[Nagiosplug-devel] restricted shell for nagios checks

Olivier 'Babar' Raginel nagios at babar.us
Fri Nov 7 18:01:47 CET 2008

On Fri, Nov 07, 2008 at 03:46:25PM +0000, Martin.Gerdes at directbox.com wrote:
> I wanted to use ssh to execute checkscripts (and evaluate their results).
> But I didn't want to give that account a full shell,
> Opinions or thoughts? Any glaring security holes I am overlooking?

You might want to have a look at ssh's build-in features for this.
Typically, set a key in your authorized_keys with:
command="some_wrapper $SSH_ORIGINAL_COMMAND" ssh-dss ...

Might help if you've never used this.

Just my 2 cts.


More information about the Devel mailing list