Add (very experimental) caretaker-shell

author: Daniel Friesel <derf@derf.homelinux.org> 2010-03-20 12:14:51 +0100
committer: Daniel Friesel <derf@derf.homelinux.org> 2010-03-20 12:14:51 +0100
commit: 2310f6c0d02c8dd9f2085a04f5dd410f691da79e (patch)
tree: b6a4493babcf7e009d54b8e7e8e6da25586b6cca /man/7
parent: a3a78d0f3e5589c7dc58204f9e3f0695f5af98b7 (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/man/7/caretaker-shell.pod b/man/7/caretaker-shell.pod
new file mode 100644
index 0000000..faac251
--- /dev/null
+++ b/man/7/caretaker-shell.pod
@@ -0,0 +1,20 @@
+=pod
+
+=head1 NAME
+
+caretaker-shell - Restricted shell for caretaker commands
+
+=head1 DESCRIPTION
+
+B<caretaker-shell> is designed to only execute commands required B<caretaker>.
+This is useful if you want to use B<caretaker> with ssh on untrusted hosts:
+Generate a SSH key and put it into your .ssh/authorized_keys prefixed by
+C<< command="/path/to/caretaker-shell" >>.
+This way, caretaker will work, but it won't be possible to gain actual SSH
+access to your host.
+
+=head1 WARNING
+
+This is an experimental feature, security flaws may be present. Use at own
+risk, and while you're at it you might also want to add a passphrase to your
+ssh keys.
author	Daniel Friesel <derf@derf.homelinux.org>	2010-03-20 12:14:51 +0100
committer	Daniel Friesel <derf@derf.homelinux.org>	2010-03-20 12:14:51 +0100
commit	2310f6c0d02c8dd9f2085a04f5dd410f691da79e (patch)
tree	b6a4493babcf7e009d54b8e7e8e6da25586b6cca /man/7
parent	a3a78d0f3e5589c7dc58204f9e3f0695f5af98b7 (diff)