Single purpose keys for scp

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I have successfully been using "single purpose" keys to do some basic remote
commands over ssh. To create a single purpose key, I have been pre-pending
the following text (as an example) to the beginning of a public key in the

command="df -k",no-port-forwarding,no-X11-forwarding,no-agent-forwarding
ssh-dss AA....... etc.

This enables only the running of the "df -k" command remotely (and only the
df -k command).

This works fine when you want to run a command on a remote machine. But what
command can you use, if you want to scp FROM your local machine TO a remote
machine (ie. the scp command needs to be run from the local machine), and
that is all you want to allow to be done. I can't quite get my head around
it and would greatly appreciate any clues.

Craig Robinson
Information Systems Unit
Corporate Development Division
Environmental Protection Agency
Ph: (07) 3006 4629
Fax: (07) 3227 6534
Mobile: 0411 477 921
Visit us online at

Re: Single purpose keys for scp

Quoted text here. Click to load it

Still prettiest by far.

Site Timeline