johan.boye@latecoere.fr
2006-Sep-04 06:55 UTC
Rsync + SSH on a different port + restricted access
Hello,
I'm trying to setup Rsync over SSH with openSSH running port 2222 with a
remote RSA public key authentification and a restricted shell to avoid the user
to browse my server via SSH, only be able to run rsync server.
1) i've built a regular rsync server over TCP/873
Worked fine, check my conf :
motd file = /etc/rsyncd.motd
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
max connections = 2
timeout = 300
[mirror]
path = /home/mirror
comment = Rsync share for the Mirror
uid = mirror
gid = mirror
read only = no
list = yes
auth users = mirror
secrets file = /etc/rsyncd.secrets
Works fine ! I can write on the remote /home/mirror, perfect ;)
Then, i would like to run it over SSH port 2222
rsync -avz --rsh='ssh -p2222' /home/foor/bar/
mirror@myrsyndserver:mirror/
Still works fine ;)
But my user can login in my box with SSH. So, after a couple of google, i found
that i have to edit authorised_keys and put :
command="rsync --daemon -vv --server ." ssh-rsa
AAAAB3NzaC1...............
But now, i have this error :
$ rsync -avvvz --rsh='ssh -p2222' /home/foor/bar/
mirror@myrsyndserver:mirror/
opening connection using ssh -p2222 -l mirror myrsyndserver rsync --server
-vvvlogDtprz . mirror/
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: error in rsync protocol data stream (code 12) at io.c(463)
[sender=2.6.8]
_exit_cleanup(code=12, file=io.c, line=463): about to call exit(12)
I tried with a zillion of different config in my authorized_keys, but it's
still not working.
Could you help me to find a solution please ?
Best regards
Johan
-------------- next part --------------
HTML attachment scrubbed and removed
Julian Pace Ross
2006-Sep-04 08:14 UTC
Rsync + SSH on a different port + restricted access
I found that adding the following at the beginning of the key on recv. side
works perfectly for me with any rsync command on the sending side.
from="10.1.1.1",command="/home/remoteuser/cron/validate-rsync"
ssh-dss
AAAAB3Nza
C1kc3MAAAEBAKYJenaYvMG3nHwWxK... etc...
then create the file "validate-rsync" which should contain exactly
this:
#!/bin/sh
case "$SSH_ORIGINAL_COMMAND" in
*\&*)
echo "Rejected"
;;
*\(*)
echo "Rejected"
;;
*\{*)
echo "Rejected"
;;
*\;*)
echo "Rejected"
;;
*\<*)
echo "Rejected"
;;
*\`*)
echo "Rejected"
;;
rsync\ --server*)
$SSH_ORIGINAL_COMMAND
;;
*)
echo "Rejected"
;;
esac
I got this from http://troy.jdmz.net/rsync/ in case you want to read the
whole article.
Hope this helps
Julian
On 04/09/06, johan.boye@latecoere.fr <johan.boye@latecoere.fr>
wrote:>
> Hello,
>
> I'm trying to setup Rsync over SSH with openSSH running port 2222 with
a
> remote RSA public key authentification and a restricted shell to avoid the
> user to browse my server via SSH, only be able to run rsync server.
>
> 1) i've built a regular rsync server over TCP/873
> Worked fine, check my conf :
>
> motd file = /etc/rsyncd.motd
> log file = /var/log/rsyncd.log
> pid file = /var/run/rsyncd.pid
> lock file = /var/run/rsync.lock
> max connections = 2
> timeout = 300
>
> [mirror]
> path = /home/mirror
> comment = Rsync share for the Mirror
> uid = mirror
> gid = mirror
> read only = no
> list = yes
> auth users = mirror
> secrets file = /etc/rsyncd.secrets
>
>
> Works fine ! I can write on the remote /home/mirror, perfect ;)
>
>
>
> Then, i would like to run it over SSH port 2222
> rsync -avz --rsh='ssh -p2222' /home/foor/bar/
mirror@myrsyndserver
> :mirror/
>
> Still works fine ;)
>
> But my user can login in my box with SSH. So, after a couple of google, i
> found that i have to edit authorised_keys and put :
> command="rsync --daemon -vv --server ." ssh-rsa
> AAAAB3NzaC1...............
>
> But now, i have this error :
> $ rsync -avvvz --rsh='ssh -p2222' /home/foor/bar/
mirror@myrsyndserver
> :mirror/
> opening connection using ssh -p2222 -l mirror myrsyndserver rsync
> --server -vvvlogDtprz . mirror/
> rsync: connection unexpectedly closed (0 bytes received so far)
> [sender]
> rsync error: error in rsync protocol data stream (code 12) at io.c(463)
> [sender=2.6.8]
> _exit_cleanup(code=12, file=io.c, line=463): about to call exit(12)
>
>
> I tried with a zillion of different config in my authorized_keys, but
it's
> still not working.
> Could you help me to find a solution please ?
>
> Best regards
>
>
> Johan
>
>
>
>
> --
> To unsubscribe or change options:
> https://lists.samba.org/mailman/listinfo/rsync
> Before posting, read:
http://www.catb.org/~esr/faqs/smart-questions.html<http://www.catb.org/%7Eesr/faqs/smart-questions.html>
>
>
-------------- next part --------------
HTML attachment scrubbed and removed