Rsync with ssh-keygen to ssh user with limited commands and specifc directory

ssh ssh-keygen rsync

I have two machines, local and remote.

I want to back up my files and folders to the remote machine automatically, using rsync to transfer files and folders, using ssh-keygen to automatically log into the remote machine.

I can do this as ssh root, but that will be a bit of security risk: someone can log directly into the remote machine as root if the local files have been compromised.

I tried rssh but I couldn’t log in automatically using ssh-keygen.

What I am looking for is a way to create an ssh user with limited access to shell commands and with access only to a specific directory safe for automatically logging in with no harm to the remote machine.


You can limit the command run when using a ssh key-pair by using command="...." into ~/.ssh/authorized_keys file. Example took from here:

$ cat ~/.ssh/authorized_keys 
command="/usr/local/bin/rsync --server -vlogDtprz --delete . /tmp",no-pty,no-agent-forwarding,no-port-forwarding ssh-rsa AAAAB3NzaC1y[...] kattoo@spaghetti

rsync includes a rrsync example script that can restrict rsync.

Example:

command="/usr/local/bin/rrsync -ro /data",no-port-forwarding,no-X11-forwarding,no-pty ssh-rsa [...]

That way you don't have to hardcode the commandline from the client on the server.

Related

Can't restart mysql
How do I install the earthdistance (and requirement cube) modules for Postgresql?
Busybox-like binaries which ext3 and ext4 support?
CentOS - semanage - Adding Custom Port Fails
Conversion from Derived** to Base**
Python equivalent to perl -pe?
print variable-name in Matlab
java get week of year for given a date
PyInstaller + UI Files - FileNotFoundError: [Errno 2] No such file or directory:
If my DSL modem leaves a port open, how vulnerable is my router?
Excel- How do I find common text values from multiple (>2) columns?
Command running as root but not with sudo