[distcc] Restrict Distcc over SSH (command parameter)
Sebastian Wieseler
sebastian at nanofortnight.org
Sun Nov 30 14:03:09 MST 2014
Hey Martin!
On Mon, Nov 17, 2014 at 06:51:47PM +0000, Martin Pool wrote:
> I don't recall the exact command, but it's probably going to be `distccd
> --inet ...something...`. You might be able to see it in the distcc verbose
> log.
This really helped. :-)
my .ssh/authorized_keys file looks now like:
from="xxx.xxx.xxx.xxx",no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-pty,command="distccd --inetd" ssh-rsa …
This works totally fine for me.
The problem with a chroot would be, that you would need then a sshd in that chroot as well?
To just encrypt the traffic and have some kind of authentication, a normal sshd should do the job as well.
And since the distcc remote user can only execute "distccd --inetd" it should be ok :)
Thank you very much again!
Regards, Sebastian
--
,= ,-_-. =. /"\
((_/)o o(\_)) \ / ASCII Ribbon Campaign
`-'(. .)`-' && X against HTML e-mail
\_/ / \
More information about the distcc
mailing list