SUBDO-SHELL(1) General Commands Manual SUBDO-SHELL(1)


subdo-shelllogin shell for subdo(7) management over ssh


subdo-shell is intended as a login shell that allows the execution of subdo_add(8) and subdo_delete(8) commands and disallows all other commands. It is useful non-root users to manage their subdo(7) installations over ssh(1).


Allow access through subdo-shell by adding a line like this to the file /root/.ssh/authorized_keys, replacing ‘[USER]’ with your user name and replacing ‘[key]’ with an SSH public key.
command="env SUDO_USER=[USER] /usr/local/libexec/subdo-shell" [KEY]
Mine looks like this, for example.
command="env SUDO_USER=tlevine /usr/local/libexec/subdo-shell" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKKdD9jKsRf+XtME5pwqARreatLarDEWp/BcR8GyZnaj tlevine
With this configuration the user “tlevine” can run subdo_add(8) like so.
ssh root@ subdo_add
February 28, 2018 OpenBSD 6.2