LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-09-2006, 02:05 AM   #1
hank43
Member
 
Registered: Nov 2003
Distribution: centos 4.4
Posts: 94

Rep: Reputation: 15
using root with ssh 'command=' and authorized_keys


i am trying to come up with a backup/restore plan. backupmachine will pull data from workmachine. thinking of using rsnapshot to do it.

what's the danger of configuring ssh on workmachine to allow root access without a passphrase and limiting the command using 'command=' in authorized_keys? if someone roots backupmachine, they are limited to workmachine by what i specified in 'command='

this is similar to what i am planning, but he prefers a backupuser on workmachine.
http://troy.jdmz.net/rsnapshot/

for my command in 'command=', i was going to use a script like the one below and list the commands i want allowed.

Code:
#!/bin/sh
  case "$SSH_ORIGINAL_COMMAND" in

    1)
        /bin/date
        ;;
    2)
       /usr/bin/who
        ;;
    3)
        /usr/bin/w
        ;;
  esac
exit 0
file permissions would be set to only allow root access to the script.
 
Old 09-11-2006, 05:51 AM   #2
Lotharster
Member
 
Registered: Nov 2005
Posts: 144

Rep: Reputation: 15
Yous hould be very careful which commands you allow in your script. If any of them can be subverted to get a shell (e. g. in vi, the :! command gives the user access to a shell), your attacker has unlimited root access to your machine. You should also very carefully analyse your script. Any bugs could be used to gain root access.

Therefore I'd rather set up a backup user.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem with ssh and authorized_keys... gruell Linux - Security 5 02-01-2006 03:40 PM
SSH with root Cottsay Linux - Software 12 01-18-2006 05:11 PM
I have to ssh -l root to run root processes!? paul.nel Red Hat 3 11-15-2004 11:55 AM
root using ssh juanb Linux - Security 1 08-05-2004 05:49 AM
ssh users and authorized_keys ifm Linux - Security 3 06-12-2002 08:24 PM


All times are GMT -5. The time now is 10:04 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration