Tue Jul 31 16:22:35 EDT 2012
I have one untrusted host that needs add hoc services from a trusted
one, but I do not want to provide a generic login from untrusted ->
trusted, so I'd like to use a single ssh key to allow untrusted host
to run a limited number of non-parameterized scripts.
How safe is this? I guess if the scripts are non-parameterized, the
opportunity for introducing loopholes is greatly reduced.
Instead of doing this through root ssh, it might be simpler to create
a separate login and use setuid root or sudo. It seems that of all
these options, ssh is safest if the dispatching can be limited.