How to setup remote, non-interactive, log-on with multiple command for
same remote user-name?


For the rest of this document, destination host will be called 'loophole', and
user which will run all sort of our evil stuff on loophole will be called 
'mole'.

Do this as a Cricket user:

$ ssh-keygen -t dsa -f ~/.ssh/uptime

Append ~/.ssh/uptime.pub on destination host to ~mole/.ssh/authorized_keys2
and prepend following before ssh-dss:

command="uptime"

So, that line in ~mole/.ssh/authorized_keys2 looks like:

command="uptime" ssh-dss AAA...lSEV04= cricket@boo.boo

test if it works...

$ ssh -i ~/.ssh/uptime -q -l mole loophole
 15:42:10 up 42 days, 18:25,  6 users,  load average: 0.00, 0.00, 0.00

It does? Oh, good. You now know how to setup individual keys for each
command that you want to execute. Keep in mind that user mole must have
permissions on loophole to execute that particular command, but other
than that, you are winner!

If you get one more line before uptime output, try adding -T option
to ssh. This will prevent pseudo tty allocation and (hopefully) remove
that output.

If you are stuck with ssh v1 protocol, you have to use rsa1 instead of
dsa for ssh-keygen and authorized_keys instead of authorized_keys2.

But, think about upgrading.