Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

authorized_keys with command= option

449 views
Skip to first unread message

sam

unread,
May 3, 2005, 1:52:57 PM5/3/05
to
Hi,

I m having problem to allow remote client use scp transfer multiple
files to a specific directory in a remote server.
I m using Openssh 3.8.1p1 in FreeBSD 5.2.

The following line is inserted in the beginning of the authorized_keys
in the remote server:

no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="scp
-p -f /usr/local/etc/",from="192.168.1.1"

In here, 192.168.1.1 is the client, 192.168.1.254 is the server.
Client want transfer files to the server with scp.

After kill -HUP the sshd pid in the remote server, I tried to scp file
to it with a scp commandline, but it hangs untill I pressed the ctl-c key.

Here is the command I used to transfer a file to the remote server:
scp -p test.cnf test2.conf abc.sh -l toor 192.168.1.254:/usr/local/etc/

Hhow can I troubleshoot and fix this problem?

Thanks
Sam

Bill Marcum

unread,
May 3, 2005, 5:23:37 PM5/3/05
to
On Wed, 04 May 2005 01:52:57 +0800, sam
<sam++@--.com> wrote:
>
> Here is the command I used to transfer a file to the remote server:
> scp -p test.cnf test2.conf abc.sh -l toor 192.168.1.254:/usr/local/etc/
>
> Hhow can I troubleshoot and fix this problem?
>
scp -v

--
QOTD:
"It's not the despair... I can stand the despair. It's the hope."

sam

unread,
May 3, 2005, 8:59:07 PM5/3/05
to
Bill Marcum wrote:
> On Wed, 04 May 2005 01:52:57 +0800, sam
> <sam++@--.com> wrote:
>
>>Here is the command I used to transfer a file to the remote server:
>>scp -p test.cnf test2.conf abc.sh -l toor 192.168.1.254:/usr/local/etc/
>>
>>Hhow can I troubleshoot and fix this problem?
>>
>
> scp -v
>

Thanks, very handy option.
I got this output from the screen:
# scp -v -p bookmarks.html to...@192.168.4.254:/usr/local/etc/
....
....

debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug1: Remote: Bad options in /root/.ssh/authorized_keys file, line 1:
"command=scp -p -f /usr/local/etc/",from="192.168.
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:

Any idea?

Thanks
Sam

Richard E. Silverman

unread,
May 3, 2005, 9:24:48 PM5/3/05
to
>>>>> "sam" == sam <sam++@--.com> writes:

sam> no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="scp
sam> -p -f /usr/local/etc/",from="192.168.1.1"

This is not how scp works; see:

http://www.snailbook.com/faq/restricted-scp.auto.html

--
Richard Silverman
r...@qoxp.net

sam

unread,
May 3, 2005, 10:07:59 PM5/3/05
to
Richard E. Silverman wrote:
>>>>>>"sam" == sam <sam++@--.com> writes:
>
>
> sam> no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="scp
> sam> -p -f /usr/local/etc/",from="192.168.1.1"
>
> This is not how scp works; see:
>
> http://www.snailbook.com/faq/restricted-scp.auto.html
>
Thhis reference is not in detail, and only described a little further in
SSH1. I m using version of SSH > 2.

However I managed to dicovered what the scp commandline is interpreted
by the remote host. It is scp -p -t dir as translated by the remote host.

I read some where that I can define regular expression in the command=
option line. But I m not sure how to do so. I want to define something
as follow:
command="scp -p -t (/usr/local/etc/*|/etc/)"
or
command="scp -p -t (*/etc/*)"

Thanks
Sam

Richard E. Silverman

unread,
May 4, 2005, 8:24:40 AM5/4/05
to

> Richard E. Silverman wrote:
> >>>>>>"sam" == sam <sam++@--.com> writes:
> > sam>
> > no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="scp
> > sam> -p -f /usr/local/etc/",from="192.168.1.1"
> > This is not how scp works; see:
> > http://www.snailbook.com/faq/restricted-scp.auto.html
> >
> Thhis reference is not in detail, and only described a little further in
> SSH1. I m using version of SSH > 2.

The version of the SSH protocol in use is irrelevant. scp simply runs ssh
for transport; what protocol version ssh uses is invisible to scp. The
point is that you're using the rcp-style scp.

> However I managed to dicovered what the scp commandline is interpreted by
> the remote host. It is scp -p -t dir as translated by the remote host.

You might have managed to discover it written on the page I gave you,
which is why I gave it.

> I read some where that I can define regular expression in the command=
> option line.

No.

> But I m not sure how to do so. I want to define something as
> follow:
> command="scp -p -t (/usr/local/etc/*|/etc/)"
> or
> command="scp -p -t (*/etc/*)"

Again, read the page I gave you. There is a sample script.

--
Richard Silverman
r...@qoxp.net

0 new messages