1 |
How to setup remote, non-interactive, log-on with multiple command for |
2 |
same remote user-name? |
3 |
|
4 |
|
5 |
For the rest of this document, destination host will be called 'loophole', and |
6 |
user which will run all sort of our evil stuff on loophole will be called |
7 |
'mole'. |
8 |
|
9 |
Do this as a Cricket user: |
10 |
|
11 |
$ ssh-keygen -t dsa -f ~/.ssh/uptime |
12 |
|
13 |
Append ~/.ssh/uptime.pub on destination host to ~mole/.ssh/authorized_keys2 |
14 |
and prepend following before ssh-dss: |
15 |
|
16 |
command="uptime" |
17 |
|
18 |
So, that line in ~mole/.ssh/authorized_keys2 looks like: |
19 |
|
20 |
command="uptime" ssh-dss AAA...lSEV04= cricket@boo.boo |
21 |
|
22 |
test if it works... |
23 |
|
24 |
$ ssh -i ~/.ssh/uptime -q -l mole loophole |
25 |
15:42:10 up 42 days, 18:25, 6 users, load average: 0.00, 0.00, 0.00 |
26 |
|
27 |
It does? Oh, good. You now know how to setup individual keys for each |
28 |
command that you want to execute. Keep in mind that user mole must have |
29 |
permissions on loophole to execute that particular command, but other |
30 |
than that, you are winner! |
31 |
|
32 |
If you get one more line before uptime output, try adding -T option |
33 |
to ssh. This will prevent pseudo tty allocation and (hopefully) remove |
34 |
that output. |
35 |
|
36 |
If you are stuck with ssh v1 protocol, you have to use rsa1 instead of |
37 |
dsa for ssh-keygen and authorized_keys instead of authorized_keys2. |
38 |
|
39 |
But, think about upgrading. |