Mageia forum

I think I want to install a package called rssh. It is a restricted shell that only allows copying files using scp, rsync, etc. Arbitrary commands are not allowed. Neither Mageia, nor CentOS have it as an available package in the latest release. CentOS used to have it.

There does not seem to be an active open source project home for rssh on the internet.

I am trying to set up a server on the internet, automate backups, and distribution of the backups to a client system. The plan is to run a cron job to back up the server to tar files in /home/backups on the server. Since the clients do not have a fixed TCP/IP address on the internet, the server can not copy the tar files to the client systems. I want the client system(s) to run a cron job as a local user and copy the tar files from the server to the client. The cron job would use rsync to copy the files from the server to the local client. Of course, the local user has an ssh private key (without a pass phrase to allow automated usage), and its ssh public key on the server for the user george on the server. I want george's permissions to be restricted.

Has the rssh functionality, or lack thereof, been added to some other shell? Should I just focus on limiting george by working with the normal file ownership, and file mode permissions?

Well, you do not necessarily need an actual login shell if you only want to scp and rsync via ssh.

And actually rssh is not contained in CentOS since 5.2 - with last release dating back to 2010, I'm not sure that this would be a good way if you want a secure system.

It's also easily possible to restrict an ssh keypair to only allow one or a few specific commands with predefined arguments,
and also disable most other ssh features that you don't need for only using rsync/scp to copy backups back and forth.

See e.g. http://serverfault.com/questions/83856/ ... -using-ssh
or http://www.guyrutenberg.com/2014/01/14/ ... -to-rsync/ for some pointers on alternatives.

Thank you. You response was on target, as usual.