Alex Bligh
2010-Apr-06 19:14 UTC
rsync over ssh, multiple private keys sharing same UID, chroot
I am thinking of configuring a service where multiple users have their own private keys to do rsync over ssh. I don't want each of these users to have their own UID. I want them each to share a UID, but to have space on the ssh server isolated from any other user. Let us assume that I also wish to prevent them from using any service other than rsync. Is this possible? Is a sensible approach to use authorized_keys2 ChrootDirectory and ForceCommand? Assuming that I only allow the shared user to write to a specific directory in each chroot setup (through access permissions), am I reasonably safe security wise? Or am better off hacking rsync to do the chroot stuff itself (as if rsync were running as a daemon). -- Alex Bligh
Martin Schröder
2010-Apr-06 19:52 UTC
rsync over ssh, multiple private keys sharing same UID, chroot
2010/4/6 Alex Bligh <alex at alex.org.uk>:> Let us assume that I also wish to prevent them from using any > service other than rsync.Sure. Use the attached script in ForceCommand or google for more complex solutions. Best Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: rrsync.sh Type: application/x-sh Size: 347 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20100406/d2f2f2c0/attachment.sh>
Alan Barrett
2010-Apr-06 22:16 UTC
rsync over ssh, multiple private keys sharing same UID, chroot
On Tue, 06 Apr 2010, Alex Bligh wrote:> I am thinking of configuring a service where multiple users have their > own private keys to do rsync over ssh. I don't want each of these > users to have their own UID. I want them each to share a UID, but > to have space on the ssh server isolated from any other user. > Let us assume that I also wish to prevent them from using any > service other than rsync.I'd probably trust rsync's daemon mode to keep the users separate, and not bother with user-specific chroots at the ssh level. Search for this example in the rsync man page: rsync -av -e "ssh -l ssh-user" rsync-user at host::module /dest The client users would all use the same "ssh-user" value, but different "rsync-user" values (or you could omit the rsync-user part from the command line, and let it default to whatever their local username is on the client machine -- the rsync-user name won't be used by the server-side configuration that I suggest below). Make each each line of the ssh authorized_keys file contain a command="..." option that refers to a wrapper script that verifies that $SSH_ORIGINAL_COMMAND looks like "rsync --server --daemon .", and then execs "rsync --config=/path/to/user-specific/rsyncd.conf --server --daemon .", with different ssh keys using different rsync configurations. Within each rsync daemon configuration file, specify the module names that the user is allowed to access, the corresponding directory names on the server, and whether they are read-only or read-write. --apb (Alan Barrett)