Authorized keys别的用法

来自三线的随记
Admin讨论 | 贡献2021年9月13日 (一) 13:41的版本 (创建页面,内容为“在使用azure的时候发现了authorized_keys的别的用法,对成功通过验证的用户执行需要的命令,如 no-port-forwarding,no-agent-forwarding,no…”)
(差异) ←上一版本 | 最后版本 (差异) | 下一版本→ (差异)

在使用azure的时候发现了authorized_keys的别的用法,对成功通过验证的用户执行需要的命令,如

no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"dce\" rather than the user \"root\".';echo;sleep 10;exit 142" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDL/yqlzsVtYT8tPaJcWo3jXrTx5N13uBARKJXs5dBIX2TgFOLvBWjHJBggiD2lGcv4K1DpIzo7mQSL4a3Ddvzq8LwFBskIfZgMFuUwaARE+qCSwgSu35q5HR6JHgSekO5U/163IxO4tEkFi2zBtOViEKd4s9+Wk7cOXfnRGZxxQsctEKhsYMTzsGQXWmlRH8LocN4UFqhdU9G19sWpmZ8InfJXwiVJPJ9nE6EW7+K7+UQLxaBINFbakW0mfgiFYbMZzY8V8LBM06Yc+LIt6Bwer4G+2QGA7/86Rv6hufr4YFe82OFSqudIT+BUESH9TsmiUE1EdLMqo0jKpzjOyFx6NeXuPSGEtR2RnSDFqT01ALGQpkQ6bL5H0EXMem95/6ACRM2RYv8cfZpsYbmhKhURAv5MPZ4sfrMyxTxxo1eMRZEbNatuuqgHSc7c6R91MvrBHC3B2dgH3CeO6wlNklJhh1wFOzBRchorQ6bOw+GfB4G55LWjOC+oIHN15irRJm8=


在 man sshd中也有提到相应的配置项

     An example authorized_keys file:

        # Comments allowed at start of line
        ssh-rsa AAAAB3Nza...LiPk== [email protected]
        from="*.sales.example.net,!pc.sales.example.net" ssh-rsa
        AAAAB2...19Q== [email protected]
        command="dump /home",no-pty,no-port-forwarding ssh-rsa
        AAAAC3...51R== example.net
        permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-rsa
        AAAAB5...21S==
        permitlisten="localhost:8080",permitopen="localhost:22000" ssh-rsa
        AAAAB5...21S==
        tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...==
        [email protected]
        restrict,command="uptime" ssh-rsa AAAA1C8...32Tv==
        [email protected]
        restrict,pty,command="nethack" ssh-rsa AAAA1f8...IrrC5==
        [email protected]


mark一下有缘再研究