Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
Sign upsystemd should document ways of locking down `systemctl --host` #13358
Comments
This comment has been minimized.
This comment has been minimized.
|
The OpenSSH documentation has everything you need for this, in |
This comment has been minimized.
This comment has been minimized.
|
Yes, sure... I know how to do it because I'm using it all the time to lock down access by key, e.g. for backup access. All that's needed would be an example of which command Actually, most other software has an example for this, i.e. borgbackup has an example. They don't say
Ah yes, here we are: Define "specific command". Thanks. :-) |
This comment has been minimized.
This comment has been minimized.
|
i'm pretty sure it's "systemd-stdio-bridge" which is used to connect it directly to dbus, but please check the source to make sure... |
This comment has been minimized.
This comment has been minimized.
|
Okay, that's a starting point at least. I'll look into it and maybe create a patch for documentation. Thanks. |
This comment has been minimized.
This comment has been minimized.
|
Yes something like this:
|
This comment has been minimized.
This comment has been minimized.
|
By coincidence, I found it's running |
This comment was marked as off-topic.
This comment was marked as off-topic.
|
please sent ome gis projects every interested one via abiyuaxum@gmail.com |
This comment has been minimized.
This comment has been minimized.
|
I can't understand what are you people saying |
This comment has been minimized.
This comment has been minimized.
|
Please tell me how could i learn this |
Is your feature request related to a problem? Please describe.
We want to implement a management container that is sibling to other nspawn containers it manages. So far it was easy to get access to those containers using
systemctl -H parenthost/machine restart some.service. We added an ssh-key so that machine can easily SSH to the host without requiring a password. But I wonder about security: I've found no documentation / clues about how to implement a wrapper or forced command on the SSH host side throughauthorized_key.Describe the solution you'd like
systemd should come with an example wrapper or some documentation about how the SSH connection is actually used so admins can lock down such access with SSH forced commands.