[Nagiosplug-devel] restricted shell for nagios checks

Olivier 'Babar' Raginel nagios at babar.us
Fri Nov 7 18:01:47 CET 2008


On Fri, Nov 07, 2008 at 03:46:25PM +0000, Martin.Gerdes at directbox.com wrote:
> I wanted to use ssh to execute checkscripts (and evaluate their results).
> But I didn't want to give that account a full shell,
[zip]
> Opinions or thoughts? Any glaring security holes I am overlooking?

You might want to have a look at ssh's build-in features for this.
Typically, set a key in your authorized_keys with:
command="some_wrapper $SSH_ORIGINAL_COMMAND" ssh-dss ...

http://www.unix.com.ua/orelly/networking_2ndEd/ssh/ch08_02.htm#ch08-22858
Might help if you've never used this.

Just my 2 cts.

-- 
Babar.




More information about the Devel mailing list