For authentication you can look into:
RhostsRSAAuthentication yes
HostbasedAuthentication yes
This part I've been doing.
As for restricting to execution of a single command, I don't think
OpenSSH can do it.
I think the comercial SSH from http://www.ssh.com/ can.
Unfortunately, this is the conclusion I came across, just wishing I'd overlooked
something :(
Thanks for the input!
On Tue, 10 Aug 2004 13:57:35 -0400 (EDT), Bryan Loniewski
<brylon@jla.rutgers.edu> wrote:
Here is what we'd like to do:
User logs into some machine (frontend) starts pine, pine ssh's to another
machine
(backend) where their mail is actually stored in Maildir format and exec
/etc/rimapd.
We want to do this without the user having to enter a password again on the
backend
machine.
Here are the problems:
We don't want to use public-key.
We don't want these users (the ones typing pine) to be allowed to login to
the remote
machine (backend).
We don't want them to be allowed to execute any commands on the remote
machine (with the
exception of "exec /etc/rimapd".
I could not come up with a solution to solve this problem with openssh. I
started looking
for other open implementations of secure shell and lsh caught my eye. Lsh
appealed to me
because you could specify a login shell for all users that would override
the login shell
in the passwd db (this was perfect since we could then create a shell
called rimapd and
it just executed /etc/rimapd). The reason I could not go with this
solution is lsh
does not have trusted host authentication mechanisms, so there was no way
to have
passwordless logins.
Any suggestions?
Thanks.
Bryan
--
END OF LINE
-MCP
