Ask HN: 你如何安全地授予 LLM SSH/数据库访问权限?

10作者: nico6 个月前
我一直在使用 Claude Code 来执行 DevOps 风格的任务,例如 SSH 登录服务器、grep 日志、检查文件和查询数据库。 总的来说,它非常棒。但是,我发现自己不得不审查每一个命令,其中很多命令都是重复的。这仍然为我节省了大量时间,但很快变得有点乏味。 我希望我可以给代理一些更多的自主权。比如给它一个预先批准的命令或操作列表,它被允许通过 ssh 运行。 例如: ``` OK: ls, grep, cat, tail Not OK: rm, mv, chmod, etc OK: SELECT 查询 Not OK: INSERT, DELETE, DROP, TRUNCATE ``` 有人成功或满意地解决了这个问题吗? 你们实际使用过哪些设置,以及你们是如何在自主性和风险之间划定界限的?
查看原文
I have been using Claude Code for DevOps style tasks like SSHing into servers, grepping logs, inspecting files, and querying databases<p>Overall it&#x27;s been great. However, I find myself having to review every single command, a lot of which are repetitive. It still saves me a ton of time, but it&#x27;s quickly becoming a bit tedious<p>I wish I could give the agent some more autonomy. Like giving it a list of pre-approved commands or actions that it is allowed to run over ssh<p>For example:<p><pre><code> OK: ls, grep, cat, tail Not OK: rm, mv, chmod, etc OK: SELECT queries Not OK: INSERT, DELETE, DROP, TRUNCATE </code></pre> Has anyone successfully or satisfactorily solved this?<p>What setups have actually worked for you, and where do you draw the line between autonomy and risk?