[hobbit] xymon ssh scan

chap at anastigmatix.net chap at anastigmatix.net
Fri Jun 11 18:21:36 CEST 2010


> On Fri, June 11, 2010 09:30, chap at anastigmatix.net wrote:
> Just give the identity a login shell of /bin/true in /etc/passwd and you
> won't have to be concerned about commands from a shell at all.

Yes, that works too, if you will create a new dedicated identity (or
reuse one that already has true for a shell).  command="/bin/true"
in authorized_keys will work in any event (though something like
/bin/echo OK might give a more positive confirmation).

The line in authorized_keys should also disallow all the extra
goodies like port forwarding, X tunneling, and so on.

-Chap




More information about the Xymon mailing list