A Handy SSH Feature
One method to limit SSH access is generating a key pair and restricting how those keys can be used. An example is to allow shell scripts to run in automated mode yet prevent interactive access.
SSH supports certain limitations within the user’s
authorized_keys file. For example:
This entry in the user’s
authorized_keys file prevents the respective user account at
$DEVICE_IP_ADDRESS from opening a terminal shell or running X tools on the destination system yet allows shell scripts to function. SSH access is non-interactive.
This feature does not prevent malicious behavior. A malicious actor could execute
ssh $USER@$COMPUTER "rm -rf /etc" or overwrite or snoop files using
Limiting actions is possible with the
command= option. When that option is used, regardless of what command the remote user sends, the explicit command defined in the
authorized_keys file for that public key is executed and the original command is ignored.