Ssh

授權密鑰中的命令

  • September 24, 2021

我已經使用authorized_key創建了一個SSH非root/非超級使用者來遠端登錄我的伺服器並將其關閉,但是,我正在嘗試使用command=""語法在authorized_key文件中執行此操作

我在authorized_keys文件中有以下內容

command="shutdown -p now",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa 

但是,當嘗試執行 ssh 登錄時,雖然使用者能夠登錄….該命令似乎沒有被執行。

在 authorized_keys 中使用命令的正確語法是什麼?

no-port-forwarding,no-x11-forwarding,…等如何影響使用者使用命令遠端登錄的能力?

命令

/usr/bin/ssh -2 -i /path/to/.ssh/rsa -p 22 -vvv -l user xxx.xxx.0.25

調試資訊

debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp 
// REMOVED
debug3: sign_and_send_pubkey: RSA 
// REMOVED
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Saving password to keychain failed
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type RSA
Identity added: /.... //removed
(/.../.ssh/shutdown_rsa) // removed 
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to xxx.xxx.0.25 ([xxx.xxx.0.25]:22). //removed
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: packet_set_tos: set IP_TOS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug3: Ignored env TERM_PROGRAM
debug3: Ignored env SHELL
debug3: Ignored env TERM
debug3: Ignored env TMPDIR
debug3: Ignored env Apple_PubSub_Socket_Render
debug3: Ignored env TERM_PROGRAM_VERSION
debug3: Ignored env TERM_SESSION_ID
debug3: Ignored env USER
debug3: Ignored env SSH_AUTH_SOCK
debug3: Ignored env __CF_USER_TEXT_ENCODING
debug3: Ignored env PATH
debug3: Ignored env PWD
debug3: Ignored env XPC_FLAGS
debug3: Ignored env XPC_SERVICE_NAME
debug3: Ignored env SHLVL
debug3: Ignored env HOME
debug3: Ignored env LOGNAME
debug1: Sending env LC_CTYPE = UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env DISPLAY
debug3: Ignored env SECURITYSESSIONID
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug2: callback done

autorhized_keys 中的指令“命令”不執行指定的命令,它只允許使用者使用此密鑰重新執行此特定命令。

兩種猜測:

協議 2 公鑰包括:選項、密鑰類型、base64 編碼密鑰、註釋

我在您的 authorized_keys 文件的行中看不到 base-64 編碼的密鑰。

Identity added: /.... //removed
(/.../.ssh/shutdown_rsa) // removed 

您提供的鑰匙不止一把嗎?您的 -vvv 不完整 您遺漏了有關提供哪個密鑰的重要資訊。例如,

debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/Kendall/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279

引用自:https://serverfault.com/questions/718317