|
|
|
# necessary script
|
|
|
|
|
|
|
|
This uses the `rrsync` script which can be found in `/usr/share/doc/rsync/`.
|
|
|
|
|
|
|
|
This script can be copied to the user directory.
|
|
|
|
|
|
|
|
# The user
|
|
|
|
|
|
|
|
The user does need a login shell.
|
|
|
|
|
|
|
|
# The ssh server configuration
|
|
|
|
|
|
|
|
This can either be done by configuring the `/etc/ssh/sshd_config` directly or by adding restrictions to the `.ssh/authorized_keys` file for the respective user.
|
|
|
|
|
|
|
|
## The sshd_config
|
|
|
|
|
|
|
|
This is the easiest way when having write access to the file and you want to allow a user generally only rsync access. If you want to only allow a user for specific rsa keys only rsync access you have to use the other method.
|
|
|
|
|
|
|
|
```
|
|
|
|
Match User $USER
|
|
|
|
AllowAgentForwarding no
|
|
|
|
AllowTcpFowarding no
|
|
|
|
PermitTTY no
|
|
|
|
X11Forwarding no
|
|
|
|
ForceCommand $PATH_TO_RRSYNC/rrsync $PATH_TO_FILES_TO_SHARE
|
|
|
|
```
|
|
|
|
|
|
|
|
## The authorized_keys file
|
|
|
|
|
|
|
|
This has to be done for every rsa key that is authorized. It allows for a user to use a specific key file for rsync access only, and others to login normally.
|
|
|
|
|
|
|
|
```
|
|
|
|
command="$PATH_TO_RRSYNC/rrsync $PATH_TO_FILES_TO_SHARE",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-rsa AAA...vp user@localhost
|
|
|
|
``` |
|
|
|
\ No newline at end of file |
