Hi Chris, Sounds like you are on the right track. ForceCommand may work, try it, some more thoughts bellow.
If you need more, I have an svnuser which allows multiple svnusers to connect with keys. Create a new user just for this one task. You can have multiple keys with this method hence multiple clients. Place (all on one line) something like this in /home/svnuser/.ssh/authorized_keys: command="svnserve -t -r /var/svnrepos/ --tunnel-user=svnuser",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ssh-dss KEY1 command="svnserve -t -r /var/svnrepos/ --tunnel-user=svnuser",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ssh-dss KEY2 In /etc/passwd limit the new user: svnuser:x:1001:1001:,,,:/home/svnuser:/bin/rbash mkdir /home/svnuser/usr/bin/ ln -s /usr/bin/rdiff-backup /home/svnuser/usr/bin/rdiff-backup Check permissions: ls -al /home/svnuser/.ssh/ total 12 drwx------ 2 svnuser svnuser 4096 2009-05-27 21:17 . drwxr-xr-x 5 svnuser svnuser 4096 2009-06-06 00:18 .. -rw-r----- 1 root svnuser 2916 2009-08-09 16:35 authorized_keys -rw-rw---- 1 svnuser svnuser 0 2009-03-19 21:41 known_hosts Now that should be a very restricted user unless I have forgotten something :-) Cheers Gavin Chris G wrote: > If I want to allow *only* rdiff backup to use an ssh link between two > machines what's the best way of setting it up? > > What I want to be able to do is set up a [relatively] insecure > passwordless ssh link, i.e. a private key at one end with no > passphrase, but make it fairly secure by only allowing rdiff-backup to > run across that connection. > > If I simply put "ForceCommand rdiff-backup" at the ssh 'server' end > will it do what I want or do I need to put the exact rdiff-backup > remote end command there? .... or is there a better/easier way to > achieve what I want to do? > > _______________________________________________ rdiff-backup-users mailing list at [email protected] http://lists.nongnu.org/mailman/listinfo/rdiff-backup-users Wiki URL: http://rdiff-backup.solutionsfirst.com.au/index.php/RdiffBackupWiki
