moin, moin, I think I mailed the list about this feature when I found out about it a couple of months ago. Theo's got a good example authorized_keys entry at the end. Good quote from Donald Knuth as well. ciao, der.hans -- # https://www.LuftHans.com/ http://www.TOLISGroup.com/ # The Internet is the front line of the battle # to protect our freedom. -- Nathaniel Borenstein ---------- Forwarded message ---------- Date: Fri, 8 Nov 2002 15:20:44 -0500 From: Theo Van Dinter To: Sage Mailing List Subject: Re: [SAGE] Monitoring NT systems using open or free tools? On Fri, Nov 08, 2002 at 12:08:04PM -0800, Benjamin Feen wrote: > Ooh! Ooh! I just learned a cool thing! I wanna share it with the class! > > You can make it so that sshing to a particular account using a particular > key executes a predefined command. > > This looks like a really, really good way to do automated remote checks > for network monitoring. I'm preparing to implement Nagios, and I'm probably > going to be using this for many things. At a former employer we were doing work with Netsaint (Nagios wasn't quite ready when we started) where we would SSH to a machine to do the remote checks for disk, processes, etc. The problem with the command= bit in authorized_keys is that you can only specify a single command. But before you think you need a key per monitor, what we ended up doing was calling a script that used the $SSH_ORIGINAL_COMMAND variable which has the original command given to ssh. That script then verified that the command was valid, did some other security things, and executed the proper monitor. Here's the authorized_keys entry I used BTW, it just limits what can run and from where it can run: from="1.2.3.4",command="/path/to/mux/script",no-port-forwarding,no-X11-forwarding,no-agent-forwarding -- Randomly Generated Tagline: "I decry the current tendency to seek patents on algorithms. There are better ways to earn a living than to prevent other people from making use of one's contributions to computer science." - Donald E. Knuth