I need to enable remote execution of a shell script on a server, but deny all other access. The script is a toggle that accepts a single parameter (on/off/status). This comes close to answering my question, but while it works to run scripts remotely, I still can't pass arguments. Is there a way to do this without making a new shell account for each possible argument?
Basically, I want to be able to run on my remote server:
myclient$ ssh remotecontrol@myserver on
myclient$ ssh remotecontrol@myserver off
myclient$ ssh remotecontrol@myserver status
And have this correspond to:
myserver$ ./myscript.sh on
myserver$ ./myscript.sh off
myserver$ ./myscript.sh status
Arcege's response in the linked article could do this, but it doesn't work as a one-liner in a shell script.
SOLUTION DETAILS:
# useradd -Urms /home/remotecontrol/shell.sh remotecontrol
Added the following line to ~remotecontrol/.ssh/authorized_keys to disable remote login:
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa [...public key...] remoteuser@remotehost
Added the following shell script as ~remotecontrol/shell.sh:
#!/usr/bin/env bash
case "$2" in
on)
echo 'Command: on'
;;
off)
echo 'Command: off'
;;
status)
echo 'Command: status'
;;
*)
echo 'Invalid command'
;;
esac
Best Answer
If you use a custom shell as suggested by Arcege and 2bc, then that shell will receive the command which the user intends to execute as an argument because the shell is invoked like this:
So ignore the
-c(that your$1) and find the command in$2. For example:If you use a forced command as suggested by Coren then you will find the command that the user intended to invoke in the environment variable
$SSH_ORIGINAL_COMMAND. You can use a script similar to the one above.