Passwordless SSH messes with escaped spaces

Jannes Faber j.faber at elevate.nl
Thu Aug 24 16:24:58 GMT 2006 

Hi,

I'm trying to use rsync through ssh to pull files from PCs that need to be
backup up. I set up the passwordless authentication and things work fine
there.

However there's a problem when I try to seal off the SSH access to restrict
it to limited rsync only using the "command=" in authorized_keys. That by
itself works, however not in combination with spaces in the file names.

I found several example scripts, but they all give me the same problem:
paths with spaces in them get split up into 2 separate source file names
(spaces are properly escaped of course and things work fine without
"command=").

After endlessly trying all kinds of combinations I "solved" it using this
kludge, however this doesn't even fully restrict all dangerous things yet
(like back quotes). Someone please tell me there is a really simple thing
I'm missing here, before I waste more time to finish this script:

#!/bin/sh
# v0.1  2006-08-17
# Only allows "rsync --server --sender" but retains any escaped spaces in
the arguments.
#

cmd="${SSH_ORIGINAL_COMMAND}"
[ ! "${cmd:0:24}" = "rsync --server --sender " ] && exit 127

myself=${0##*/}

set $cmd

declare -a arr

i=0
for a in $*; do
  arr[$i]="${arr[$i]:+${arr[$i]} }$1"
  if [ "${1%\\}" = "$1" ]; then
    i=$(($i+1))
  else
    arr[$i]="${arr[$i]%\\}"
  fi
  shift 1
done

echo "$(date '+%F %T') ${arr[@]}" >> /var/log/${myself}.log

exec \
${arr[0]:+"${arr[0]}"}   ${arr[1]:+"${arr[1]}"}   ${arr[2]:+"${arr[2]}"}
${arr[3]:+"${arr[3]}"}   \
${arr[4]:+"${arr[4]}"}   ${arr[5]:+"${arr[5]}"}   ${arr[6]:+"${arr[6]}"}
${arr[7]:+"${arr[7]}"}   \
${arr[8]:+"${arr[8]}"}   ${arr[9]:+"${arr[9]}"}   ${arr[10]:+"${arr[10]}"}
${arr[11]:+"${arr[11]}"} \
${arr[12]:+"${arr[12]}"} ${arr[13]:+"${arr[13]}"} ${arr[14]:+"${arr[14]}"}
${arr[15]:+"${arr[15]}"} \
${arr[16]:+"${arr[16]}"} ${arr[17]:+"${arr[17]}"} ${arr[18]:+"${arr[18]}"}
${arr[19]:+"${arr[19]}"} \
${arr[20]:+"${arr[20]}"} ${arr[21]:+"${arr[21]}"} ${arr[22]:+"${arr[22]}"}
${arr[23]:+"${arr[23]}"} \
${arr[24]:+"${arr[24]}"} ${arr[25]:+"${arr[25]}"} ${arr[26]:+"${arr[26]}"}
${arr[27]:+"${arr[27]}"}

If this really is "the only way" to fix this problem, let me know and I'll
finish it and post the end result as well.

Thanks

Jannes Faber
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the rsync mailing list