Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- SSH and passing parameters
May 27, 2005, 5:52 pm
rate this thread
Does anyone know if it is possible to pass a parameter from a local
shell to a remote shell when you carry out an interactive ssh login.
The reason I ask is if you su to root on your local host a `who am i`
still shows your original username and not root.
When you ssh to a remote host as root however a `who am i` will show
root and not the original user name.
What I would like to do is assign a parameter say USER-LOCAL. When root
then ssh's to a remote server the variable USER-LOCAL is carried from
the local shell to the remote shell. This would then enable me to track
who owned each root session on the remote box.
Thanks in advance,
- Richard E. Silverman
May 28, 2005, 12:53 am
Re: SSH and passing parameters
One solution is to publickey authentication with OpenSSH, having a
separate key for each user in ~root/.ssh/authorized_keys, like so:
environment="USER_LOCAL=joe" ssh-dss AAAAB3NzaC1kc3MAAACBAMXXH+Sz...
environment="USER_LOCAL=bob" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAA...
A better overall solution can be had with Kerberos. The usual reason for
ssh'ing "as root" is that su or sudo require a password, hence is
cumbersome for administration -- but you don't want to allow root access
with no extra authentication at all. With Kerberos, you can do the
$ ssh remote.host.net ksu -e command
SSH will forward Kerberos credentials across the connection, where they
can be used to authorize root access (~root/.k5login).
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum