Rsync + SSH on a different port + restricted access

johan.boye at latecoere.fr johan.boye at latecoere.fr
Tue Sep 5 10:13:45 GMT 2006


Thanks, it worked nice !

 Best regards

 Johan


-------- Message d'origine--------
De: Julian Pace Ross [mailto:julian.paceross at gmail.com]
Date: lun. 04/09/2006 10:14
À: BOYE Johan
Cc: rsync at lists.samba.org
Objet : Re: Rsync + SSH on a different port + restricted access
 
I found that adding the following at the beginning of the key on recv. side
works perfectly for me with any rsync command on the sending side.

from="10.1.1.1",command="/home/remoteuser/cron/validate-rsync" ssh-dss
AAAAB3Nza
C1kc3MAAAEBAKYJenaYvMG3nHwWxK... etc...

then create the file "validate-rsync" which should contain exactly this:
#!/bin/sh

case "$SSH_ORIGINAL_COMMAND" in
*\&*)
echo "Rejected"
;;
*\(*)
echo "Rejected"
;;
*\{*)
echo "Rejected"
;;
*\;*)
echo "Rejected"
;;
*\<*)
echo "Rejected"
;;
*\`*)
echo "Rejected"
;;
rsync\ --server*)
$SSH_ORIGINAL_COMMAND
;;
*)
echo "Rejected"
;;
esac


I got this from http://troy.jdmz.net/rsync/ in case you want to read the
whole article.

Hope this helps
Julian






On 04/09/06, johan.boye at latecoere.fr <johan.boye at latecoere.fr> wrote:
>
>  Hello,
>
>  I'm trying to setup Rsync over SSH with openSSH running port 2222 with a
> remote RSA public key authentification and a restricted shell to avoid the
> user to browse my server via SSH, only be able to run rsync server.
>
> 1) i've built a regular rsync server over TCP/873
>  Worked fine, check my conf :
>
>       motd file = /etc/rsyncd.motd
>       log file = /var/log/rsyncd.log
>       pid file = /var/run/rsyncd.pid
>       lock file = /var/run/rsync.lock
>       max connections = 2
>       timeout = 300
>
>       [mirror]
>          path = /home/mirror
>          comment = Rsync share for the Mirror
>          uid = mirror
>          gid = mirror
>          read only = no
>          list = yes
>          auth users = mirror
>          secrets file = /etc/rsyncd.secrets
>
>
> Works fine ! I can write on the remote /home/mirror, perfect ;)
>
>
>
>  Then, i would like to run it over SSH port 2222
>       rsync -avz --rsh='ssh -p2222' /home/foor/bar/ mirror at myrsyndserver
> :mirror/
>
> Still works fine ;)
>
>  But my user can login in my box with SSH. So, after a couple of google, i
> found that i have to edit authorised_keys and put :
>     command="rsync --daemon -vv --server ." ssh-rsa
> AAAAB3NzaC1...............
>
> But now, i have this error :
>     $ rsync -avvvz --rsh='ssh -p2222' /home/foor/bar/ mirror at myrsyndserver
> :mirror/
>     opening connection using ssh -p2222 -l mirror myrsyndserver rsync
> --server -vvvlogDtprz . mirror/
>     rsync: connection unexpectedly closed (0 bytes received so far)
> [sender]
>     rsync error: error in rsync protocol data stream (code 12) at io.c(463)
> [sender=2.6.8]
>     _exit_cleanup(code=12, file=io.c, line=463): about to call exit(12)
>
>
> I tried with a zillion of different config in my authorized_keys, but it's
> still not working.
> Could you help me to find a solution please ?
>
>  Best regards
>
>
>  Johan
>
>
>
>
> --
> To unsubscribe or change options:
> https://lists.samba.org/mailman/listinfo/rsync
> Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html<http://www.catb.org/%7Eesr/faqs/smart-questions.html>
>
>


"Les informations contenues dans ce message électronique peuvent être de nature confidentielles et soumises à une obligation de secret. Elles sont destinées à l'usage exclusif du réel destinataire. Si vous n'êtes pas le réel destinataire, ou si vous recevez ce message par erreur, merci de le détruire immédiatement et de le notifier à son émetteur."

 "The information contained in this e-mail may be privileged and confidential. It is intended for the exclusive use of the designated recipients named above. If you are not the intended recipient or if you receive this e-mail in error, please delete it and immediately notify the sender."

-------------- next part --------------
HTML attachment scrubbed and removed


More information about the rsync mailing list