<html><head><style type='text/css'>p { margin: 0; }</style></head><body><div style='font-family: arial,helvetica,sans-serif; font-size: 12pt; color: #000000'><font face="arial, helvetica, sans-serif"><span style="font-size: 12pt;">I'm not sure if this will solve your problem, but it may. Also I've been using ssh keys for years and only just learned you can supply commands in your authorized_keys file, and only that command will be executed, which I found to be pretty cool. I suspect this may be true even if /bin/false or /sbin/nologin is the user's shell but I haven't tried it. Of course you can always just make the shell bash but the password a newly generated uuid that you don't record anywhere. </span></font><div style="color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-size: 12pt;"><br></div><div><font face="arial, helvetica, sans-serif">https://research.kudelskisecurity.com/2013/05/14/restrict-ssh-logins-to-a-single-command/</font></div><div><div style="color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-size: 12pt;"><br>Scott Plante <br><br></div><br><hr id="zwchr" style="color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-size: 12pt;"><div style="color: rgb(0, 0, 0); font-family: Helvetica, Arial, sans-serif; font-size: 12pt; font-weight: normal; font-style: normal; text-decoration: none;"><b>From: </b>"Narahari 'n' Savitha" <savithari@gmail.com><br><b>To: </b>"Atlanta Linux Enthusiasts - Yes! We run Linux!" <ale@ale.org><br><b>Sent: </b>Tuesday, July 25, 2017 11:57:24 AM<br><b>Subject: </b>[ale] service user vs no login user and ssh into it<br><br><div dir="ltr">Friends:<div><br></div><div>I want to create a user called myansible.</div><div><br></div><div>This user will have sudo rights (have to enter password)</div><div><br></div><div>However I want to set it up as a NO-LOGIN user. Its only purpose is to run deployments and thats it.</div><div><br></div><div>The question is if it cannot login how can I put the .ssh/authorized_keys so I can run stuff over ssh (Read ansible) ?</div><div><br></div><div>Am I missing something ?</div><div><br></div><div>-Narahari</div></div>
<br>_______________________________________________<br>Ale mailing list<br>Ale@ale.org<br>http://mail.ale.org/mailman/listinfo/ale<br>See JOBS, ANNOUNCE and SCHOOLS lists at<br>http://mail.ale.org/mailman/listinfo<br></div><br></div></div></body></html>