Praetorian is a command to be used as an ssh command that allow multiple
commands for multiple ssh keys. It is similar to sshcommand
for the $HOME/.ssh/authorized_keys
part, as it uses the same format.
The basic idea is to allow a set of commands for an identity (a.k.a. an ssh key). Each identities are identified by an alias, a given name for the public keys.
Note : This is an alpha software, use at your own risk. There is still rough edges and it's not as secure as it should be. And it's being re-written in golang.. :D
To setup praetorian, you'll need the ssh public key and that's pretty much it.
$ cat ~/.id_rsa.pub | ssh user@host praetorian setup myalias
Next you need to edit the configuration file on the remote, see the next section.
Let say we add ls
and nc
as allowed commands (nc for allowing ssh gateway via ProxyCommand).
Now you have some commands allowed, let's try it.
$ ssh user@host ls
src
public_html
$ ssh user@host pwd
# Nothing, just exit 1
praetorian-wrapper: Alias gohei Invalid command pwd
$ ssh user@host nc -w 1 host2 22
(host2) $
The configuration file is located at $HOME/.ssh/praetorian
and is, for the
moment, a simple shell-like file.
(remote) $ cat $HOME/.ssh/praetorian
myalias="command1 command2 command3"
gohei="nc cowsay"