4

I have two machines, local and remote.

I want to back up my files and folders to the remote machine automatically, using rsync to transfer files and folders, using ssh-keygen to automatically log into the remote machine.

I can do this as ssh root, but that will be a bit of security risk: someone can log directly into the remote machine as root if the local files have been compromised.

I tried rssh but I couldn’t log in automatically using ssh-keygen.

What I am looking for is a way to create an ssh user with limited access to shell commands and with access only to a specific directory safe for automatically logging in with no harm to the remote machine.

TRiG
  • 1,181
  • 3
  • 13
  • 30
iLinux85
  • 205
  • 1
  • 3
  • 10
  • I'm not really sure this will work for you. If you can rsync files over, it may be possible to rsync a replacement authorized_keys file that doesn't have that restriction. – devicenull Dec 23 '11 at 14:20

2 Answers2

7

You can limit the command run when using a ssh key-pair by using command="...." into ~/.ssh/authorized_keys file. Example took from here:

$ cat ~/.ssh/authorized_keys 
command="/usr/local/bin/rsync --server -vlogDtprz --delete . /tmp",no-pty,no-agent-forwarding,no-port-forwarding ssh-rsa AAAAB3NzaC1y[...] kattoo@spaghetti
Mircea Vutcovici
  • 17,619
  • 4
  • 56
  • 83
4

rsync includes a rrsync example script that can restrict rsync.

Example:

command="/usr/local/bin/rrsync -ro /data",no-port-forwarding,no-X11-forwarding,no-pty ssh-rsa [...]

That way you don't have to hardcode the commandline from the client on the server.

Stefan
  • 859
  • 1
  • 7
  • 18