table of contents
other versions
| MINI-BUILDD-SSH-CLIENT-COMMAND(8) | System Administration Utilities | MINI-BUILDD-SSH-CLIENT-COMMAND(8) |
NAME¶
mini-buildd-ssh-client-command - Script to use as a 'command' in an authorized_key file to allow mini-buildd-api runs only via SSH.
DESCRIPTION¶
usage: mini-buildd-ssh-client-command [-h] [--version]
- [-l {CRITICAL,ERROR,WARNING,INFO,DEBUG}]
- [-v] [-q]
Script to use as a 'command' in an authorized_key file to allow mini-buildd-api runs only via SSH.
options:¶
- -h, --help
- show this help message and exit
- --version
- show program's version number and exit
- -l {CRITICAL,ERROR,WARNING,INFO,DEBUG}, --log-level {CRITICAL,ERROR,WARNING,INFO,DEBUG}
- set log level (default: INFO)
- -v, --verbose
- DEPRECATED (use --log-level): increase log level. Give twice for max logs (default: 0)
- -q, --quiet
- DEPRECATED (use --log-level): decrease log level. Give twice for min logs (default: 0)
You may use this to authorize certain roles (for now: superuser and staff) via plain secure SSH.
Steps to install:
As user 'root'::
- adduser --disabled-password mini-buildd-admin adduser --disabled-password mini-buildd-staff # OPTIONAL: Allows 'auth log' with the fingerprint adduser mini-buildd-admin adm adduser mini-buildd-staff adm
As mini-buildd-[staff|uploader]::
- Set up ~/.dput.cf with exactly one mini-buildd target. Configure python-keyring to use a plaintext keyring, see "/usr/share/doc/mini-buildd/examples/keyringrc.cfg" Run once to save the password:
- $ mini-buildd-api admin|staff@TARGET status
As admin user at the mini-buildd instance (web app)::
- Generate appropriate django pseudo users ("admin" does already exist).
To authorize a SSH Key, as user mini-buildd-uploader, add a line like this::
- command="/usr/sbin/mini-buildd-ssh-client-command" ssh-rsa AA...
per ssh user key.
As SSH user::
- Run 'ssh mini-buildd-[admin|staff]@your.host.name mini-buildd-api -x -z -y
| November 2022 | mini-buildd-ssh-client-command 1.9.111 |