SSH command when uploading files

jw schultz jw at pegasys.ws
Fri Mar 14 00:24:59 EST 2003 

On Thu, Mar 13, 2003 at 01:33:52PM +0100, Reckhard, Tobias wrote:
> Hello
> 
> I've searched quite a bit, but have so far been unsuccessful in finding an
> answer to a question I have concerning the upload of files via rsync over
> SSH.
> 
> When downloading, I have been able to make use of SSH's benefits, yet still
> keep the rsync server safe from a shell accessible with a private SSH key
> lacking a passphrase by restricting the public key used by the rsync client
> to the one rsync operation it shall perform, something of the sort "rsync
> --sender --server <blabla>". That command showed up the in the sshd debug
> (or verbose) info on the rsync server. So far so good.
> 
> Now I'm in a situation where I have to push data from the rsync client to
> the server. I'd also like to use SSH. Since this is an automated process I
> again need to use an empty SSH private key passphrase on the client. To make

Or use ssh-agent.

> things worse, we're talking about access to the root account on the rsync
> server.

That is your choice or circumstance, not an rsync issue.

> I'd really like to restrict the capabilities of that SSH key.

You can do so.  Using the command option in authorized keys.
There have been several discussions of this in the mailing
list.  Check the archives.

> However, from the output of "rsync -vvv ..." on the client and "sshd -d ..."
> on the server it appears to me that no command is passed to the sshd on the
> server when uploading data. Is this correct? And is there a way to do what I

The command is passed just like the download.  You must have
missed it.

> want or do I need to drop SSH and resort to pure rsync, over IPSec perhaps
> (which doesn't provide for user auth, but rsync can do that, can't it)?

This has all been discussed within the last six months.
Look for authorized_keys in the archives.

-- 
________________________________________________________________
	J.W. Schultz            Pegasystems Technologies
	email address:		jw at pegasys.ws

		Remember Cernan and Schmitt

More information about the rsync mailing list