|
|||||||
| Forums | Search Forums | Register | Forum Rules | Man Pages | Albums | FAQ | Members | Calendar | Search | Today's Posts | Mark Forums Read |
| Red Hat Red Hat is the world's leading open source technology solutions provider with offerings including Red Hat Enterprise Linux (RHEL), Fedora, open source applications, security and systems management, virtualization, and Services Oriented Architecture (SOA) solutions. |
|
|
|
Thread Tools | Search this Thread | Display Modes |
|
#1
01-02-2013
|
|||
|
|||
Ssh connection
hi,
I have ssh connection between two servers for a functional Id for SFTP purpose. I aim is to setup this for is only work when below command is used by a .ksh script. ssh userid@servername:/directory Unfortunately users who have access to functional id are manually using above command and start moving files between these two servers. I want to restrict this manual login and activate only for scripts that contains above command. Please advise Thanks. |
| Sponsored Links | ||
|
|
#2
01-02-2013
|
||||
|
||||
|
You have to specify
ChrootDirectory in /etc/ssh/sshd_config which will be chroot-ed during an sftp session. You may make this as the home directory for the "functional ID" (shared ID I suppose). Code:
ChrootDirectory=/directory |
| Sponsored Links | ||
|
|
#3
01-02-2013
|
|||
|
|||
|
So my understanding of your question is that you want to have passwordless ssh command only work if its invoked by a particular script? Really, the only reasonable way I can think to do that is: 1) push the passwordless ability to some other user 2) have that script be invoked via a sudo to that user and only that script. That would get you to the point where you would do something like: Code:
sudo -iu newUser /path/to/script.ksh Ultimately, it's about removing the shared account's ability to directly use the public/private key associated with the remote login. Whether that involves pushing the passwordless functionality to a different user and just control who can run the script as the newer user (as described above) or leaving it in place and having people use a different shared account, that's what needs to happen. |
| Sponsored Links | ||
|
|
| Thread Tools | Search this Thread |
| Display Modes | |
More UNIX and Linux Forum Topics You Might Find Helpful
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| SSH connection issue | Pratik4891 | Shell Programming and Scripting | 3 | 08-30-2011 12:33 AM |
| ssh connection with java | amine | Programming | 0 | 08-14-2009 09:28 AM |
| ssh connection | olli-h | UNIX for Dummies Questions & Answers | 1 | 03-16-2006 03:40 AM |
| ssh connection | lealyz | UNIX for Advanced & Expert Users | 9 | 11-14-2003 12:39 AM |
|
|
Linear Mode
