| ▲ | nico 10 hours ago | |||||||
Great pointers, thank you How would you go about allowing something like `ssh user@server "ls somefolder/"` but disallowing `ssh user@server "rm"`? Similarly, allow `ssh user@server "mysql \"SELECT...\""`, but block `ssh user@server "mysql \"[UPDATE|DELETE|DROP|TRUNCATE|INSERT]...\""` ? Ideally in a way that it can provide more autonomy for the agent, so that I need to review fewer commands | ||||||||
| ▲ | ktm5j 9 hours ago | parent | next [-] | |||||||
Sounds like this might help: https://www.gnu.org/software/bash/manual/html_node/The-Restr... I'm not familiar with rbash, but it seems like it can do (at least some of) what you want. | ||||||||
| ▲ | onmai-xyz 9 hours ago | parent | prev | next [-] | |||||||
If you control the ssh server it can be configured to only allow what you want. Certainly tedious but I would consider it worth while as it stands with agents being well, agentic. | ||||||||
| ▲ | stephendause 10 hours ago | parent | prev [-] | |||||||
I don't know; I've never done something like that. If no one else answers, you can always ask Claude itself (or another chatbot). This kind of thing seems tricky to get right, so be careful! | ||||||||
| ||||||||