[nycbug-talk] rsync only for backups
Okan Demirmen
okan
Fri Nov 11 16:13:08 EST 2005
On Wed 2005.11.09 at 16:05 -0500, Okan Demirmen wrote:
> On Wed 2005.11.09 at 15:52 -0500, George Rosamond wrote:
> > Have been using this for a few clients to do rsync with OpenSSH on
> > Windows, so thought I'd spread the word.
> >
> > http://freebsdwiki.net/index.php/SSH:_Limiting_to_SCP_or_Rsync_only
> >
> > Basically, you compile an rsync/scp/sftp-only shell with the c code
> > provided (which you can of course edit), and replace the remote user's
> > shell who's backing up their stuff.
>
> i imagine you are using keys, so why not use what sshd(8) gives you?
i should have been more clear...
snip of an example ~/.ssh/authorized_keys file:
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,
command="/usr/local/bin/rsync /var/symon" ssh-dss ....
symon_backup_only_key_for_fun_with_keys at example.com
only allows this key to rsync the /var/symon tree. of course, a key for
every command is silly, but the point is there.
> that's just me - try to use what you can in base first.
>
> > This is not a 100% secure solution as the user can rsync/scp/sftp to
> > anywhere that they have rights to. . . but at least it's a start.
>
> or systrace(1) ...
systrace(1) can be fun and a hair-pulling exercise at the same time ;)
okan
More information about the talk
mailing list