 4 ”
;;
*<*) echo "Rejected 5 " ;; *`*) echo "Rejected 6 " ;; rsync*pandora*data_in) $SSH_ORIGINAL_COMMAND ;; *) echo "Rejected 7 " ;; esac then I added in the $Pandora_home/.ssh/authorized_keys, before each pandora client key: command=”/opt/pandora/pandora_server/valid.sh” ssh-rsa …KEY….== user@client This excludes ANY attempt to do anything else than the rsync command as user pandora from each registered client to the server. bye. -
1 Reply
-
Hi,
I did a few modifications to the ssh configuration to make the connection between agents and the server.When the public/private key configuration is running fine between agents and server, I created a script valid.sh in the pandora_server directory on the server as follow:
[code:1]#!/bin/sh
case “$SSH_ORIGINAL_COMMAND” in
*&*)
echo “Rejected 1 ”
;;
*(*)
echo “Rejected 2 ”
;;
*{*)
echo “Rejected 3 ”
;;
*;*)
echo “Rejected 4 ”
;;
*<*)
echo "Rejected 5 "
;;
*`*)
echo "Rejected 6 "
;;
rsync*pandora*data_in)
$SSH_ORIGINAL_COMMAND
;;
*)
echo "Rejected 7 "
;;
esacthen I added in the $Pandora_home/.ssh/authorized_keys, before each pandora client key:
command=”/opt/pandora/pandora_server/valid.sh” ssh-rsa …KEY….== user@clientThis excludes ANY attempt to do anything else than the rsync command as user pandora from each registered client to the server.
bye.
Whow… nice !
