Secure remote shell

Peter Boosten peter at
Wed Nov 28 22:34:50 PST 2007

On Thu, November 29, 2007 06:23, Steve Bertrand wrote:
>> What other solution would you suggest to execute a shell remotely as
>> root, that could be automated in a script (no password required).
> - have information input into browser
> - have web server save information to server disk in non-executable format
>  - have script (or admin) authenticate/authorize commands to be performed
>  (recommend doing this manually for a while to ensure you capture as many
>  escape type bugs as possible) - have commands via another script
> scrubbed/cleaned/tested - have cron perform commands at every X minutes

I once wrote a script for allowing certain persons to add user accounts on
a box:

they just had to create a csv file in a certain place on disk with a
certain name, something like this:

loginname;Full Name;action

where action would be: C (for create new user), D (for delete user), M for
creating a new pair of ssh keys.

A shell script executed from cron every half hour would then pick up that
file and do whatever actions specified in that script.

In the case of OP that file could be created (and transported through ssh)
by the user the web server runs with, while the local root account (if
applicable - in case of LDAP that isn't necessary anyway) does its



More information about the freebsd-questions mailing list