Certainly it is possible to distribute so called command rsa key files which allow only the commands the distributor placed in them.
Create a new rsa (or dsa) key pair
$ ssh-keygen -t rsa -b 1024 -N "" -f ~/.ssh/id_rsa_cmd
Edit the public key of the pair and place the commands you wish to be executed in the header.
$ vi ~/.ssh/id_rsa_cmd.pub
$ dd if=~/.ssh/id_rsa_cmd.pub bs=25 count=1 2>/dev/null;echo
command="hostname;uptime"
Distribute the public key to a remote ssh host where you want this command to be run on connect.
$ ssh saz@gouda 'cat >>.ssh/authorized_keys' < ~/.ssh/id_rsa_cmd.pub
Run a login with this key
$ ssh -i ~/.ssh/id_rsa_cmd saz@gouda
gouda
11:13am up 104 days, 23:35, 1 user, load average: 1.31, 1.47, 1.53
Connection to gouda closed.
To abbreviate the invocation you could edit
~/.ssh/config
on the SSH client and add a
Host entry
with
IdentityFile ~/.ssh/id_rsa_cmd
Then you can omit the -i switch.
See "man ssh_config" for details.
Madness, thy name is system administration
