[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [hobbit] xymon ssh scan
- To: hobbit (at) hswn.dk
- Subject: Re: [hobbit] xymon ssh scan
- From: Ralph Mitchell <ralphmitchell (at) gmail.com>
- Date: Fri, 11 Jun 2010 12:41:31 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=iaRJIgSz3armfY55L57rmJBPTPVEYGh0JqqK+LXg/NQ=; b=Ybzt9XUWRAZaa2ESh4Nk9ImtUjngcmix7RQM2hu/iL7YFj1qx8XzrkGZxveMnMf07e ZXlyKFw7cpggux9UeCQqbr68vxuPuZgHXAA3ug5TjjlIKIoZZAVm5QPmah8iJmHpvzvV SkoJo0OIkMKdQtDPbIhBFxXk014mBzG9lpmxk=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=KLLarXAko6910m7Z7Y1pspy26ThEJ2lPl5SufKwsmkULzR8qM3+h244yDvfy4AUI67 FS2tSPnhbnXQ9tvhqhbOxYlHmz1HlPzxUzVrl89TMyxeB2lKNqY4nKPLkOBxZUJxv/hF O+gTKkpg6qJGuE4HKXbNiRuBBYtPzvpEO5g+0=
- References: <1CC2019D6A90EC449020595534777D4F8A6EE21A37 (at) VPEXCH03.purdue.lcl> <201006110835.16511.bgmilne (at) staff.telkomsa.net> <1503724d6f25803abd77252cecb7ff59.squirrel (at) ghost.securenet-server.net> <188e628b1a7613f14709520d2105e012.squirrel (at) epperson.homelinux.net>
On Fri, Jun 11, 2010 at 11:21 AM, Xymon User in Richmond <
hobbit (at) epperson.homelinux.net> wrote:
> On Fri, June 11, 2010 09:30, chap (at) anastigmatix.net wrote:
> >
> > - the identity should not be allowed to run arbitrary commands. an
> > entry in authorized_keys can be limited to running a single fixed
> > command.
> >
>
> Just give the identity a login shell of /bin/true in /etc/passwd and you
> won't have to be concerned about commands from a shell at all.
You can also use a command such as /bin/hostname - that would give you a way
to verify you reached the target system.
Ralph Mitchell