Ssh
授權密鑰中的命令
我已經使用authorized_key創建了一個SSH非root/非超級使用者來遠端登錄我的伺服器並將其關閉,但是,我正在嘗試使用
command=""
語法在authorized_key文件中執行此操作我在authorized_keys文件中有以下內容
command="shutdown -p now",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa
但是,當嘗試執行 ssh 登錄時,雖然使用者能夠登錄….該命令似乎沒有被執行。
在 authorized_keys 中使用命令的正確語法是什麼?
no-port-forwarding,no-x11-forwarding,…等如何影響使用者使用命令遠端登錄的能力?
命令
/usr/bin/ssh -2 -i /path/to/.ssh/rsa -p 22 -vvv -l user xxx.xxx.0.25
調試資訊
debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg ssh-rsa blen 279 debug2: input_userauth_pk_ok: fp // REMOVED debug3: sign_and_send_pubkey: RSA // REMOVED debug1: key_parse_private_pem: PEM_read_PrivateKey failed debug1: read PEM private key done: type <unknown> Saving password to keychain failed debug3: Incorrect RSA1 identifier debug1: read PEM private key done: type RSA Identity added: /.... //removed (/.../.ssh/shutdown_rsa) // removed debug1: read PEM private key done: type RSA debug1: Authentication succeeded (publickey). Authenticated to xxx.xxx.0.25 ([xxx.xxx.0.25]:22). //removed debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0 debug2: callback start debug2: fd 3 setting TCP_NODELAY debug3: packet_set_tos: set IP_TOS 0x10 debug2: client_session2_setup: id 0 debug2: channel 0: request pty-req confirm 1 debug1: Sending environment. debug3: Ignored env TERM_PROGRAM debug3: Ignored env SHELL debug3: Ignored env TERM debug3: Ignored env TMPDIR debug3: Ignored env Apple_PubSub_Socket_Render debug3: Ignored env TERM_PROGRAM_VERSION debug3: Ignored env TERM_SESSION_ID debug3: Ignored env USER debug3: Ignored env SSH_AUTH_SOCK debug3: Ignored env __CF_USER_TEXT_ENCODING debug3: Ignored env PATH debug3: Ignored env PWD debug3: Ignored env XPC_FLAGS debug3: Ignored env XPC_SERVICE_NAME debug3: Ignored env SHLVL debug3: Ignored env HOME debug3: Ignored env LOGNAME debug1: Sending env LC_CTYPE = UTF-8 debug2: channel 0: request env confirm 0 debug3: Ignored env DISPLAY debug3: Ignored env SECURITYSESSIONID debug3: Ignored env _ debug2: channel 0: request shell confirm 1 debug2: callback done
autorhized_keys 中的指令“命令”不執行指定的命令,它只允許使用者使用此密鑰重新執行此特定命令。
兩種猜測:
協議 2 公鑰包括:選項、密鑰類型、base64 編碼密鑰、註釋
我在您的 authorized_keys 文件的行中看不到 base-64 編碼的密鑰。
Identity added: /.... //removed (/.../.ssh/shutdown_rsa) // removed
您提供的鑰匙不止一把嗎?您的 -vvv 不完整 您遺漏了有關提供哪個密鑰的重要資訊。例如,
debug1: Next authentication method: publickey debug1: Offering RSA public key: /Users/Kendall/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg ssh-rsa blen 279