[mdlug] Remote SSH commands
Aaron Kulkis
akulkis00 at gmail.com
Wed Jan 12 12:59:50 EST 2011
John Wiersba wrote:
>> SCRIPT=/path/to/place/script
>
>> for CLIENT in list of clients here
>> do
>> rcp /location/of/script ${CLIENT}:${SCRIPT}
>> ssh ${USER}@${CLIENT} sudo wrapper ${SCRIPT}
>> done
>
> If that's all you're doing, then it's not very secure. The purpose of forced
> commands is to allow a particular login (typically via keypair) to run only a
> limited set of commands. If you're going to open it up to run any commands at
> all, then you're circumventing that protection. At the very least, in your
> case, you should try to limit the commands to a particular directory.
>
The account being used would be an administrator's
account, so no, this is not undesirably insecure.
More information about the mdlug
mailing list