blob: a349ce3a63982f4ee702a7a11bf23ce7b7dc7bd5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
# splitops
Splitops is a script to allow execution of commands only after the approval of
multiple users.
It is intended to be used with OpenSSH by specifiying it as the "command" option
for authorized users in `~/.ssh/authorized_keys`.
For example, consider following `authorized_keys` file for the user `root`:
```
command="/bin/splitops --user=alice" [... key of alice ...]
command="/bin/splitops --user=bob" [... key of bob ...]
```
This allows Alice and Bob to jointly run commands:
```
bob$ ssh root@server propose rm -rf /opt/something
authenticated as: bob
requested command: ['rm', '-rf', '/opt/something']
assigned id: ccafbd
bob$ ssh root@server approve ccafbd
alice$ ssh root@server get
{'cmd': ['rm', '-rf', '/opt/something'], 'request_id': 'ccafbd'}
alice$ ssh root@server approve ccafbd
bob$ ssh root@server run ccafbd
==stdout==
...
====
==stderr==
...
====
exit status: 0
```
|