PHWinfo - Afficher un message

09/10/2006, 21h09

In article <452a9ff0$0$30989$426a74cc@news.free.fr> julien Touche
<julien.touche@touche.fr.st> writes:
>Per Hedeland wrote on 08/10/2006 22:28:
>> Worked fine for me (i.e. using multiple commands + wildcard, I didn't
>> specifically try scp) on a quick test with OpenSSH 4.2p1. Though I
>> don't
>i will retry to scp and check there argument but could be that in my
>setup some box are pre-4.0.
>don't know which box release is important ? better to have last release
>on the client or the server ?

The client version is quite irrelevant, it has no influence on the
processing of the options in authorized_keys - doesn't even have to be
OpenSSH at all. And I don't think the server version is important, I
don't believe there has been any significant changes in this particular
area in recent times - the whole command string is passed as-is to your
login shell using the -c option.

>> really see the point in the above case, why not simply put everything
>> you want to do in the script? (Or if you don't want to change
>> "backup-script.sh", create another script to run it + whatever else
>> you want to do.)
>this is about who does the connection: the backuped box or the backup
>box. and i prefer the last one for firewall reasons.

I think you misunderstand me - you're telling the ssh server box to run

a) /path/to/backup-script.sh

and then

b) scp -r -p -f /tmp/backup-*

I'm just saying that you could get the exact same effect with less
messiness in the authorized_keys file, and less worries about what is
actually supported there, by doing one of

1) put that scp command at the end of the /path/to/backup-script.sh
script

or

2) create a new script, say /path/to/do-backup.sh, containing

#!/bin/sh
/path/to/backup-script.sh
scp -r -p -f /tmp/backup-*

and then put just /path/to/do-backup.sh in authorized_keys.

But anyway none of that should be needed.

--Per Hedeland
per@hedeland.org

09/10/2006, 21h09	#4
Per Hedeland Messages: n/a Hébergeur:	Re: ssh script: command/ForceCommand In article <452a9ff0$0$30989$426a74cc@news.free.fr> julien Touche <julien.touche@touche.fr.st> writes: >Per Hedeland wrote on 08/10/2006 22:28: >> Worked fine for me (i.e. using multiple commands + wildcard, I didn't >> specifically try scp) on a quick test with OpenSSH 4.2p1. Though I >> don't >i will retry to scp and check there argument but could be that in my >setup some box are pre-4.0. >don't know which box release is important ? better to have last release >on the client or the server ? The client version is quite irrelevant, it has no influence on the processing of the options in authorized_keys - doesn't even have to be OpenSSH at all. And I don't think the server version is important, I don't believe there has been any significant changes in this particular area in recent times - the whole command string is passed as-is to your login shell using the -c option. >> really see the point in the above case, why not simply put everything >> you want to do in the script? (Or if you don't want to change >> "backup-script.sh", create another script to run it + whatever else >> you want to do.) >this is about who does the connection: the backuped box or the backup >box. and i prefer the last one for firewall reasons. I think you misunderstand me - you're telling the ssh server box to run a) /path/to/backup-script.sh and then b) scp -r -p -f /tmp/backup-* I'm just saying that you could get the exact same effect with less messiness in the authorized_keys file, and less worries about what is actually supported there, by doing one of 1) put that scp command at the end of the /path/to/backup-script.sh script or 2) create a new script, say /path/to/do-backup.sh, containing #!/bin/sh /path/to/backup-script.sh scp -r -p -f /tmp/backup-* and then put just /path/to/do-backup.sh in authorized_keys. But anyway none of that should be needed. --Per Hedeland per@hedeland.org