Allow execution of commands via ssh but not to login - Discuss - lists.centos.org

List overview All Threads
Download

Allow execution of commands via ssh but not to login

Centos 7 force reverse dns lookup...

Re: [CentOS] Firefox Issue

Bernard Fay

11 Jan 2017 11 Jan '17

3:34 p.m.

Hi,

Is there a way to allow a user to execute commands via ssh, for example: "ssh user@server ls", but disallow the same user to login on this server with "ssh user@server" ?

Thanks, Bernard

Reply

Show replies by date

John Hodrien

11 Jan 11 Jan

3:38 p.m.

On Wed, 11 Jan 2017, Bernard Fay wrote:

Hi,

Is there a way to allow a user to execute commands via ssh, for example: "ssh user@server ls", but disallow the same user to login on this server with "ssh user@server" ?

Google "ssh restrict to single command".

First hit covers using the command option in authorized_keys.

jh

Reply

seb

3:40 p.m.

Hi,

you can use the option command your /home/user/.ssh/authorized_keys .

for example :

command="cd /some_where; other command , ssh-rsa key ....."

Le 11/01/2017 à 16:34, Bernard Fay a écrit :

Hi,

Is there a way to allow a user to execute commands via ssh, for example: "ssh user@server ls", but disallow the same user to login on this server with "ssh user@server" ?

Thanks, Bernard _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos

Reply

Bernard Fay

3:59 p.m.

I made my search on google way to complicated for nothing.... :(

Thanks John and Seb! authorized_keys will do the job.

On Wed, Jan 11, 2017 at 10:40 AM, seb sebastien@r2-info.fr wrote:

Hi,

you can use the option command your /home/user/.ssh/authorized_keys .

for example :

command="cd /some_where; other command , ssh-rsa key ....."

Le 11/01/2017 à 16:34, Bernard Fay a écrit :

...
Hi,

Is there a way to allow a user to execute commands via ssh, for example: "ssh user@server ls", but disallow the same user to login on this server with "ssh user@server" ?

Thanks, Bernard _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos

CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos

Reply

Leonard den Ottolander

12 Jan 12 Jan

12:54 p.m.

Hello Bernard,

On Wed, 2017-01-11 at 10:59 -0500, Bernard Fay wrote:

I made my search on google way to complicated for nothing.... :(

Only way to learn is from your mistakes ;-) .

Thanks John and Seb! authorized_keys will do the job.

If you need interactive login for f.e. sftp you should have a look at rssh. It allows only scp, sftp, cvs, rdist and rsync. It's probably not too hard to patch in other commands if you would need those.

A little netiquette: Please don't top post, it makes the flow of the conversation unclear. A little trimming of the text you reply to is also appreciated. Especially signatures do not provide any context so they should always be removed. Thanks.

Regards, Leonard.

-- mount -t life -o ro /dev/dna /genetic/research

Reply

3090

Age (days ago)

3091

Last active (days ago)

discuss@lists.centos.org

4 comments

4 participants

tags (0)

participants (4)

Bernard Fay
John Hodrien
Leonard den Ottolander
seb