Simplifies running a single command over SSH, and manages authorized keys (ACL) and users in order to do so.
It basically simplifies running:
ssh user@server'ls -l <your-args>'
into:
sshcommand create<USER><COMMAND># Creates a local system user and installs sshcommand skeletonsshcommand acl-add<USER><NAME><KEY_FILE># Adds named SSH key to user from STDIN or argumentsshcommand acl-remove<USER><NAME># Removes SSH key by namesshcommand acl-remove-by-fingerprint<USER><FINGERPRINT># Removes SSH key by fingerprintsshcommand list<USER> [<NAME>] [<OUTPUT_TYPE>]# Lists SSH keys by user, an optional name and a optional output format (JSON)sshcommandhelp<COMMAND># Shows help informationsshcommand version# Shows version
On a server, create a new command user:
sshcommand create cmd /path/to/command
On your computer, add authorized keys with your key:
cat~/.ssh/id_rsa.pub| ssh root@server sshcommand acl-add cmd progrium
If the public key is already on the server, you may also specify it as an argument:
ssh root@server sshcommand acl-add cmd progrium~/.ssh/id_rsa.pub
By default, key names and fingerprints must be unique. Both of these checks can be disabled by setting the following environment variables tofalse:
export SSHCOMMAND_CHECK_DUPLICATE_FINGERPRINT="false"export SSHCOMMAND_CHECK_DUPLICATE_NAME="false"
Now anywhere with the private key you can easily run:
Anything you pass as the command string will be appended to the command. You can use thisto pass arguments or if your command takes subcommands, expose those subcommands easily.
/path/to/command subcommand
Can be run remotely with:
ssh cmd@server subcommand
When adding an authorized key, you can also specify custom options forAUTHORIZED_KEYSby specifying theSSHCOMMAND_ALLOWED_KEYS environment variable. This should be a listof comma-separated options. The default keys are as follows:
no-agent-forwarding,no-user-rc,no-X11-forwarding,no-port-forwarding
This can be useful for cases where the ssh server does not allow certain options or youwish to further constrain a user's environment. Please seeman sshd for more information.
Existing keys can be listed via thelist subcommand:
# in text formatsshcommand list cmd# filter by a particular namesshcommand list cmd progrium# in json formatsshcommand list cmd"" json# with name filteringsshcommand list cmd progrium json# ignore validation errors (though they will be printed to stderr)export SSHCOMMAND_IGNORE_LIST_WARNINGS=truesshcommand list cmd
