fork https://github.com/mattsta/mailwebHEAD master

author: clarkzjw <[email protected]> 2023-02-08 00:40:09 -0800
committer: clarkzjw <[email protected]> 2023-02-08 00:40:09 -0800
commit: 1204730924436ef9e1c7c49c9557837f9a5ed0e8 (patch)
tree: 129d79dfd11245751cee6d4082ff5d2f6e941610 /ansible/roles/common/files/ssh-transfer-only.sh
parent: 9635ac4dedf69de5bff65785bcc16bef80b52d75 (diff)
download: mail-master.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/ansible/roles/common/files/ssh-transfer-only.sh b/ansible/roles/common/files/ssh-transfer-only.sh
new file mode 100755
index 0000000..c1f0624
--- /dev/null
+++ b/ansible/roles/common/files/ssh-transfer-only.sh
@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+# Only allow ssh commands starting with 'scp' or 'rsync'
+case $SSH_ORIGINAL_COMMAND in
+    scp*)
+        $SSH_ORIGINAL_COMMAND ;;
+    rsync*)
+        $SSH_ORIGINAL_COMMAND ;;
+    *)
+        echo "Not allowed with this key: $SSH_ORIGINAL_COMMAND" ;;
+esac
author	clarkzjw <[email protected]>	2023-02-08 00:40:09 -0800
committer	clarkzjw <[email protected]>	2023-02-08 00:40:09 -0800
commit	1204730924436ef9e1c7c49c9557837f9a5ed0e8 (patch)
tree	129d79dfd11245751cee6d4082ff5d2f6e941610 /ansible/roles/common/files/ssh-transfer-only.sh
parent	9635ac4dedf69de5bff65785bcc16bef80b52d75 (diff)
download	mail-master.tar.gz

diff --git a/ansible/roles/common/files/ssh-transfer-only.sh b/ansible/roles/common/files/ssh-transfer-only.sh new file mode 100755 index 0000000..c1f0624 --- /dev/null +++ b/ansible/roles/common/files/ssh-transfer-only.sh
@@ -0,0 +1,11 @@
	1	#!/usr/bin/env bash
	2
	3	# Only allow ssh commands starting with 'scp' or 'rsync'
	4	case $SSH_ORIGINAL_COMMAND in
	5	scp*)
	6	$SSH_ORIGINAL_COMMAND ;;
	7	rsync*)
	8	$SSH_ORIGINAL_COMMAND ;;
	9	*)
	10	echo "Not allowed with this key: $SSH_ORIGINAL_COMMAND" ;;
	11	esac