Re: limiting allowed commands to rsync for a key

> I have a no-passphrase key on a couple of remote machines which I use to
> rsync the /etc/passwd, /etc/group and /etc/shadow files. I would like to
> restrict the no-passphrase key on the remote machines to only allow rsync to
> be run. When I put command="rsync" into the authorized_keys file, it just
> literally runs 'rsync' on the remote machine. What I would like is for the
> key to only allow commands that are running rsync to pass through the key.
> Is this possible?

You need to know the command actually being run on the remote server, and it's not 'rsync' it's something more like

        rsync --server --sender blah blah

and the args depend on what rsync command you're using.

You might want to check out

        http://www.hackinglinuxexposed.com/articles/20021211.html

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It is a series of articles showing how to create passwordless pubkey access. The last part shows 'authprogs' which can be stuck in the command= part of an authorized_keys file that allows multiple commands to be executed on a host-by-host basis without creating bunches of different pubkeys.

--
Brian Hatch                  Do infants enjoy infancy
   Systems and                as much as adults enjoy
   Security Engineer          adultery?
http://www.ifokr.org/bri/

Every message PGP signed