[Nagiosplug-devel] restricted shell for nagios checks
Olivier 'Babar' Raginel
nagios at babar.us
Fri Nov 7 18:01:47 CET 2008
On Fri, Nov 07, 2008 at 03:46:25PM +0000, Martin.Gerdes at directbox.com wrote:
> I wanted to use ssh to execute checkscripts (and evaluate their results).
> But I didn't want to give that account a full shell,
[zip]
> Opinions or thoughts? Any glaring security holes I am overlooking?
You might want to have a look at ssh's build-in features for this.
Typically, set a key in your authorized_keys with:
command="some_wrapper $SSH_ORIGINAL_COMMAND" ssh-dss ...
http://www.unix.com.ua/orelly/networking_2ndEd/ssh/ch08_02.htm#ch08-22858
Might help if you've never used this.
Just my 2 cts.
--
Babar.
More information about the Devel
mailing list