Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 09-09-2006, 02:05 AM   #1
Registered: Nov 2003
Distribution: centos 4.4
Posts: 94

Rep: Reputation: 15
using root with ssh 'command=' and authorized_keys

i am trying to come up with a backup/restore plan. backupmachine will pull data from workmachine. thinking of using rsnapshot to do it.

what's the danger of configuring ssh on workmachine to allow root access without a passphrase and limiting the command using 'command=' in authorized_keys? if someone roots backupmachine, they are limited to workmachine by what i specified in 'command='

this is similar to what i am planning, but he prefers a backupuser on workmachine.

for my command in 'command=', i was going to use a script like the one below and list the commands i want allowed.


exit 0
file permissions would be set to only allow root access to the script.
Old 09-11-2006, 05:51 AM   #2
Registered: Nov 2005
Posts: 144

Rep: Reputation: 18
Yous hould be very careful which commands you allow in your script. If any of them can be subverted to get a shell (e. g. in vi, the :! command gives the user access to a shell), your attacker has unlimited root access to your machine. You should also very carefully analyse your script. Any bugs could be used to gain root access.

Therefore I'd rather set up a backup user.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem with ssh and authorized_keys... gruell Linux - Security 5 02-01-2006 03:40 PM
SSH with root Cottsay Linux - Software 12 01-18-2006 05:11 PM
I have to ssh -l root to run root processes!? paul.nel Red Hat 3 11-15-2004 11:55 AM
root using ssh juanb Linux - Security 1 08-05-2004 05:49 AM
ssh users and authorized_keys ifm Linux - Security 3 06-12-2002 08:24 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:28 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration