Re: Rsync + SSH on a different port + restricted access

Mon, 04 Sep 2006 01:14:39 -0700

I found that adding the following at the beginning of the key on recv. side works perfectly for me with any rsync command on the sending side.

from="10.1.1.1",command="/home/remoteuser/cron/validate-rsync" ssh-dss AAAAB3Nza
C1kc3MAAAEBAKYJenaYvMG3nHwWxK... etc...

then create the file "validate-rsync" which should contain exactly this:
#!/bin/sh

case "$SSH_ORIGINAL_COMMAND" in
*\&*)
echo "Rejected"
;;
*\(*)
echo "Rejected"
;;
*\{*)
echo "Rejected"
;;
*\;*)
echo "Rejected"
;;
*\<*)
echo "Rejected"
;;
*\`*)
echo "Rejected"
;;
rsync\ --server*)
$SSH_ORIGINAL_COMMAND
;;
*)
echo "Rejected"
;;
esac


I got this from http://troy.jdmz.net/rsync/ in case you want to read the whole article.

Hope this helps
Julian






On 04/09/06, [EMAIL PROTECTED] <[EMAIL PROTECTED] > wrote:

Hello,

 I'm trying to setup Rsync over SSH with openSSH running port 2222 with a remote RSA public key authentification and a restricted shell to avoid the user to browse my server via SSH, only be able to run rsync server.

1) i've built a regular rsync server over TCP/873
 Worked fine, check my conf :

      motd file = /etc/rsyncd.motd
      log file = /var/log/rsyncd.log
      pid file = /var/run/rsyncd.pid
      lock file = /var/run/rsync.lock
      max connections = 2
      timeout = 300

      [mirror]
         path = /home/mirror
         comment = Rsync share for the Mirror
         uid = mirror
         gid = mirror
         read >          list = yes
         auth users = mirror
         secrets file = /etc/rsyncd.secrets


Works fine ! I can write on the remote /home/mirror, perfect ;)



 Then, i would like to run it over SSH port 2222
      rsync -avz --rsh='ssh -p2222' /home/foor/bar/ [EMAIL PROTECTED]:mirror/

Still works fine ;)

 But my user can login in my box with SSH. So, after a couple of google, i found that i have to edit authorised_keys and put :
    command="rsync --daemon -vv --server ." ssh-rsa AAAAB3NzaC1...............

But now, i have this error :
    $ rsync -avvvz --rsh='ssh -p2222' /home/foor/bar/ [EMAIL PROTECTED]:mirror/
    opening connection using ssh -p2222 -l mirror myrsyndserver rsync --server -vvvlogDtprz . mirror/
    rsync: connection unexpectedly closed (0 bytes received so far) [sender]
    rsync error: error in rsync protocol data stream (code 12) at io.c(463) [sender=2.6.8]
    _exit_cleanup(code=12, file=io.c, line=463): about to call exit(12)


I tried with a zillion of different config in my authorized_keys, but it's still not working.
Could you help me to find a solution please ?

 Best regards


 Johan


      


--
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html


-- 
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html

Reply via email to