AdrianVollmer
commented
5 years ago Actually, I just checked again and this seems to work already as it is... not sure why, but I guess it can be closed. Thanks anyway!
Closed AdrianVollmer closed 5 years ago
AdrianVollmer
commented
5 years ago Actually, I just checked again and this seems to work already as it is... not sure why, but I guess it can be closed. Thanks anyway!
AdrianVollmer
commented
5 years ago For the record, the line in my authorized_keys looks like this:
command="/sbin/ifconfig $SSH_ORIGINAL_COMMAND" ssh-rsa AAAAB3NzaC1y...
danfruehauf
commented
5 years ago Cheers! And thanks for the feedback. I've been really slow at getting to things - flat out with work. But hopefully a few things will be fixed soon enough, when I get 5-10 hours straight to work on them.
AdrianVollmer
commented
5 years ago Sorry, I need to correct myself again. It only appeared to work, i.e. NM showed a successful connection. But the interface on the remote server was down because the ifconfig command failed. This makes sense.
But I can wrap in a script:
$ cat /root/ssh-vpn-wrapper.sh
#!/bin/bash
shift
/sbin/ifconfig "$@"Then in the authorized_keys:
command="/root/ssh-vpn-wrapper.sh $SSH_ORIGINAL_COMMAND" ssh-rsa AAAAB3NzaC1yc...So it's up to you if you want to introduce the feature, or at least fix the connection status if the remote command fails.
I understand that you need root permissions on the remote server. However, for security purposes, I'd like to create a new SSH key for nm-ssh and force the command
ifconfigvia theauthorized_keysfile for this key. To allow arbitrary parameters, I need to use the$SSH_ORIGINAL_COMMANDvariable. But then you need to omit the/sbin/ifconfigin the ssh command.It would be nice to have a feature in form of a checkbox where I can say "omit ifconfig command" or something like thath.