[nico]

Great pointers, thank you

How would you go about allowing something like `ssh user@server "ls somefolder/"` but disallowing `ssh user@server "rm"`?

Similarly, allow `ssh user@server "mysql \"SELECT...\""`, but block `ssh user@server "mysql \"[UPDATE|DELETE|DROP|TRUNCATE|INSERT]...\""` ?

Ideally in a way that it can provide more autonomy for the agent, so that I need to review fewer commands

[ktm5j]

Sounds like this might help: https://www.gnu.org/software/bash/manual/html_node/The-Restr...

I'm not familiar with rbash, but it seems like it can do (at least some of) what you want.

[stephendause]

I don't know; I've never done something like that. If no one else answers, you can always ask Claude itself (or another chatbot). This kind of thing seems tricky to get right, so be careful!

[nico]

Yup definitely tricky. Unfortunately Claude sucks at answering questions about itself, I've usually had better luck with ChatGPT. Will see how it goes

[onmai-xyz]

If you control the ssh server it can be configured to only allow what you want. Certainly tedious but I would consider it worth while as it stands with agents being well, agentic.