1 |
dpavlin |
1.3 |
How to setup remote, non-interactive, log-on with multiple command for |
2 |
|
|
same remote user-name? |
3 |
dpavlin |
1.1 |
|
4 |
|
|
|
5 |
|
|
For the rest of this document, destination host will be called 'loophole', and |
6 |
|
|
user which will run all sort of our evil stuff on loophole will be called |
7 |
|
|
'mole'. |
8 |
|
|
|
9 |
|
|
Do this as a Cricket user: |
10 |
|
|
|
11 |
|
|
$ ssh-keygen -t dsa -f ~/.ssh/uptime |
12 |
|
|
|
13 |
dpavlin |
1.4 |
Append ~/.ssh/uptime.pub on destination host to ~mole/.ssh/authorized_keys2 |
14 |
dpavlin |
1.1 |
and prepend following before ssh-dss: |
15 |
|
|
|
16 |
|
|
command="uptime" |
17 |
|
|
|
18 |
|
|
So, that line in ~mole/.ssh/authorized_keys2 looks like: |
19 |
|
|
|
20 |
|
|
command="uptime" ssh-dss AAA...lSEV04= cricket@boo.boo |
21 |
|
|
|
22 |
|
|
test if it works... |
23 |
|
|
|
24 |
dpavlin |
1.2 |
$ ssh -i ~/.ssh/uptime -q -l mole loophole |
25 |
dpavlin |
1.1 |
15:42:10 up 42 days, 18:25, 6 users, load average: 0.00, 0.00, 0.00 |
26 |
|
|
|
27 |
|
|
It does? Oh, good. You now know how to setup individual keys for each |
28 |
|
|
command that you want to execute. Keep in mind that user mole must have |
29 |
|
|
permissions on loophole to execute that particular command, but other |
30 |
|
|
than that, you are winner! |
31 |
|
|
|
32 |
dpavlin |
1.2 |
If you get one more line before uptime output, try adding -T option |
33 |
|
|
to ssh. This will prevent pseudo tty allocation and (hopefully) remove |
34 |
|
|
that output. |
35 |
|
|
|
36 |
|
|
If you are stuck with ssh v1 protocol, you have to use rsa1 instead of |
37 |
|
|
dsa for ssh-keygen and authorized_keys instead of authorized_keys2. |
38 |
|
|
|
39 |
|
|
But, think about upgrading. |