Small correction, Gavin wrote: > Hi Chris, > > Sounds like you are on the right track. > ForceCommand may work, try it, some more thoughts bellow. > > If you need more, I have an svnuser which allows multiple svnusers to > connect with keys. > > Create a new user just for this one task. > You can have multiple keys with this method hence multiple clients. > > Place (all on one line) something like this in > /home/svnuser/.ssh/authorized_keys: >
> command="svnserve -t -r /var/svnrepos/ > --tunnel-user=svnuser",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty > ssh-dss KEY1 > The above is on one line and the bellow would be on another line if you had a second client+key. > command="svnserve -t -r /var/svnrepos/ > --tunnel-user=svnuser",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty > ssh-dss KEY2 > > In /etc/passwd limit the new user: > svnuser:x:1001:1001:,,,:/home/svnuser:/bin/rbash > > mkdir /home/svnuser/usr/bin/ > ln -s /usr/bin/rdiff-backup /home/svnuser/usr/bin/rdiff-backup > > Check permissions: > ls -al /home/svnuser/.ssh/ > total 12 > drwx------ 2 svnuser svnuser 4096 2009-05-27 21:17 . > drwxr-xr-x 5 svnuser svnuser 4096 2009-06-06 00:18 .. > -rw-r----- 1 root svnuser 2916 2009-08-09 16:35 authorized_keys > -rw-rw---- 1 svnuser svnuser 0 2009-03-19 21:41 known_hosts > > Now that should be a very restricted user unless I have forgotten > something :-) > > Cheers > Gavin > > Chris G wrote: > >> If I want to allow *only* rdiff backup to use an ssh link between two >> machines what's the best way of setting it up? >> >> What I want to be able to do is set up a [relatively] insecure >> passwordless ssh link, i.e. a private key at one end with no >> passphrase, but make it fairly secure by only allowing rdiff-backup to >> run across that connection. >> >> If I simply put "ForceCommand rdiff-backup" at the ssh 'server' end >> will it do what I want or do I need to put the exact rdiff-backup >> remote end command there? .... or is there a better/easier way to >> achieve what I want to do? >> >> >> > > > _______________________________________________ > rdiff-backup-users mailing list at [email protected] > http://lists.nongnu.org/mailman/listinfo/rdiff-backup-users > Wiki URL: http://rdiff-backup.solutionsfirst.com.au/index.php/RdiffBackupWiki > >
_______________________________________________ rdiff-backup-users mailing list at [email protected] http://lists.nongnu.org/mailman/listinfo/rdiff-backup-users Wiki URL: http://rdiff-backup.solutionsfirst.com.au/index.php/RdiffBackupWiki
