Skip to main content

SSH Command Authenticator

Project description

authprogs is an SSH command authenticator. It is invoked on an ssh server and decides if the command requested by the ssh client should be run or rejected based on logic in the authprogs configuration file.

Passwordless SSH using ssh identies or pubkeys can enable all sorts of wonderful automation, for example running unattended batch jobs, slurping down backups, or pushing out code. Unfortunately a key, once trusted, is allowed by default to run anything on that system, not just the small set of commands you actually need. If the key is compromised, you are at risk of a security breach. This could be catastrophic, for example if the access is to the root account.

Authprogs is run on the SSH server and compares the requested command against the authprogs configuration file/files. This enables authprogs to make intelligent decisions based on things such as the command itself, the SSH key that was used, the client IP, and such.

authprogs is enabled by using the command= option in the authorized_keys file.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
authprogs-0.5.4.tar.gz (23.5 kB) Copy SHA256 hash SHA256 Source None

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page