People sometimes want to automate tasks that involve logging into remote machines. To do so, they use unencrypted ssh keys. Since this is a big security risk, I encourage them to restrict what the key may do on the server. The following email is typical: Date: Tue, 28 Mar 2000 18:40:08 -0800 (PST) From: Jason To: LK Subject: Re: ssh 1 command only > I was trying to use ssh so I could only copy files back and forth with no > log in, so I was figuring make the key tied to run /bin/true on login. > How do I go about doing this? Do you have a sample authorized_keys file > you can send me? So if you want a key to run a command, you can just squash all commands to one command. So whenever someone logs in, whether they specify a command or not, the squashed command will be run instead of their shell. Ssh won't talk to them, though, unless they have a valid shell in /etc/passwd (or, more correctly, in the return from getpwent(3)). _So_, you have to give the account a valid login shell and trust ssh to do the right thing with the command squashing. That bothers me, but it seems to work. (I guess it's because it runs the command with "<shell> -c"). Anyway, this is the authorized_keys for my dynamic DNS system (note it's all one line): command="/usr/home/user/catcher",no-X11-forwarding,no-port-forwarding,no -agent-forwarding,no-pty,from="dhcp-*.somenet.net" 1024 33 124123498623149876123498761234987612348976864369522597893821 01234987612349786123984761241987612348768014183792176312459788230942 60356757150907221349768231847698762398476192847536189245381796852946 74590190573713164396808970634583154733673123853244553975940133702278 209470445341700471858191075780485416810071769 user@host Notice not only the command squashing (command=""), but the restricted from= and the other random disallows. Even though I'm disallowing the attachment of a tty, though, the command still gets the stdin of the remote ssh process, and sends stdout to the remote ssh. So the above authorized_keys is on the server, and my client does 'echo $IP | ssh -e none ns1.somenet.net' Magic: To restrict accounts to only doing scp of a particular file, the command should be 'scp -f <filename>' on the server, and 'scp remote:<filename> <localpath>' on the client To restrict accounts to only rsync, the server command should be: 'rsync --server --sender -vlgtprz <local_file_spec> <remote_file_spec>' and the client should run 'rsync -e ssh -avz <remote_file_spec> <local_file_spec> where <filename>, <local_file_spec> and <remote_file_spec> are the same strings in both commands. -Jason ---------- I myself manage to hold large numbers of wholly irreconcilable views simultaneously, without the least difficulty. I do not think others are less versatile. --Salman Rushdie