LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 08-23-2009, 10:22 AM   #1
manya
Member
 
Registered: Apr 2004
Posts: 194

Rep: Reputation: 15
issue in using private key file in bash script


Hi Guyz,

I am facing another issue in bash script. I am set up with private key/pub key authentication on server for my ID and has empty password.
Now I need to write a bash script where other users can use this private key to execute certain commands on remote server without providing password, but I do not want them to mis-use it and do not want them to use it for other purpose.

is this something can be achieved? I tried everything but no luck, I hope I can get some help from here.
 
Old 08-23-2009, 02:09 PM   #2
sarin
Member
 
Registered: May 2001
Location: India, Kerala, Thrissur
Distribution: FC 7-10
Posts: 354
Blog Entries: 2

Rep: Reputation: 34
Hmm... I can't think of any such methods. However, one trick will be to change the shell of the remote user to a very restrictive menu. Write a small C program to do this. But remember that is a very crude trick and not very safe. Below is an example. No guarantee about the security

Code:
#include <stdio.h>

unsigned char *valid_cmd[]={"ls\n","finger\n","reboot\n"};


int main()
{
        unsigned char cmd[1024];
        int cnt=0;
        int flg=0;

start:
        flg=0;
        printf("Command>");
        memset(cmd,0,sizeof(cmd));
        fgets(cmd,1023,stdin);
        for(cnt=0;cnt<sizeof(valid_cmd)/(sizeof(unsigned char*));cnt++)
        {
                if(!strcmp(cmd,"logout\n")) goto end;
                if(!strcmp(valid_cmd[cnt],cmd))
                {
                        flg=1;
                        system(cmd);
                }
        }
        if(!flg) printf("Command not found\n");
        goto start;
end:
        return 0;
}
 
Old 08-23-2009, 09:07 PM   #3
choogendyk
Senior Member
 
Registered: Aug 2007
Location: Massachusetts, USA
Distribution: Solaris 9 & 10, Mac OS X, Ubuntu Server
Posts: 1,189

Rep: Reputation: 105Reputation: 105
You can actually change the shell to a bash script and trap interrupts so that they can't get out of it to the general shell. Also, restrict the key so that it cannot be used to forward stuff. See the man page for how to restrict the key, and also see http://sial.org/howto/openssh/publickey-auth/ for a pretty good howto with key restriction. The O'Reilly book on the Korn shell tells how to do the menu with traps, and much of it is applicable to the bash sehll. The intro talks about the history of the shells and the relationships.

The security, of course, is not guaranteed and depends in part on your care in crafting the script.
 
Old 08-24-2009, 01:49 AM   #4
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5
Posts: 16,086

Rep: Reputation: 1993Reputation: 1993Reputation: 1993Reputation: 1993Reputation: 1993Reputation: 1993Reputation: 1993Reputation: 1993Reputation: 1993Reputation: 1993Reputation: 1993
You could put the cmds in sudo, which restricts them to only using those cmds. Its not just for root type work, you can use the same technique to switch to any user (su = switch user).
Depends how many users and what cmds. You'll prob want to use CMD & USER alaises if multiples users/cmds are needed.
See the examples in the sudoers file.
http://www.gratisoft.us/sudo/man/sudoers.html
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Public key, private key explained calande Linux - Security 3 06-12-2008 05:23 AM
Bash script debugging issue internetSurfer Programming 4 01-28-2008 08:24 PM
[SOLVED] issue with variable in bash script angel115 Programming 4 08-21-2006 01:42 PM
bash script Want to capture return key and assign a value procfs Programming 9 07-07-2006 01:38 AM
RSA public key encryption/private key decription koningshoed Linux - Security 1 08-08-2002 07:25 AM


All times are GMT -5. The time now is 05:42 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration