NAME

ssh-forcecommand - Whitelist remote commands via ssh config

SYNOPSIS

In .ssh/authorized_keys:

	command="/usr/local/lib/ssh-forcecommand /etc/forcecommand/backup",no-agent-forwarding,no-port-
	forwarding,no-pty,no-X11-forwarding $key

VERSION

This is ssh-forcecommand version 1.0

DESCRIPTION

ssh-forcecommand is a trivial script to safely execute remote commands via ssh. It is especially aimed at automated remote commands (in which ssh keys are not secured via password), where a compromise of the remote system could also compromise the local system.

To prevent this, you can invoke ssh-forcecommand through the ssh configuration, which will limit the remote system so that it can only execute a set of statically defined commands. This way, compromising the local system is made much more diffecult.

OPTIONS

None.

EXIT STATUS

If anything goes wrong, ssh-forcecommand returns a non-zero value. Otherwise, the exit status of the executed command is returned.

CONFIGURATION

For every public key you want to restrict to the forcecommand, add a line like in SYNOPSIS to the .ssh/authorized_keys.

command="..." sets the forcecommand, the other options disable potentially dangerous stuff like port forwardig (Though that is not meant to be an exhaustive list).

As you see, the forcecommand accepts exactly one argument, which is the config defining the allowed commands. This way, you can restrict different ssh keys to different sets of commands. A few example configs are provided with this script, see the examples directory.

USAGE

Assuming you have the following line in your forcecommand config:

	home = tar -C / -cf - home

Now, on the remote system, this:

	ssh user@yourhost home

will translate to the following command on the system containing ssh-forcecommand:

	tar -C / -cf - home

The forcecommand is 100% static, variables or appending of stuff is not supported. No part of the original ssh command will be dynamically used in the resulting command. This makes ssh-forcecommand quite secure.

DEPENDENCIES

Nothing besides perl >= 5.10

BUGS AND LIMITATIONS

As already pointed out, ssh-forcecommand is completely static and does not support variables. This is a design decision and will stay that way.

AUTHOR

Copyright (C) 2010,2011 by Daniel Friesel <derf@finalrewind.org>

LICENSE

  0. You just DO WHAT THE FUCK YOU WANT TO.