Mailing List Archive: Restricting remote ssh key commands with a regex?

Restricting remote ssh key commands with a regex?

Apr 28, 2009, 9:58 AM

Post #1 of 2 (2200 views)

I am used to restricting remote ssh key commands in the auth keys file
but I have an instance where it would be necessary to define a very nice
tight regex to allow me to specify a command where only the IP address
changes and I cannot predict the IP address in advance.

Any ideas, can this even be done in this way?

I am running various versions of openssh, mainly 4.3 and 4.7, but right
up to 5.1.

-h

--
Hari Sekhon
Always open to interesting opportunities
http://www.linkedin.com/in/harisekhon

Re: Restricting remote ssh key commands with a regex? [ In reply to ]

wooledg at eeg

Apr 28, 2009, 11:00 AM

Post #2 of 2 (2068 views)

Permalink

On Tue, Apr 28, 2009 at 05:58:36PM +0100, Hari Sekhon wrote:
> I am used to restricting remote ssh key commands in the auth keys file
> but I have an instance where it would be necessary to define a very nice
> tight regex to allow me to specify a command where only the IP address
> changes and I cannot predict the IP address in advance.

Write a wrapper script which accepts the IP address as a parameter,
validates it against whatever criteria you need, then invokes the
original command with the provided IP address (or aborts).