When restricting which commands an SSH public key may give access to, one would add command="something"
at the end of the SSH public key in .ssh/authorized_keys
.
In my case, I want to write a Bash script that creates Borg repositories , and each public key needs to have a restriction such as this
command="cd /home/backup/repos/<client fqdn>;
borg serve --restrict-to-path /home/backup/repos/<client fqdn>",
restrict <keytype> <key> <host>
Question
Is there an official way to do this instead of writing an awk
or sed
one-liner?
Or is there just an awk
or sed
solution that is so beautiful, that there isn't a need to an official supported way?
#!/usr/bin/perl
use File::Slurp;
my $fqdn = $ARGV[0];
my $k = read_file("$ARGV[1]");
my @m = split / /, $k;
my $c = 'command="cd /tank/borg/repos/FQDN; borg serve --restrict-to-path /tank/borg/repos/FQDN",restrict TYPE KEY';
$c =~ s/FQDN/$fqdn/g;
$c =~ s/TYPE/$m[0]/g;
$c =~ s/KEY/$m[1]/g;
print $c;
Forced commands are first in the file, not last.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.