Rsync + SSH on a different port + restricted access
Julian Pace Ross
julian.paceross at gmail.com
Mon Sep 4 08:14:18 GMT 2006
I found that adding the following at the beginning of the key on recv. side
works perfectly for me with any rsync command on the sending side.
from="10.1.1.1",command="/home/remoteuser/cron/validate-rsync" ssh-dss
AAAAB3Nza
C1kc3MAAAEBAKYJenaYvMG3nHwWxK... etc...
then create the file "validate-rsync" which should contain exactly this:
#!/bin/sh
case "$SSH_ORIGINAL_COMMAND" in
*\&*)
echo "Rejected"
;;
*\(*)
echo "Rejected"
;;
*\{*)
echo "Rejected"
;;
*\;*)
echo "Rejected"
;;
*\<*)
echo "Rejected"
;;
*\`*)
echo "Rejected"
;;
rsync\ --server*)
$SSH_ORIGINAL_COMMAND
;;
*)
echo "Rejected"
;;
esac
I got this from http://troy.jdmz.net/rsync/ in case you want to read the
whole article.
Hope this helps
Julian
On 04/09/06, johan.boye at latecoere.fr <johan.boye at latecoere.fr> wrote:
>
> Hello,
>
> I'm trying to setup Rsync over SSH with openSSH running port 2222 with a
> remote RSA public key authentification and a restricted shell to avoid the
> user to browse my server via SSH, only be able to run rsync server.
>
> 1) i've built a regular rsync server over TCP/873
> Worked fine, check my conf :
>
> motd file = /etc/rsyncd.motd
> log file = /var/log/rsyncd.log
> pid file = /var/run/rsyncd.pid
> lock file = /var/run/rsync.lock
> max connections = 2
> timeout = 300
>
> [mirror]
> path = /home/mirror
> comment = Rsync share for the Mirror
> uid = mirror
> gid = mirror
> read only = no
> list = yes
> auth users = mirror
> secrets file = /etc/rsyncd.secrets
>
>
> Works fine ! I can write on the remote /home/mirror, perfect ;)
>
>
>
> Then, i would like to run it over SSH port 2222
> rsync -avz --rsh='ssh -p2222' /home/foor/bar/ mirror at myrsyndserver
> :mirror/
>
> Still works fine ;)
>
> But my user can login in my box with SSH. So, after a couple of google, i
> found that i have to edit authorised_keys and put :
> command="rsync --daemon -vv --server ." ssh-rsa
> AAAAB3NzaC1...............
>
> But now, i have this error :
> $ rsync -avvvz --rsh='ssh -p2222' /home/foor/bar/ mirror at myrsyndserver
> :mirror/
> opening connection using ssh -p2222 -l mirror myrsyndserver rsync
> --server -vvvlogDtprz . mirror/
> rsync: connection unexpectedly closed (0 bytes received so far)
> [sender]
> rsync error: error in rsync protocol data stream (code 12) at io.c(463)
> [sender=2.6.8]
> _exit_cleanup(code=12, file=io.c, line=463): about to call exit(12)
>
>
> I tried with a zillion of different config in my authorized_keys, but it's
> still not working.
> Could you help me to find a solution please ?
>
> Best regards
>
>
> Johan
>
>
>
>
> --
> To unsubscribe or change options:
> https://lists.samba.org/mailman/listinfo/rsync
> Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html<http://www.catb.org/%7Eesr/faqs/smart-questions.html>
>
>
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the rsync
mailing list