我正在寻找通过 SSH 调用远程命令的最佳方式。我创建用户“rpcall”,生成新证书并填写authorized_keys。用它多一点保护它
from="ip",no-agent-forwarding,no-X11-forwarding,no-port-forwarding,no-pty ssh-rsa ......
现在用户 rpcall 无法登录到终端
ssh -l rpc 192.168.12.1
PTY allocation request failed on channel 0
但可以运行任何命令
ssh -l rpc 192.168.12.1 cat /etc/passwd
是否有任何解决方案可以将命令执行限制为一个处理脚本?例如/home/rpcall/bin/command.sh
我为这个用户设置了 bash shell 并使用 .bashrc 强制运行处理脚本,但我不知道如何从 ssh 调用传递参数。
.bashrc 用户 rpcall
/home/rpcall/bin/command.sh $params1 $params2
exit
来自其他机器的 ssh 调用
ssh -l rpcall 192.168.12.1 "param1" "param2"
Eig*_*ony 19
您可以使用authorized_keys 文件限制命令。放在command="/home/rpcall/bin/command.sh"密钥之前,在authorized_keys 文件中,用户将只在连接时运行该命令。
检查authorized_keys的手册页,这是来自那个手册页,
command="command"
Specifies that the command is executed whenever this key is used
for authentication. The command supplied by the user (if any) is
ignored. The command is run on a pty if the client requests a
pty; otherwise it is run without a tty. If an 8-bit clean chan-
nel is required, one must not request a pty or should specify
no-pty. A quote may be included in the command by quoting it
with a backslash. This option might be useful to restrict cer-
tain public keys to perform just a specific operation. An exam-
ple might be a key that permits remote backups but nothing else.
Note that the client may specify TCP and/or X11 forwarding unless
they are explicitly prohibited. The command originally supplied
by the client is available in the SSH_ORIGINAL_COMMAND environ-
ment variable. Note that this option applies to shell, command
or subsystem execution.
如果需要多个命令,基本上需要设置几组按键,使用不同的按键给你不同的命令。
编辑:我刚刚注意到,原始命令在SSH_ORIGINAL_COMMAND环境变量中可用,因此您确实可以使用自己的脚本处理该输入,做一些聪明的事情。
| 归档时间: |
|
| 查看次数: |
9319 次 |
| 最近记录: |