Skip to main content

SSH Command Authenticator

Project description

authprogs is an SSH command authenticator. It is invoked on an ssh server and decides if the command requested by the ssh client should be run or rejected based on logic in the authprogs configuration file.

Passwordless SSH using ssh identities or pubkeys can enable all sorts of wonderful automation, for example running unattended batch jobs, slurping down backups, or pushing out code. Unfortunately a key, once trusted, is allowed by default to run anything on that system, not just the small set of commands you actually need. If the key is compromised, you are at risk of a security breach. This could be catastrophic, for example if the access is to the root account.

Authprogs is run on the SSH server and compares the requested command against the authprogs configuration file/files. This enables authprogs to make intelligent decisions based on things such as the command itself, the SSH key that was used, the client IP, and such.

authprogs is enabled by using the command= option in the authorized_keys file.

For usage see the full authprogs man page in the doc directory.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for authprogs, version 0.7.5
Filename, size File type Python version Upload date Hashes
Filename, size authprogs-0.7.5.tar.gz (54.4 kB) File type Source Python version None Upload date Hashes View

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page