最佳实践?通过ssh安全重启Centos服务?
我需要在自动化、无人值守的过程中通过 ssh 远程重新启动 CentOS 服务(从构建服务器对某些软件执行构建),但我不确定如何最好地实现安全性。需要帮助! ;-)
环境:
在远程机器上运行 ssh 登录,我想在我的服务器上执行类似的操作:
/sbin/service jetty restart.
ssh 调用是在 maven 构建过程中进行的(可能不会影响任何事情,真的)。
我希望 ssh 会话使用在服务器上几乎具有零权限的用户登录,除了执行上述操作之外。
我可以为 ssh 会话设置共享密钥访问。
谢谢!
I have a need to restart a CentOS service remotely via ssh during an automated, unattended process (executing a build on some software from a build server), but am unsure how to best implement security. Help is needed! ;-)
Environment:
Running an ssh login on a remote box, I want to execute on my server something like:
/sbin/service jetty restart.
The ssh call is being made during a maven build process (probably doesn't affect anything, really).
I want the ssh session to login with a user that has practically zero permissions on the server except to execute the above.
I can set up shared key access for the ssh session.
Thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
使用 ssh 密钥是个好主意。然后,您可以对该特定键使用“强制命令”,这样它将无法运行任何其他命令。请参阅 http://www.eng.cam.ac.uk/ help/jpmg/ssh/authorized_keys_howto.html
Good idea to use an ssh key. You can then use a 'forced command' for that particular key, so it won't be able to run any other commands. See http://www.eng.cam.ac.uk/help/jpmg/ssh/authorized_keys_howto.html