Authorized keys别的用法
来自三线的随记
在使用azure的时候发现了authorized_keys的别的用法,对成功通过验证的用户执行需要的命令,如
no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"dce\" rather than the user \"root\".';echo;sleep 10;exit 142" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDL/yqlzsVtYT8tPaJcWo3jXrTx5N13uBARKJXs5dBIX2TgFOLvBWjHJBggiD2lGcv4K1DpIzo7mQSL4a3Ddvzq8LwFBskIfZgMFuUwaARE+qCSwgSu35q5HR6JHgSekO5U/163IxO4tEkFi2zBtOViEKd4s9+Wk7cOXfnRGZxxQsctEKhsYMTzsGQXWmlRH8LocN4UFqhdU9G19sWpmZ8InfJXwiVJPJ9nE6EW7+K7+UQLxaBINFbakW0mfgiFYbMZzY8V8LBM06Yc+LIt6Bwer4G+2QGA7/86Rv6hufr4YFe82OFSqudIT+BUESH9TsmiUE1EdLMqo0jKpzjOyFx6NeXuPSGEtR2RnSDFqT01ALGQpkQ6bL5H0EXMem95/6ACRM2RYv8cfZpsYbmhKhURAv5MPZ4sfrMyxTxxo1eMRZEbNatuuqgHSc7c6R91MvrBHC3B2dgH3CeO6wlNklJhh1wFOzBRchorQ6bOw+GfB4G55LWjOC+oIHN15irRJm8=
在 man sshd中也有提到相应的配置项
An example authorized_keys file: # Comments allowed at start of line ssh-rsa AAAAB3Nza...LiPk== [email protected] from="*.sales.example.net,!pc.sales.example.net" ssh-rsa AAAAB2...19Q== [email protected] command="dump /home",no-pty,no-port-forwarding ssh-rsa AAAAC3...51R== example.net permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-rsa AAAAB5...21S== permitlisten="localhost:8080",permitopen="localhost:22000" ssh-rsa AAAAB5...21S== tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== [email protected] restrict,command="uptime" ssh-rsa AAAA1C8...32Tv== [email protected] restrict,pty,command="nethack" ssh-rsa AAAA1f8...IrrC5== [email protected]
mark一下有缘再研究