Provided by: mini-buildd_1.9.117_all 
NAME
mini-buildd-ssh-client-command - Script to use as a 'command' in an authorized_key file to
allow mini-buildd-api runs only via SSH.
DESCRIPTION
usage: mini-buildd-ssh-client-command [-h] [--version]
[-l {CRITICAL,ERROR,WARNING,INFO,DEBUG}]
[-v] [-q]
Script to use as a 'command' in an authorized_key file to allow mini-buildd-api runs only
via SSH.
options:
-h, --help
show this help message and exit
--version
show program's version number and exit
-l {CRITICAL,ERROR,WARNING,INFO,DEBUG}, --log-level {CRITICAL,ERROR,WARNING,INFO,DEBUG}
set log level (DEBUG will enable exception tracebacks and python warnings)
(default: INFO)
-v, --verbose
DEPRECATED (use --log-level): increase log level. Give twice for max logs (default:
0)
-q, --quiet
DEPRECATED (use --log-level): decrease log level. Give twice for min logs (default:
0)
You may use this to authorize certain roles (for now: superuser and staff) via plain
secure SSH.
Steps to install:
As user 'root'::
adduser --disabled-password mini-buildd-admin adduser --disabled-password
mini-buildd-staff # OPTIONAL: Allows 'auth log' with the fingerprint adduser
mini-buildd-admin adm adduser mini-buildd-staff adm
As mini-buildd-[staff|uploader]::
Set up ~/.dput.cf with exactly one mini-buildd target. Configure python-keyring to
use a plaintext keyring, see "/usr/share/doc/mini-buildd/examples/keyringrc.cfg"
Run once to save the password:
$ mini-buildd-api admin|staff@TARGET status
As admin user at the mini-buildd instance (web app)::
Generate appropriate django pseudo users ("admin" does already exist).
To authorize a SSH Key, as user mini-buildd-uploader, add a line like this::
command="/usr/sbin/mini-buildd-ssh-client-command" ssh-rsa AA...
per ssh user key.
As SSH user::
Run 'ssh mini-buildd-[admin|staff]@your.host.name mini-buildd-api -x -z -y