I'm trying to setup a Single-purpose key for copying data to a remote server (using scp), but I'm not sure what the command="" on the key should look like in this case.
Any ideas?
Thanks!
Asked
Active
Viewed 1,038 times
1 Answers
8
When you talk about command="" I assume you refer to the entry you can put in a ~/.ssh/authorized_keys, limiting what command a public ssh key can be used to execute?
When transferring a file across ssh using scp you spawn the following process on the remote side: "scp -t /destination/directory". Hence, if you want an entry only allowing you to scp files into the /tmp directory you will use the following
command="scp -t /tmp"
To my knowledge there is no command="" entry restring a key only to use scp, but at the same time allowing transfers into any destination directory. A completely different solution, which might very well not be what you are after, is using a restrictive shell like scponly.
andol
- 6,938
- 29
- 43
-
Very nice thanks! I was just starting to go with the scponly script, but was uneasy with the unnecessary freedom it gives (as there was only a single target folder). Your solution is just what I needed. – Robert Gould Dec 15 '09 at 08:49