diff options
author | Florian Dold <florian@dold.me> | 2023-04-17 23:42:02 +0200 |
---|---|---|
committer | Florian Dold <florian@dold.me> | 2023-04-17 23:42:11 +0200 |
commit | ae6d881a9fd56598005f90963609291d5fa5bdb3 (patch) | |
tree | d3097a1652ec0edaae03df3c14ae1ec8d159dfcc /splitops/README.md | |
parent | dd24c764f70b39820622fa274ee71c87fc5e93bf (diff) | |
download | deployment-ae6d881a9fd56598005f90963609291d5fa5bdb3.tar.gz deployment-ae6d881a9fd56598005f90963609291d5fa5bdb3.tar.bz2 deployment-ae6d881a9fd56598005f90963609291d5fa5bdb3.zip |
splitops
Diffstat (limited to 'splitops/README.md')
-rw-r--r-- | splitops/README.md | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/splitops/README.md b/splitops/README.md new file mode 100644 index 0000000..a349ce3 --- /dev/null +++ b/splitops/README.md @@ -0,0 +1,40 @@ +# splitops + +Splitops is a script to allow execution of commands only after the approval of +multiple users. + +It is intended to be used with OpenSSH by specifiying it as the "command" option +for authorized users in `~/.ssh/authorized_keys`. + +For example, consider following `authorized_keys` file for the user `root`: + +``` +command="/bin/splitops --user=alice" [... key of alice ...] +command="/bin/splitops --user=bob" [... key of bob ...] +``` + +This allows Alice and Bob to jointly run commands: + +``` +bob$ ssh root@server propose rm -rf /opt/something +authenticated as: bob +requested command: ['rm', '-rf', '/opt/something'] +assigned id: ccafbd + +bob$ ssh root@server approve ccafbd + +alice$ ssh root@server get +{'cmd': ['rm', '-rf', '/opt/something'], 'request_id': 'ccafbd'} + + +alice$ ssh root@server approve ccafbd + +bob$ ssh root@server run ccafbd +==stdout== +... +==== +==stderr== +... +==== +exit status: 0 +``` |