查看“︁How to add commands in authorized keys 在公钥添加命令”︁的源代码


== how to add commands in authorized_keys 在公钥添加命令==
<pre>
SSH authorized_keys command option: multiple commands?

No. Is is not "allowed" command, but "forced" command (as ForceCommand option).

The only possibility is to use different keys for different commands or read parameters from stdin

[game@bin .ssh]$ cat /home/game/.ssh/authorized_keys&nbsp;<br/> command="~/.ssh/wrapper.sh",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty &nbsp;ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwG9rdQ//94aIkejb6oGnb+R0IgXs11X11u9o2qbUqEoRDOYsS7Xlx4chEgtWquOMcjLWqzPw71DXaWIxdVxmY3/bQIc8FHQuT5FfjES35qsz7wml/gQJGuadxJ2MuR/auamj6JZgmBy5vwyJ+cSSx+u7VVq/Hws33DY8dVM6QGBqcQerUG/gsfMbbOZG8ras/xzWmgPuNWNMfwoZWdvlb7G6FRpjhdypjqu1Gf6CHc/SJ+/EL57Mzwy9Md51J5qw4fcvbTp9l11wEX6+Njxt70WbxGNRRpQ== test &nbsp;key

</pre>
==原理==
<pre>
了解authorized_keys中的command等一系列选项可以用于限定使用公钥验证登录后只能执行的命令，服务器在完成该脚本额执行后，SSH也会中端和客户端的通信。
authorized_keys中的command选项描述如下：
command=”command”
Specifies that the command is executed whenever this key is used
for authentication. The command supplied by the user (if any) is
ignored. The command is run on a pty if the client requests a
pty; otherwise it is run without a tty. If an 8-bit clean chan-
nel is required, one must not request a pty or should specify
no-pty. A quote may be included in the command by quoting it
with a backslash. This option might be useful to restrict cer-
tain public keys to perform just a specific operation. An exam-
ple might be a key that permits remote backups but nothing else.
Note that the client may specify TCP and/or X11 forwarding unless
they are explicitly prohibited. The command originally supplied
by the client is available in the SSH_ORIGINAL_COMMAND environ-
ment variable. Note that this option applies to shell, command
or subsystem execution.
</pre>

==参考==
how to add commands in .ssh/authorized_keys

http://stackoverflow.com/questions/26171836/how-to-add-commands-in-ssh-authorized-keys

http://serverfault.com/questions/749474/ssh-authorized-keys-command-option-multiple-commands

[http://debugo.com/restrict-ssh-command/ 限定SSH登录的命令执行]

http://man.he.net/man5/authorized_keys
[[Category:ops]]