On Fri, June 11, 2010 12:41, Ralph Mitchell wrote:
On Fri, Jun 11, 2010 at 11:21 AM, Xymon User in Richmond <
user-24d6f8323faa@xymon.invalid> wrote:
On Fri, June 11, 2010 09:30, user-6b3be4007cf2@xymon.invalid wrote:
- the identity should not be allowed to run arbitrary commands. an
entry in authorized_keys can be limited to running a single fixed
command.
Just give the identity a login shell of /bin/true in /etc/passwd and
you won't have to be concerned about commands from a shell at all.
You can also use a command such as /bin/hostname - that would give you a
way to verify you reached the target system.
/bin/true will return exit 0. If you don't get that far, ssh will return
nonzero.