Wacky SSH Authorized Keys Tricks

Date November 19, 2008

You may have caught my blog post last week about setting up host to host ssh keys.

What you might not have caught was in the comments, where Ben Cotton mentioned a trick I hadn't heard of, namely specifying the allowed remote commands in the authorized_keys line. He said there were even more features available, just waiting on the manpage. I replied that if he wrote it, I'd link to it.

Well, Ben put his money where his mouth is. He goes into nice detail and provides some good links and suggestions. This is really fascinating stuff, and I'm looking forward to using it in my own organization.

Therek over at Unix Sysadmin jumped in the fray, too. He's got three neat tricks for your ssh needs that you should really check out. I had no idea SSH key auth could be bent in these directions!

I've said it before, but I'll keep saying it. I love having visitors to my blog who enjoy what I write, and it really brings it home to interact with everyone like this. I couldn't ask for a better bunch of readers, though to be honest, I'm worried about Ben's longevity. I can't imagine what his cholesterol level must be ;-)

Ben, Therek, thank you both very much! I know my readers will really enjoy these articles. And as for everyone else, the same offer goes for you. If you've got something to share, let me know, I'll be happy to link to your blog entry or host it here if you've got the urge to write.

  • Ben C

    Matt, thanks for letting me give something back! As for my cholesterol, there's a reason I've been eating oatmeal and taking fish oil all year. :-) We'll see at the beginning of the year if I've been able to make any improvements.

  • Matt

    Ben,

    Glad to hear you're doing the oatmeal/omega-3 thing. I'm in awe of your nugget eating abilities. I can only hope that Chick-fil-A has higher quality food than other fast foods :-) Thanks a lot for posting the blog comment. I had every intention of dropping a trackback on your blog, but my day turned out a little more insane than I had planned. Glad you saw the reply :-)

  • therek

    I'd like to thank you both Ben and Matt for giving me an idea what to write about. My article got "Featured Entry" status on ITToolbox and I've got lots of hits from (mostly) German sites linking to both mine and Ben's articles.

    Unfortunatelly trackbacks on ITToolbox never worked...

  • Matt

    @Therek,

    Congrats, that's awesome. And strange about the ITToolbox trackbacks. I've noticed that I can't ever comment on an IT Toolbox blog. I submit a comment, and I always get an error from Lyris Listmanager saying

    "Sorry, but there is no email address by the name of 'linux-locutus-blog.mail_text'."

    In the case of a recent attempt at commenting on Locutus's blog. It's strange.

  • sysadmn

    Great series of articles! I really like the serial collaborative article you've started :-)

    Next chapter -
    Look up "keychain", which automates the whole ssh-agent / ssh-add inheritance at login.

    Daniel Robbins' article is the first and last word:
    http://www.ibm.com/developerworks/library/l-keyc2/