Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
08-23-2009, 10:22 AM
|
#1
|
Member
Registered: Apr 2004
Posts: 194
Rep:
|
issue in using private key file in bash script
Hi Guyz,
I am facing another issue in bash script. I am set up with private key/pub key authentication on server for my ID and has empty password.
Now I need to write a bash script where other users can use this private key to execute certain commands on remote server without providing password, but I do not want them to mis-use it and do not want them to use it for other purpose.
is this something can be achieved? I tried everything but no luck, I hope I can get some help from here.
|
|
|
08-23-2009, 02:09 PM
|
#2
|
Member
Registered: May 2001
Location: India, Kerala, Thrissur
Distribution: FC 7-10
Posts: 354
Rep:
|
Hmm... I can't think of any such methods. However, one trick will be to change the shell of the remote user to a very restrictive menu. Write a small C program to do this. But remember that is a very crude trick and not very safe. Below is an example. No guarantee about the security
Code:
#include <stdio.h>
unsigned char *valid_cmd[]={"ls\n","finger\n","reboot\n"};
int main()
{
unsigned char cmd[1024];
int cnt=0;
int flg=0;
start:
flg=0;
printf("Command>");
memset(cmd,0,sizeof(cmd));
fgets(cmd,1023,stdin);
for(cnt=0;cnt<sizeof(valid_cmd)/(sizeof(unsigned char*));cnt++)
{
if(!strcmp(cmd,"logout\n")) goto end;
if(!strcmp(valid_cmd[cnt],cmd))
{
flg=1;
system(cmd);
}
}
if(!flg) printf("Command not found\n");
goto start;
end:
return 0;
}
|
|
|
08-23-2009, 09:07 PM
|
#3
|
Senior Member
Registered: Aug 2007
Location: Massachusetts, USA
Distribution: Solaris 9 & 10, Mac OS X, Ubuntu Server
Posts: 1,197
Rep: 
|
You can actually change the shell to a bash script and trap interrupts so that they can't get out of it to the general shell. Also, restrict the key so that it cannot be used to forward stuff. See the man page for how to restrict the key, and also see http://sial.org/howto/openssh/publickey-auth/ for a pretty good howto with key restriction. The O'Reilly book on the Korn shell tells how to do the menu with traps, and much of it is applicable to the bash sehll. The intro talks about the history of the shells and the relationships.
The security, of course, is not guaranteed and depends in part on your care in crafting the script.
|
|
|
08-24-2009, 01:49 AM
|
#4
|
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.x
Posts: 18,442
|
You could put the cmds in sudo, which restricts them to only using those cmds. Its not just for root type work, you can use the same technique to switch to any user (su = switch user).
Depends how many users and what cmds. You'll prob want to use CMD & USER alaises if multiples users/cmds are needed.
See the examples in the sudoers file.
http://www.gratisoft.us/sudo/man/sudoers.html
|
|
|
All times are GMT -5. The time now is 09:09 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|