[oclug] Rsync and SSH
Ross Jordan
rjordan at student.math.uwaterloo.ca
Mon Mar 4 16:05:01 EST 2002
>
> This message is in MIME format. Since your mail reader does not understand
> this format, some or all of this message may not be legible.
>
> ------_=_NextPart_001_01C1C3BD.BB56A74D
> Content-Type: text/plain;
> charset="iso-8859-1"
>
> You can restrict what a particular key can be used for by prepending a few
> keywords to the line containing the key.
> e.g.
>
> command="ls",no-pty,no-port-forwarding ssh-dss public_key_here==
> comment_here
>
> will mean that this particular public key can only be used to get a
> directory listing. It won't give you a login terminal, and you can't use it
> to set up port forwarding. These options are documented in the sshd man page
> under the heading "AUTHORIZED_KEYS FILE FORMAT". Additional options are:
>
> from
> command
> environment
> no-port-forwarding
> no-X11-forwarding
> no-agent-forwarding
> no-pty
> permitopen
>
Here's a question --
is there a way to restrict PublicKey authentication, except
for a small subset of users ( regular users would login
with password authentication ).
-Ross
--
"Trying to make bits uncopyable is like trying to make water not wet.
The sooner people accept this, and build business models that take
this into account, the sooner people will start making money again".
-- Bruce Schneier
More information about the OCLUG
mailing list