1 |
On Fri, Oct 08, 2010 at 10:05:50AM +0200, Andrea Conti wrote: |
2 |
> Now, the remote sshd is never sent any information about what is |
3 |
> connected to the local end of the pipe (which is not even known to |
4 |
> ssh!), so there is no way to alter its behavior depending on that. |
5 |
> |
6 |
> IOW, nothing in the setup you and I proposed prevents the user from |
7 |
> piping an arbitrary command into ssh (or even using a ssh-invoking |
8 |
> wrapper such as scp or rsync) and getting successfully authenticated on |
9 |
> the server. You are only guaranteed that the server will run tar in |
10 |
> place of whatever remote command the client requests, so that the |
11 |
> connection will break if the client side sends non-tar data. |
12 |
> |
13 |
> In my opinion this is quite different from "[allowing] only one single |
14 |
> command from a single cronjob to operate passwordless", but then I might |
15 |
> just be splitting hairs. |
16 |
|
17 |
Okay, reading your explanation I agree with you on both counts: the |
18 |
behaviour does not exactly fit the letter of the question, and that |
19 |
you are splitting hairs because I think the behaviour is good enough |
20 |
for the spirit of the message. |
21 |
|
22 |
Cheers, |
23 |
|
24 |
W |
25 |
-- |
26 |
Willie W. Wong wwong@××××××××××××××.edu |
27 |
Data aequatione quotcunque fluentes quantitae involvente fluxiones invenire |
28 |
et vice versa ~~~ I. Newton |