On Thu, Sep 13, 2001 at 01:27:05PM +0200, Richard Atterer wrote: > Indeed. > > You might want to experiment with the following: Create a dedicated > user on the machine that you log into, whose default shell is not > /bin/sh, but a script of yours which executes rsync with the right > options, no matter what arguments are passed to it. Also, the user > should not be able to write to any files in his home directory. > > This way, even if the key is compromised, it will be difficult for the > attacker to do anything but run that one command. This doesn't provide > an awful lot of security, and a determined attacker might find a way > to circumvent it, but it's already a lot better than a completely open > account.
Don't even bother :) Use command restriction. man sshd(8), search for command=. -- Daniel Jacobowitz Carnegie Mellon University MontaVista Software Debian GNU/Linux Developer
