Open
Conversation
sshdo provides an easily configurable way of controlling which commands may be executed via incoming ssh connections. An ssh public key in a ~/.ssh/authorized_keys file can have a command="" option which forces a particular command to be executed when the key is used to authenticate an ssh connection. This is a security control that mitigates against private key compromise. This is great when you only need to execute a single command. But if you need to perform multiple tasks, you would normally need to create and install a separate key pair for each command, or just not bother making use of forced commands and allow the key to be used to execute any command. Instead, you can make sshdo act as the forced command, and when an ssh connection tries to execute a command, sshdo will consult the configuration files, /etc/sshdoers and /etc/sshdoers.d/*, to decide whether or not the user and key are allowed to execute the command. The requested command is only executed if it is allowed by the configuration. This makes it possible to use a single authorized key for any number of commands and still prevent its use for any other purpose. You will need to identify which commands need to be allowed by each user and authorized key. To make this easy, sshdo can be put into training mode where it will allow (and log) the exeution of all commands. After some time, sshdo can then learn from the logs and create the configuration necessary to allow the commands that were encountered during training mode. It can also unlearn occasionally and create a new configuration that will no longer allow commands that no longer appear to be in use. This can help to maintain strict least privilege. sshdo is freely available under the GNU General Public License Version 2 or later.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
sshdo provides an easily configurable way of controlling which commands may be executed via incoming ssh connections.
An ssh public key in a ~/.ssh/authorized_keys file can have a command="" option which forces a particular command to be executed when the key is used to authenticate an ssh connection. This is a security control that mitigates against private key compromise.
This is great when you only need to execute a single command. But if you need to perform multiple tasks, you would normally need to create and install a separate key pair for each command, or just not bother making use of forced commands and allow the key to be used to execute any command.
Instead, you can make sshdo act as the forced command, and when an ssh connection tries to execute a command, sshdo will consult the configuration files, /etc/sshdoers and /etc/sshdoers.d/*, to decide whether or not the user and key are allowed to execute the command. The requested command is only executed if it is allowed by the configuration.
This makes it possible to use a single authorized key for any number of commands and still prevent its use for any other purpose.
You will need to identify which commands need to be allowed by each user and authorized key. To make this easy, sshdo can be put into training mode where it will allow (and log) the exeution of all commands.
After some time, sshdo can then learn from the logs and create the configuration necessary to allow the commands that were encountered during training mode.
It can also unlearn occasionally and create a new configuration that will no longer allow commands that no longer appear to be in use. This can help to maintain strict least privilege.
sshdo is freely available under the GNU General Public License Version 2 or later.