Secure Shell Protocol
It’s possible to specify allowed commands in the ~/.ssh/authorized_keys
file. See mozey/allowed-commands, the regex in allowed-commands.env
allows listing any directory or file, and that is the only command that is allowed
SSH can be unstable over public wifi or mobile networks, use the mosh client as a drop-in replacement for ssh
.
Install it locally
brew install mosh
And on the server. Allow UDP ports 60000 to 60010 on the firewall if there is one
sudo apt install mosh
Troubleshooting mosh on macOS: “Did not find mosh server startup message. (Have you installed mosh on your server?)” See this comment: “Mac sends LC_CTYPE to the Ubuntu server”, comment out sending of locale env vars in ssh_config
sudo vi /etc/ssh/ssh_config
# SendEnv LANG LC_*
Scroll back doesn’t work with mosh, see workaround using tmux. Also set color prompt
echo 'set -g history-limit 30000
set -g default-terminal "screen-256color"
set-window-option -g mouse on
' > ~/.tmux.conf
# Then use mosh like this
mosh example.com -- tmux new
The sudoers file can be used to allow groups or users to run sudo without being prompted for a password
Use this command to edit /etc/sudoers
sudo visudo
Allow all members of a group to sudo without a password
%admin ALL=(ALL) ALL
Allow a specific user
ubuntu ALL=(ALL) NOPASSWD:ALL
Limit to certain files
ubuntu ALL=(ALL) NOPASSWD: /path/to/files/*.sh
Limit to a specific command
ubuntu ALL=(ALL) NOPASSWD: /path/to/bin/command