请问HN:如何安全地给大型语言模型(LLM)提供SSH/数据库访问权限?
我一直在使用Claude Code来处理DevOps风格的任务,比如通过SSH连接到服务器、搜索日志、检查文件和查询数据库。总体来说,这个工具非常好。然而,我发现自己不得不逐一审核每个命令,其中很多都是重复的。虽然它仍然为我节省了大量时间,但这变得有些乏味。
我希望能给这个代理更多的自主权,比如提供一份预先批准的命令或操作列表,让它可以在SSH下执行。
例如:
```
允许的:ls, grep, cat, tail
不允许的:rm, mv, chmod等
允许的:SELECT查询
不允许的:INSERT, DELETE, DROP, TRUNCATE
```
有没有人成功或令人满意地解决了这个问题?你们实际使用的设置是什么?在自主权和风险之间,你们是如何划定界限的?
查看原文
I have been using Claude Code for DevOps style tasks like SSHing into servers, grepping logs, inspecting files, and querying databases<p>Overall it's been great. However, I find myself having to review every single command, a lot of which are repetitive. It still saves me a ton of time, but it's quickly becoming a bit tedious<p>I wish I could give the agent some more autonomy. Like giving it a list of pre-approved commands or actions that it is allowed to run over ssh<p>For example:<p><pre><code> OK: ls, grep, cat, tail
Not OK: rm, mv, chmod, etc
OK: SELECT queries
Not OK: INSERT, DELETE, DROP, TRUNCATE
</code></pre>
Has anyone successfully or satisfactorily solved this?<p>What setups have actually worked for you, and where do you draw the line between autonomy and risk?