SSHD per-user operation


from some workstation

cd ~/.ssh/
ssh-keygen -t ed25519 -f lala
ssh-keygen -t ed25519 -f lili
cat ~/.ssh/
cat ~/.ssh/

on the server as THAT-USER

vi ~/.ssh/authorized_keys

command="/usr/bin/uname -a",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJTvicof1cUayfZ/qJyJ50Cpv1WagT+n+gv8458CMfY elge@bravo
command="/bin/netstat -lntup",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPgdHLgD+gS9k3Ia6Avl5zU7Iiko1SOoPJ5aQosElAxe elge@bravo


back to the workstation, eventually kill any previously cached key

pkill ssh-agent
ps auxww | grep ssh-agent

and double-check what identity the client is using to authenticate

ssh -i ~/.ssh/lala SSH-SERVER -l THAT-USER -v
ssh -i ~/.ssh/lili SSH-SERVER -l THAT-USER -v

Resources - talking SSH reverse-proxy and single-auth

discussion on vhosts

this goes bounce

through HTTPS

this is what I wanted: proxy per user or pubkey -

Restrict SSH logins to a single command