PHWinfo - Afficher un message

08/10/2006, 21h28

In article <4528e447$0$21867$426a34cc@news.free.fr> julien Touche
<julien.touche@touche.fr.st> writes:
>
>i'm trying to secure/tune my backup script with ssh like this:
>http://www.hackinglinuxexposed.com/a.../20030109.html
>
>few problems:
>- command/ForceCommand doesn't seem to accept wildcards or a chained
>command like:
>command="/path/to/backup-script.sh;scp -r -p -f /tmp/backup-*"
>(openbsd could maybe, do this with systrace)

Worked fine for me (i.e. using multiple commands + wildcard, I didn't
specifically try scp) on a quick test with OpenSSH 4.2p1. Though I don't
really see the point in the above case, why not simply put everything
you want to do in the script? (Or if you don't want to change
"backup-script.sh", create another script to run it + whatever else you
want to do.)

>- same for from/Host: no wildcard ?

Using from= with wildcard (as documented) worked fine for me too, don't
know what "Host:" refers to. Of course you need to have DNS / hosts file
set up such that your client IP address really maps back to the expected
host name on the server (and presumably that the name in turn maps
forward to the IP address). Assuming you have a host name in from=, that
is - IP addresses can also be used.

--Per Hedeland
per@hedeland.org

08/10/2006, 21h28	#2
Per Hedeland Messages: n/a Hébergeur:	Re: ssh script: command/ForceCommand In article <4528e447$0$21867$426a34cc@news.free.fr> julien Touche <julien.touche@touche.fr.st> writes: > >i'm trying to secure/tune my backup script with ssh like this: >http://www.hackinglinuxexposed.com/a.../20030109.html > >few problems: >- command/ForceCommand doesn't seem to accept wildcards or a chained >command like: >command="/path/to/backup-script.sh;scp -r -p -f /tmp/backup-*" >(openbsd could maybe, do this with systrace) Worked fine for me (i.e. using multiple commands + wildcard, I didn't specifically try scp) on a quick test with OpenSSH 4.2p1. Though I don't really see the point in the above case, why not simply put everything you want to do in the script? (Or if you don't want to change "backup-script.sh", create another script to run it + whatever else you want to do.) >- same for from/Host: no wildcard ? Using from= with wildcard (as documented) worked fine for me too, don't know what "Host:" refers to. Of course you need to have DNS / hosts file set up such that your client IP address really maps back to the expected host name on the server (and presumably that the name in turn maps forward to the IP address). Assuming you have a host name in from=, that is - IP addresses can also be used. --Per Hedeland per@hedeland.org