[TriEmbed] need some specific help tonight

Pete Soper pete at soper.us
Mon Oct 9 13:35:53 CDT 2017 


On 10/09/2017 02:07 PM, Robert Gasiorowski wrote:
> Instead of password, why don't you use rsa keys? That way, you don't 
> have to give your password away.
> Create two sets of rsa keys, one for you and one for the user, then 
> add both private keys to authorized_keys on the server, you keep your 
> private key, and the user will get the second private key.

Thanks, Bob! This is what I meant by "second ssh password".  I'm 98% 
sure I can follow some detailed steps to accomplish this, but it isn't 
sufficient: somebody could simply log into the server and do anything at 
all with the session. I think I need for the login program (i.e. 
typically a shell) to somehow know what password was used for the login.

But while dealing with a phone call private msg got here. If that works 
I'll publish a cheat sheet in case anybody is interested.

-Pete
>
> On Mon, Oct 9, 2017 at 1:51 PM, Pete Soper via TriEmbed 
> <triembed at triembed.org <mailto:triembed at triembed.org>> wrote:
>
>     Folks,
>       I have a problem that is off topic, but there is past precedent
>     for us helping each other with whatever. I'm hoping somebody can
>     sit with me and my laptop for a few minutes at tonight's meeting
>     and help me implement a secure but strictly limited access
>     scenario with my personal domain server.
>
>       I have a git repo on my personal domain server and can push/pull
>     remotely using my user account id and password on a server running
>     an old version of CentOS (2.6 kernel).
>
>       What I need is to enable alternate access by a second party
>     where the person doing the access a) cannot use it for anything
>     except a git push or pull, b) uses a different password from my
>     regular one, and c) can instantly lose this access if I'm told by
>     my ISP that this dog won't hunt in regards to his terms of service.
>
>       My simple minded understanding of this is that I need to arrange
>     a second ssh password, which I think I can figure out, and somehow
>     only allow that password to be used for git commands (which I have
>     no clue about). I think this latter detail is either impossible
>     without a second user account on the server, and that isn't an
>     option, or else with some additional authentication magic that
>     recognizes my regular password and proceeds or this other password
>     that redefines PATH or something to make all but git inaccessible.
>     Or maybe somebody knows of a virtually nearby log I can fall over.
>
>
>     -Pete
>
>
>     _______________________________________________
>     Triangle, NC Embedded Computing mailing list
>     TriEmbed at triembed.org <mailto:TriEmbed at triembed.org>
>     http://mail.triembed.org/mailman/listinfo/triembed_triembed.org
>     <http://mail.triembed.org/mailman/listinfo/triembed_triembed.org>
>     TriEmbed web site: http://TriEmbed.org
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.triembed.org/pipermail/triembed_triembed.org/attachments/20171009/10fad384/attachment.htm>

More information about the TriEmbed mailing list