Re: OT: security of make as authorized_keys command
- From: "Mikkel L. Ellertson" <mikkel@xxxxxxxxxxxxxxxx>
- Date: Mon, 31 Dec 2007 12:15:39 -0600
Manuel Arostegui Ramirez wrote:
I don't believe this is true. From the sshd man page:
Morning Dave,
This is such a dangerous thing, I have to say.
First off, and regarding to the fact of what a bad guy could do...
If he had acces to $command it means it would be able to know the key,
so he can log in without a problem in the remote machine (not just
executing remote commands which would involve a wee bit of experience
in Linux enviroments to know the remote paths and all that, if he got
access to the machine it would be easier. I hope I´m explaining myself
quite clear).
command="command"
Specifies that the command is executed whenever this key is
used for authentication. The command supplied by the user (if
any) is ignored. The command is run on a pty if the client
requests a pty; otherwise it is run without a tty. If an 8-bit
clean channel is required, one must not request a pty or should
specify no-pty. A quote may be included in the command by
quoting it with a backslash. This option might be useful to
restrict certain public keys to perform just a specific
operation. An example might be a key that permits remote backups
but nothing else. Note that the client may specify TCP and/or
X11 forwarding unless they are explicitly prohibited. Note that
this option applies to shell, command or subsystem execution.
Mikkel
--
Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!
Attachment:
signature.asc
Description: OpenPGP digital signature
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
- References:
- OT: security of make as authorized_keys command
- From: Dave Burns
- Re: OT: security of make as authorized_keys command
- From: Manuel Arostegui Ramirez
- OT: security of make as authorized_keys command
- Prev by Date: Re: USB storage devices and /etc/fstab
- Next by Date: Re: OT: security of make as authorized_keys command
- Previous by thread: Re: OT: security of make as authorized_keys command
- Next by thread: Re: OT: security of make as authorized_keys command
- Index(es):
Relevant Pages
|