zlacker

[return to "Ask HN: How do you safely give LLMs SSH/DB access?"]
1. stephe+S1[view] [source] 2026-01-14 19:11:55
>>nico+(OP)
There is an example of [dis]allowing certain bash commands here: https://code.claude.com/docs/en/settings

As for queries, you might be able to achieve the same thing with usage of command-line tools if it's a `sqlite` database (I am not sure about other SQL DBs). If you want even more control than the settings.json allows, you can use the claude code SDK.

◧◩
2. nico+Xb[view] [source] 2026-01-14 19:42:40
>>stephe+S1
Great pointers, thank you

How would you go about allowing something like `ssh user@server "ls somefolder/"` but disallowing `ssh user@server "rm"`?

Similarly, allow `ssh user@server "mysql \"SELECT...\""`, but block `ssh user@server "mysql \"[UPDATE|DELETE|DROP|TRUNCATE|INSERT]...\""` ?

Ideally in a way that it can provide more autonomy for the agent, so that I need to review fewer commands

◧◩◪
3. onmai-+yt[view] [source] 2026-01-14 20:35:38
>>nico+Xb
If you control the ssh server it can be configured to only allow what you want. Certainly tedious but I would consider it worth while as it stands with agents being well, agentic.
[go to top]