Automation in the context of multifactor authentication: Difference between revisions

no edit summary
No edit summary
No edit summary
Line 22: Line 22:


== Convenience wrapper scripts to use for <code>command=</code> == <!--T:7-->
== Convenience wrapper scripts to use for <code>command=</code> == <!--T:7-->
<code>command</code> constraints can specify any command, but they are most useful when using a wrapper script which will accept or reject commands based on which command is being called. You can write your own script, but for convenience, we provide a number of such scripts which will allow common actions. These scripts are defined in [https://github.com/ComputeCanada/software-stack-custom/tree/main/bin/computecanada/allowed_commands this git repository].
<code>command</code> constraints can specify any command, but they are most useful when using a wrapper script which will accept or reject commands based on which command is being called. You can write your own script, but for convenience, we provide a number of such scripts which allow common actions. These scripts are defined in [https://github.com/ComputeCanada/software-stack-custom/tree/main/bin/computecanada/allowed_commands this git repository].


<!--T:8-->
<!--T:8-->
* <code>/cvmfs/soft.computecanada.ca/custom/bin/computecanada/allowed_commands/transfer_commands.sh</code> will allow only file transfers, such as <code>scp</code>, <code>sftp</code> or <code>rsync</code>.
* <code>/cvmfs/soft.computecanada.ca/custom/bin/computecanada/allowed_commands/transfer_commands.sh</code> allows only file transfers, such as <code>scp</code>, <code>sftp</code> or <code>rsync</code>.
* <code>/cvmfs/soft.computecanada.ca/custom/bin/computecanada/allowed_commands/archiving_commands.sh</code> will allow commands to archive files, such as <code>gzip</code>, <code>tar</code> or <code>dar</code>.
* <code>/cvmfs/soft.computecanada.ca/custom/bin/computecanada/allowed_commands/archiving_commands.sh</code> allows commands to archive files, such as <code>gzip</code>, <code>tar</code> or <code>dar</code>.
* <code>/cvmfs/soft.computecanada.ca/custom/bin/computecanada/allowed_commands/file_commands.sh</code> will allow commands to manipulate files, such as <code>mv</code>, <code>cp</code> or <code>rm</code>.
* <code>/cvmfs/soft.computecanada.ca/custom/bin/computecanada/allowed_commands/file_commands.sh</code> allows commands to manipulate files, such as <code>mv</code>, <code>cp</code> or <code>rm</code>.
* <code>/cvmfs/soft.computecanada.ca/custom/bin/computecanada/allowed_commands/git_commands.sh</code> will allow the <code>git</code> command.
* <code>/cvmfs/soft.computecanada.ca/custom/bin/computecanada/allowed_commands/git_commands.sh</code> allows the <code>git</code> command.
* <code>/cvmfs/soft.computecanada.ca/custom/bin/computecanada/allowed_commands/slurm_commands.sh</code> will allow some Slurm commands, such as <code>squeue</code>, <code>sbatch</code>.
* <code>/cvmfs/soft.computecanada.ca/custom/bin/computecanada/allowed_commands/slurm_commands.sh</code> allows some Slurm commands, such as <code>squeue</code>, <code>sbatch</code>.
* <code>/cvmfs/soft.computecanada.ca/custom/bin/computecanada/allowed_commands/allowed_commands.sh</code> will allow all of the above.
* <code>/cvmfs/soft.computecanada.ca/custom/bin/computecanada/allowed_commands/allowed_commands.sh</code> allows all of the above.


== Examples of accepted SSH keys == <!--T:9-->
== Examples of accepted SSH keys == <!--T:9-->
Line 45: Line 45:
<!--T:16-->
<!--T:16-->
{{Warning|title=Warning|content=
{{Warning|title=Warning|content=
The restrictions must be added directly as text in front of your key, before uploading the complete string in [https://ccdb.alliancecan.ca/ssh_authorized_keys your account].  
The constraints must be added directly as text in front of your key, before uploading the complete string in [https://ccdb.alliancecan.ca/ssh_authorized_keys your account].  
}}
}}


rsnt_translations
56,420

edits