restricting rsync over ssh

Bennett Todd bet at rahul.net
Wed May 22 13:28:01 EST 2002


2002-05-22-14:00:27 Brian D. Hamm:
> Is it true that when running rsync via ssh (i.e. rsync -e ssh ...)
> the rsyncd.conf file is not applicable [...]

Yup. Exactly right. When you're using ssh (or rsh, as far as rsync
is concerned they're interchangeable plug parts) the rsync client
you invoke from the shell establishes its rsync connection by
running something like

	ssh remotehost rsync [undocumented args here]

> If so, I am trying to find the best way to restrict rsync -e ssh on the
> remote machine.  Prepending the authorized_keys entry with
> command='rsync ...' 1024... results in the 'Protocol mismatch - is your
> shell clean?' error.

Perhaps the "..." after rsync isn't quite correct? Or perhaps the
path to rsync isn't in the default search path for sshd? I'd give a
full path to rsync in the command= invocation. The best way I know
to find the argument list is to use command=/path/to/wrapper where
wrapper looks like

	#!/bin/sh
	echo "$SSH_ORIGINAL_COMMAND" >>/tmp/foo
	exec $SSH_ORIGINAL_COMMAND

Then run your rsync of choice once. You'll see what cmdline rsync
makes up for firing up its "remote" end, depositing in /tmp/foo.
Then put that exact invocation in the command="...", that should
work fine.

If you want to allow a bit more flexibility, permitting some range
of cmds while rejecting others, you'll need to experiment with
different invocations and see what the cmdlines look like and try
and guess what parameter variations you want to allow; then make
command= point to a wrapper that checks $SSH_ORIGINAL_COMMAND
against whatever rules you have settled on, and if it looks Ok then
execs it.

NB: the cmdline argument list is undocumented for a reason; it's
private to rsync. This means that a future version of rsync
may use it differently, so if you upgrade rsyncs you may have
to change your hardwired invocation in authorized_keys or your
SSH_ORIGINAL_COMMAND-checking wrapper.

-Bennett
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.samba.org/archive/rsync/attachments/20020522/e7741951/attachment.bin


More information about the rsync mailing list