Hacker News new | ask | show | jobs
by semi-extrinsic 697 days ago
Or in the authorized_keys file, prepend the public key with a specified command. This is then the only command that the user can execute when logging in with that particular key. To wit:

  command="/usr/bin/foo" ssh-ed25519 AAAA....
2 comments
kijin 697 days ago
I suppose this will also lock the user out of sftp and scp? Because otherwise they might be able to edit the authorized_keys file and run any command.
link
gerdesj 697 days ago
"I suppose this will also lock the user out of sftp and scp?"

No it wont! The specified command might provide sftp, scp, telnet or stream a film.

link
fragmede 697 days ago
I stream a film at funky.nondeterministic.computer on port 22
link
rovr138 696 days ago
hah

made me laugh

link
titaniumtown 697 days ago
i had no idea about that, thank you!
link