similar to: rsync over ssh without giving the user access to a shell?

Is it true that when running rsync via ssh (i.e. rsync -e ssh ...) the rsyncd.conf file is not applicable on the remote since rsync is launched via the ssh exec call once connected rather than from rsyncd as in a direct connect. If so, I am trying to find the best way to restrict rsync -e ssh on the remote machine. Prepending the authorized_keys entry with command='rsync ...' 1024...

I was wondering if it's possible to restrict rsync in various ways on the server side when it is invoked via ssh. Two restrictions I had in mind are disallowing deletes and/or restricting all actions to a particular subdirectory. I was hoping to be able to do this without having to be root (for a chroot) or having to set up special sshd server instances/chroots. If there's not already a

Hello, I'm trying to setup Rsync over SSH with openSSH running port 2222 with a remote RSA public key authentification and a restricted shell to avoid the user to browse my server via SSH, only be able to run rsync server. 1) i've built a regular rsync server over TCP/873 Worked fine, check my conf : motd file = /etc/rsyncd.motd log file = /var/log/rsyncd.log pid

Hi, I'm having problems with the command= syntax in the authorized_keys file. I'm running rsync 2.5.6. I've searched the list archives for "authorized_keys" and "protocol version mismatch", but I can't seem to derive a solution from those threads. Simply put, my goal is to let a group of 15 to 20 users update a set of files in a single user account on a

Hello, The rsync man page shows example invocations that use the "--server" option. I could not find documentation for this option (a) in the man page (b) in the HTML man page on the website (c) in the "--help" help. I therefore found these examples to be confusing. Is there anywhere where I can find documentation for the "--server" option? As a result of not

I'm having trouble with the rsync wrapper's I've found online: rsync_wrapper[8458]: SSH_ORIGINAL_COMMAND environment variable apparently not set rsync: connection unexpectedly closed (0 bytes read so far) rsync error: error in rsync protocol data stream (code 12) at io.c(189) I'm not sure if this is a problem of incompatibility between my RHES3 and the wrappers I've found or

I am thinking of configuring a service where multiple users have their own private keys to do rsync over ssh. I don't want each of these users to have their own UID. I want them each to share a UID, but to have space on the ssh server isolated from any other user. Let us assume that I also wish to prevent them from using any service other than rsync. Is this possible? Is a sensible approach

On Wed, Jan 21, 2015 at 17:29:00 +0000, Alex Bligh wrote: > > On 21 Jan 2015, at 15:36, Jason Vas Dias <jason.vas.dias at gmail.com> wrote: > > > Please can OpenSSH provide some way of specifying which shell to use to > > execute commands on a host. > > Using dash as an example of another shell: > > ssh 127.0.0.1 -t dash > > and > >

When rsync is used in remote-shell server mode, the documentation says: "Rsync supports connecting to a host using a remote shell and then spawning a single-use "daemon" server that expects to read its config file in the home dir of the remote user." I have been trying to make rsync read a config file (which I presume should be named rsyncd.conf) in the home directory of the

Hi, I am using rsync to keep two directores on two servers in sync. Machine A, the "client" is the one where the rsync process is invoked, which then logs into Machine B, the "server" as root with ssh and a key. The key is restricted in /root/.ssh/authorized_keys to a script that checks wither $SSH_ORIGINAL_COMMAND matches the rsync --server command that I expect, such as, for

Hello everyone, I know this is not correct place to ask this question but please help if you know As mentioned some tutorial, i install git version 1.7.3.4 in home directory (/var/chroot/home/content/xx/xxxxxxx/git). then I initialize git repository by git init --bare in my samplerepo.git then i add code in .bashrc file as follow export GIT_BIN=${HOME}/git export

Hello I've searched quite a bit, but have so far been unsuccessful in finding an answer to a question I have concerning the upload of files via rsync over SSH. When downloading, I have been able to make use of SSH's benefits, yet still keep the rsync server safe from a shell accessible with a private SSH key lacking a passphrase by restricting the public key used by the rsync client to

Hello, This may not be a bug--but I'm not sure. I have R 1.91 installed on a machine that's running Windows XP. In Cygwin, when I attempt to use the "build" command it tells me that TMPDIR is set to an invalid directory. See the results below: stat20:/cygdrive/d/dirk/bands/implementation -> which r /cygdrive/d/Programs/R/rw1091/bin/r

> I'm puzzled. One thing I'd try would be to get Cygwin out of the picture, > at least for a moment. Try to set TMPDIR (and maybe TMP and TEMP) to > C:\Temp, > and try to run the whole thing from a "DOS" Cmd.exe window. Here it is: D:\dirk\bands\implementation>set TMPDIR=d:\tmp D:\dirk\bands\implementation>echo %TMPDIR% d:\tmp

Hello all, in order to connect to my SSH servers from untrusted devices like company computers or my smartphone, I set up 2FA with google-authenticator hooked into PAM. However, this is not really 2FA at least for the smartphone, since I use the same device for generating the TANs and it is also at least inconvenient to always require a new TAN for each connection. I do not want to solely rely

Hello, I have setup a samba server at my office as a PDC it stores the profiles on the server fine. I can access the profiles from any computer in the office just fine. My problem is that I work from home 4 days a week and need to access my work profile. I currently VPN into the office network via freeswan. I can log into the the domain from the vpn'd connection and I can access the samba

Dale, Sorry for taking so long to answer, I've been traveling. Thanks so much for the suggestion, your solution worked perfectly. I'm not sure why I didn't notice that the IAX trunk was working in the other direction. Once again, thanks for your help. Mitch Date: Mon, 25 Jun 2012 05:44:37 -0500 From: Dale Noll <dnoll at wi.rr.com> Subject: Re: [asterisk-users] IAX Trunk

Hello List, I'am using the ForceCommand in my sshd configuration to log all the user actions on my device. ForceCommand /usr/bin/log-session.sh The Log Session Script itself is working fine for logging. But now I want also use SCP to copy files and this won't work together with the ForceCommand above. The copied file is created but its zero byte on the target. scp file.tar.gz

Hi Using SSH_ORIGINAL_COMMAND in AuthorizedKeys is so helpful, I'd like to know if it might be possible to access it in the AuthorizedKeysCommand context (via env ?). Is this possible ? can anybody give me advice on going into this ? If possible, I'll use this SSH_ORIGINAL_COMMAND to send client specifics information to the AuthorizedKeysCommand script. Currently, the only alternative

I have some security alert log data that I'm parsing and doing some stats on. One of the fields is the "Classtype" which is the enumerated value of the type of alert found. classtypes = factor( alerts$Classtype ) fclass_types = table( classtypes ) fclass_types gives me a frequency table of the intrusion types: fclass_types classtypes