[distcc] Restrict Distcc over SSH (command parameter)

Sebastian Wieseler sebastian at nanofortnight.org
Sun Nov 30 14:03:09 MST 2014


Hey Martin!

On Mon, Nov 17, 2014 at 06:51:47PM +0000, Martin Pool wrote:
> I don't recall the exact command, but it's probably going to be `distccd
> --inet ...something...`. You might be able to see it in the distcc verbose
> log.

This really helped. :-)
my .ssh/authorized_keys file looks now like:
from="xxx.xxx.xxx.xxx",no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-pty,command="distccd --inetd" ssh-rsa …

This works totally fine for me.

The problem with a chroot would be, that you would need then a sshd in that chroot as well?
To just encrypt the traffic and have some kind of authentication, a normal sshd should do the job as well.
And since the distcc remote user can only execute "distccd --inetd" it should be ok :)

Thank you very much again!
Regards, Sebastian


-- 
  ,= ,-_-. =.           /"\
 ((_/)o o(\_))          \ /    ASCII Ribbon Campaign
  `-'(. .)`-'   &&       X      against HTML e-mail
      \_/               / \




More information about the distcc mailing list