sshd_config ForceCommand /usr/bin/rsync error "connection unexpectedly closed"

ssh rsync

Solution 1:

The why is easy... ForceCommand does exactly what it says: You connect, it forces you to run that command no matter what you actually wanted to do. In this case, that command is /usr/bin/rsync with no flags.

rsync works by running another copy of rsync on the other side of the connection and talking to it over ssh. In this case though, it's unable to start the other side with the flags it needs because the command is replaced by /usr/bin/rsync

Your rsync-validate script is probably the best way to go about this. It checks the request to make sure it is a valid rsync server command, and only then does it run it. rsync probably could be modified to check the $SSH_ORIGINAL_COMMAND directly when its run without arguments, but there's probably a good security reason not to do so.

Solution 2:

The ForceCommand option is meant to be used with a command that specifically understands that it's acting as an SSH gatekeeper. The original command is placed in the SSH_ORIGINAL_COMMAND environment variable.

Related

DKIM FAIL with domain null in GMail
Use Nginx proxy pass (reverse proxy) to serve an Apache hosted site with SSL
Retire internal Windows root CA
NGINX Ingress on Kubernetes doesn't use HTTPS
How to "ignore" username and password prompt in net use
What is the limitation on what records a .com domain can have?
FastCGI to improve TTFB when Using NGINX to reverse proxy?
How many times does switch calculates FCS?
Understanding buff/cache and tmpfs relationship on a read only filesystem with no swap
Restrict using Azure Service Principal by Humans
Setting CPU frequency to hardware minimum limit - will it harm the hardware?
How to *actually* exclude a directory in AWS S3 sync?