~derf / projects / ssh-forcecommand v1.0
dark mode

This project is no longer being developed. There will be no updates and no security fixes. This page serves archival purposes only.

ssh-forcecommand is a trivial script to safely execute remote commands via ssh. It is especially aimed at automated remote commands (in which ssh keys are not secured via password), where a compromise of the remote system could also compromise the local system.

To prevent this, you can invoke ssh-forcecommand through the ssh configuration, which will limit the remote system so that it can only execute a set of statically defined commands. This way, compromising the local system is made much more diffecult.

See the manual for more.

ssh-forcecommand-1.0.tar.gz (signature)

  • Initial release
  • Put "key = value" pairs in config
  • command="/usr/local/bin/ssh-forcecommand /etc/forcecommand/config" in ssh/authorized_keys
  • static operation, no variables, appending or anything