/usr/sbin/sshd -D -d -e -p 2000
To use a passphrase-less ssh key:
#!/bin/ksh ## ## This script creates a special use passphrase-less ## ssh private/public key pair, and also a public key ## specially crafted to execute a single defined command ## initiated from a single defined host, and then exit. ## ## The default values provided are valid and useful for ## testing without exposing anything that can be used to ## escalate privileges. ## ## The single argument should be a short description of ## the purpose of the key, i.e.: ## ## logs-rsync ## ## Which will be used to name the output keyfile. ## ## The unprivileged user referred to by this script can ## access files via a group shared with a more privileged ## user. If you don't understand how that works, you ## should NOT use this script. ## ## Phil Ehrens <phil@slug.org> ## # # Generate a passphrase-less key pair by running keygen # and just hitting enter when it prompts. # ssh-keygen -f ~/.ssh/$1_ssh_key -b 2048 # # Generate the prototype special purpose key. # echo "# Special purpose $1 key - *** UNENCRYPTED ***" >~/.ssh/$1_authorized_key echo -n "command=\"/usr/bin/uptime\",from=\"`uname -n`.NETWORK.DOM\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding " >>~/.ssh/$1_authorized_key cat ~/.ssh/$1_ssh_key.pub >>~/.ssh/$1_authorized_key # # Helpful message ;^) # echo "" echo "" echo " You MUST EDIT and then copy the file:" echo "" echo " ~/.ssh/$1_authorized_key" echo "" echo " to the .ssh/authorized_keys file on \$REMOTEHOST." echo "" echo " To use the key:" echo "" echo " ssh -i ~/.ssh/$1_ssh_key \$REMOTEHOST" echo "" echo " Preferably via the crontab of a special unprivileged user." echo "" echo ""
To detect passphraseless keys (quoting is probably overdone, and name matching pattern is NAIVE):
find /home/*/.ssh \( -name "id_dsa" -o -name "id_rsa" \) -exec egrep -L "Proc-Type" \{\} \; 2>/dev/null