Restrict Commands executed via pre-shared SSH keys
Introduction Using pre-shared SSH keys is a great way to make logging into remote hosts quick and easy. No pesky passwords to remember. The downside is that if your organization relies on passwords for access control, the pre-shared key will negate any password control you have. For example: If your organization rolls a password for a system account, and the new password is not shared with all the original people, then some people who should not have access any more will continue to have access via their pre-shared key. Also, anyone with access to a user's account on a client host, could access the system account via the pre-shared key on the remote host. This is not ideal. Sometimes, it is neccessary to allow certain commands only to be executed over SSH from specified client hosts without a password. Especially when thinking about automated tasks. In my examples, I will demonstrate how we can create a simple remote procedure call type scenario using ...