[EMAIL PROTECTED] wrote: > I'm able to lock down the remote ssh server to only allow a certain rsync > command. I'm trying to now lock it down to *multiple* commands including ones > with rm, mv and cp and am having trouble. It just stops at the first > non-rsync > command in my backup script... > > Here is my authorized_keys on server: > > command="rm -rf /backup/laptop/threedaysago",command="mv > /backup/laptop/twodaysago /backup/laptop/threedaysago",command="mv > /backup/laptop/yesterdaymorning /backup/laptop/twodaysago",command="cp -al > /backup/laptop/thismorning /backup/laptop/yesterdaymorning",command="rsync > --server -vlogDtpr --delete . /backup/laptop/thismorning" ssh-rsa > AAAAB3NzaC1yc2EAAAABIwAAAQEAwCmxH9erk3sTkW9DCvLK8AYIm9FQz5brRBjpWewXu/yQC0WzbJDSLRPvoW673OntfCWke0/HgSv2nvJVmdZCUi0/NLnkoNg1GgWTzbKlL+mebe3+l16GCFPe0Yu9u3a62DmshV/Hp/u5W2Vm3FeQ7Z19EweqgtvRngLgTtbyMaWhe58JheeVrjo8q32hobL8ZCzz7CTf04c/o7bIs+s5ii7ndljbq9AFOfEH+fYuZmPHwMS9XJMKFiv9BaORj4A2seP32azc+iiQv2+aMo1AInfZdMP9w4PJOCAQboWqtgSYoK2XPPTJhnsrWwyudJtrrODgRHm0f6APsMiiSbNlzQ== > [EMAIL PROTECTED] > > When I run commands on a client with verbose ssh, I can see that the right > commands are forced but it still stops at the rm command... > > (ssh output) > > debug1: Remote: Forced command: rm -rf /backup/laptop/threedaysago > debug1: Remote: Forced command: mv /backup/laptop/twodaysago > /backup/laptop/threedaysago > debug1: Remote: Forced command: mv /backup/laptop/yesterdaymorning > /backup/laptop/twodaysago > debug1: Remote: Forced command: cp -al /backup/laptop/thismorning > /backup/laptop/yesterdaymorning > debug1: Remote: Forced command: rsync --server -vlogDtpr --delete > . /backup/laptop/thismorning > > .... > > It say stuck on this line forever... > > debug1: Sending command: rm -rf /backup/laptop/threedaysago > > > Any ideas? > > Chris > > > Why not make a script on the remote machine to do the work, then just call it? Seems calling a single command would be preferable.
Tyrion -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
