1

I've spent fair amount of day fiddling with this, and I'm about to give up (for today).

I followed the instructions outlined here.

All works at the moment. But to increase security I'd like to implement some limits in authorized_keys file.

I tried:

command="/bin/nc",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty
ssh-dss AAAAB3....o9M9qz4xqGCqGXoJw= user@host

Since tutorial uses this command on munin-nodes:

address ssh://floppa.example.com/bin/nc localhost 4949

I thought munin only would need that to run smoothly. But I was wrong. Restricting shell only to /bin/nc causes timeout error on munin-master.

How do I implement this limit and not break the way munin native ssh works?

dawud
  • 15,096
  • 3
  • 42
  • 61
Red Balloon
  • 35
  • 8
  • What is your version of munin master ? What is the result of "ssh floppa.example.com /bin/nc localhost 4949". They use /usr/bin/nc, is it ok for you to use /bin/nc ? – kranteg Apr 16 '14 at 13:25
  • @kranteg I use Munin version 2.0.19. ssh floppa.example.com /bin/nc localhost 4949 returns remote server shell, whre I can type list and get plugin data from munin-node. I'm on debian netcat resides in /bin/nc – Red Balloon Apr 16 '14 at 15:25

1 Answers1

0

This works for me:

command="/bin/nc localhost 4949",no-pty,no-X11-forwarding,no-agent-forwarding,no-port-forwarding
heuri
  • 81
  • 2
  • 8