Tue Jul 31 16:22:35 EDT 2012

Simple services

I have one untrusted host that needs add hoc services from a trusted
one, but I do not want to provide a generic login from untrusted ->
trusted, so I'd like to use a single ssh key to allow untrusted host
to run a limited number of non-parameterized scripts.

How safe is this?  I guess if the scripts are non-parameterized, the
opportunity for introducing loopholes is greatly reduced.

Instead of doing this through root ssh, it might be simpler to create
a separate login and use setuid root or sudo.  It seems that of all
these options, ssh is safest if the dispatching can be limited.