On Thu, Jul 2, 2009 at 1:29 PM, Allan Marcus<al...@lanl.gov> wrote: > from what I can tell, this is almost a great idea, except that by > using the command="/usr/sbin/puppetca", we would be ignoring any > command passed to the ssh session. The best I can figure there would > be no way to restrict the ssh session to just the puppetca command and > pass the certname to the server to get cleaned up.
Look at the documentation for sshd again. What we're doing is saying "if this key is used to start an ssh session, don't run anything except the command listed here." --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
