#!/usr/bin/env perl use strict; use warnings; my $conffile = shift or die("Usage: $0 \n"); my $input = $ENV{SSH_ORIGINAL_COMMAND} or die("No command\n");; my %command; my $VERSION = '0.0'; open(my $conf, '<', $conffile) or die("Can't open $conffile: $!\n"); while (my $line = <$conf>) { my ($key, $value) = ($line =~ m{ ^ ([^=]+?) \s* = \s* (.+) $ }x); if ($key and $value) { $command{$key} = $value; } } close($conf) or die("Cannot close $conffile: $!\n"); if ($command{$input}) { exec($command{$input}); exit 1; } die("Unknown command\n"); __END__ =head1 NAME ssh-forcecommand - Whitelist remote commands via ssh config =head1 SYNOPSIS In .ssh/authorized_keys: command="/usr/local/lib/ssh-forcecommand /etc/forcecommand/backup",no-agent-forwarding,no-port- forwarding,no-pty,no-X11-forwarding $key =head1 DESCRIPTION B is a trivial script to safely execute remote commands via ssh. It is especially aimed at automated remote commands (so, ssh keys not secured via password), where a compromise of the remote system (-> private key) could also compromise the local system. To prevent this, you can put the forcecommand into the ssh config (authorized_keys, to be precise), so the remote system can only execute a set of statically defined commands. This way, compromising the local system is made much more difficult. =head1 CONFIGURATION For every public key you want to restrict to the forcecommand, add a line like in SYNOPSIS to the F<.ssh/authorized_keys>. command="..." sets the forcecommand, the other options disable potentially dangerous stuff like port forwardig (Though that is not meant to be an exhaustive list). As you see, the forcecommand accepts exactly one argument, which is the config defining the allowed commands. This way, you can restrict different ssh keys to different sets of commands. A few example configs are provided with this script, see the examples directory. =head1 USAGE Assume you have the following line in your forcecommand config: home = tar -C / -cf - home Now, on the remote system, run this: ssh user@yourhost home On your system, this will translate to: tar -C / -cf - home The forcecommand is 100% static, variables or appending of stuff is not supported. No part of the original ssh command will be dynamically used in the resulting command. This makes ssh-forcecommand quite secure. =head1 AUTHOR Copyright (C) 2010,2011 by Daniel Friesel Ederf@finalrewind.orgE =head1 LICENSE 0. You just DO WHAT THE FUCK YOU WANT TO.