caretaker-shell → caretaker-ssh-command

author: Daniel Friesel <derf@derf.homelinux.org> 2010-03-21 00:40:23 +0100
committer: Daniel Friesel <derf@derf.homelinux.org> 2010-03-21 00:40:23 +0100
commit: 7e0d3757436d37c238d535df12933d3875d1d331 (patch)
tree: aff6596625acbf87dec09a327f713d2aba562583 /man/7/caretaker-ssh-command.pod
parent: 8e36ec6d4a5ca8030822cb4cbefccfeb95ac92e9 (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/man/7/caretaker-ssh-command.pod b/man/7/caretaker-ssh-command.pod
new file mode 100644
index 0000000..faac251
--- /dev/null
+++ b/man/7/caretaker-ssh-command.pod
@@ -0,0 +1,20 @@
+=pod
+
+=head1 NAME
+
+caretaker-shell - Restricted shell for caretaker commands
+
+=head1 DESCRIPTION
+
+B<caretaker-shell> is designed to only execute commands required B<caretaker>.
+This is useful if you want to use B<caretaker> with ssh on untrusted hosts:
+Generate a SSH key and put it into your .ssh/authorized_keys prefixed by
+C<< command="/path/to/caretaker-shell" >>.
+This way, caretaker will work, but it won't be possible to gain actual SSH
+access to your host.
+
+=head1 WARNING
+
+This is an experimental feature, security flaws may be present. Use at own
+risk, and while you're at it you might also want to add a passphrase to your
+ssh keys.
author	Daniel Friesel <derf@derf.homelinux.org>	2010-03-21 00:40:23 +0100
committer	Daniel Friesel <derf@derf.homelinux.org>	2010-03-21 00:40:23 +0100
commit	7e0d3757436d37c238d535df12933d3875d1d331 (patch)
tree	aff6596625acbf87dec09a327f713d2aba562583 /man/7/caretaker-ssh-command.pod
parent	8e36ec6d4a5ca8030822cb4cbefccfeb95ac92e9 (diff)