[sudo-users] Help on ssh using sudo

[anandkrish]

Hi people,
I am kinda confused in the configuration of sudoers for one group of users
the users need to execute a app from a remote machine, in this local mahine they want me to allow ssh for them using sudo
for eg. sudo -u admin ssh -X guiadmin@<IP address of remote> <remote script which opens a gui>

should work so in the sudoers i added like this
Cmnd_Alias   SSH = /usr/bin/ssh *-X guiadmin@<IP address of remote> <remote script which opens a gui>*

whats the problem with this is that even though this group of users were able to execute the application to open the GUI, but this opens up a security hole where the users are able to ssh to any server using the admin role like sudo -u admin master would work perfectly and the user is able to log into other servers without password i dont want this to happen.

is there a way i can restrict this users only to run ssh for a specific server? i did sercha  bit but couldnt find a proper solution, so thought of contacting the expert.

regards,
Andy

Sent from Samsung Mobile