| 1 |
On Fri, Oct 08, 2010 at 10:05:50AM +0200, Andrea Conti wrote: |
| 2 |
> Now, the remote sshd is never sent any information about what is |
| 3 |
> connected to the local end of the pipe (which is not even known to |
| 4 |
> ssh!), so there is no way to alter its behavior depending on that. |
| 5 |
> |
| 6 |
> IOW, nothing in the setup you and I proposed prevents the user from |
| 7 |
> piping an arbitrary command into ssh (or even using a ssh-invoking |
| 8 |
> wrapper such as scp or rsync) and getting successfully authenticated on |
| 9 |
> the server. You are only guaranteed that the server will run tar in |
| 10 |
> place of whatever remote command the client requests, so that the |
| 11 |
> connection will break if the client side sends non-tar data. |
| 12 |
> |
| 13 |
> In my opinion this is quite different from "[allowing] only one single |
| 14 |
> command from a single cronjob to operate passwordless", but then I might |
| 15 |
> just be splitting hairs. |
| 16 |
|
| 17 |
Okay, reading your explanation I agree with you on both counts: the |
| 18 |
behaviour does not exactly fit the letter of the question, and that |
| 19 |
you are splitting hairs because I think the behaviour is good enough |
| 20 |
for the spirit of the message. |
| 21 |
|
| 22 |
Cheers, |
| 23 |
|
| 24 |
W |
| 25 |
-- |
| 26 |
Willie W. Wong wwong@××××××××××××××.edu |
| 27 |
Data aequatione quotcunque fluentes quantitae involvente fluxiones invenire |
| 28 |
et vice versa ~~~ I. Newton |
Archives