The security of the ssh connection

[daggett]

Hi,
I did a few modifications to the ssh configuration to make the connection between agents and the server.

When the public/private key configuration is running fine between agents and server, I created a script valid.sh in the pandora_server directory on the server as follow:
[code:1]#!/bin/sh
case "$SSH_ORIGINAL_COMMAND" in
*\&*)
echo "Rejected 1 "
;;
*\(*)
echo "Rejected 2 "
;;
*\{*)
echo "Rejected 3 "
;;
*\;*)
echo "Rejected 4 "
;;
*\<*)
echo "Rejected 5 "
;;
*\`*)
echo "Rejected 6 "
;;
rsync*pandora*data_in)
$SSH_ORIGINAL_COMMAND
;;
*)
echo "Rejected 7 "
;;
esac
[/code]
then I added in the $Pandora_home/.ssh/authorized_keys, before each pandora client key:
command="/opt/pandora/pandora_server/valid.sh" ssh-rsa ...KEY....== user@client

This excludes ANY attempt to do anything else than the rsync command as user pandora from each registered client to the server.

bye.

[Sancho Lerena]

Hi,
I did a few modifications to the ssh configuration to make the connection between agents and the server.

When the public/private key configuration is running fine between agents and server, I created a script valid.sh in the pandora_server directory on the server as follow:
[code:1]#!/bin/sh
case "$SSH_ORIGINAL_COMMAND" in
*\&*)
echo "Rejected 1 "
;;
*\(*)
echo "Rejected 2 "
;;
*\{*)
echo "Rejected 3 "
;;
*\;*)
echo "Rejected 4 "
;;
*\<*)
echo "Rejected 5 "
;;
*\`*)
echo "Rejected 6 "
;;
rsync*pandora*data_in)
$SSH_ORIGINAL_COMMAND
;;
*)
echo "Rejected 7 "
;;
esac
[/code]
then I added in the $Pandora_home/.ssh/authorized_keys, before each pandora client key:
command="/opt/pandora/pandora_server/valid.sh" ssh-rsa ...KEY....== user@client

This excludes ANY attempt to do anything else than the rsync command as user pandora from each registered client to the server.

bye.

Whow... nice !