Mageia forum

share the magic

Skip to content

[SOLVED] rssh - Shell restricted to scp, rsync

This forum is dedicated to advanced help and support :

Ask here your questions about advanced usage of Mageia. For example you may post here all your questions about network and automated installs, complex server configurations, kernel tuning, creating your own Mageia mirrors, and all tasks likely to be touchy even for skilled users.
Post a reply

[SOLVED] rssh - Shell restricted to scp, rsync

Postby hankivy » Oct 13th, '15, 22:37

I think I want to install a package called rssh. It is a restricted shell that only allows copying files using scp, rsync, etc. Arbitrary commands are not allowed. Neither Mageia, nor CentOS have it as an available package in the latest release. CentOS used to have it.

There does not seem to be an active open source project home for rssh on the internet.

I am trying to set up a server on the internet, automate backups, and distribution of the backups to a client system. The plan is to run a cron job to back up the server to tar files in /home/backups on the server. Since the clients do not have a fixed TCP/IP address on the internet, the server can not copy the tar files to the client systems. I want the client system(s) to run a cron job as a local user and copy the tar files from the server to the client. The cron job would use rsync to copy the files from the server to the local client. Of course, the local user has an ssh private key (without a pass phrase to allow automated usage), and its ssh public key on the server for the user george on the server. I want george's permissions to be restricted.

Has the rssh functionality, or lack thereof, been added to some other shell? :?: Should I just focus on limiting george by working with the normal file ownership, and file mode permissions? :?:
Last edited by hankivy on Oct 15th, '15, 08:50, edited 1 time in total.
hankivy
 
Posts: 128
Joined: May 19th, '14, 20:36
Top

Re: rssh - Shell restricted to scp, rsync

Postby doktor5000 » Oct 13th, '15, 23:40

Well, you do not necessarily need an actual login shell if you only want to scp and rsync via ssh.

And actually rssh is not contained in CentOS since 5.2 - with last release dating back to 2010, I'm not sure that this would be a good way if you want a secure system.

It's also easily possible to restrict an ssh keypair to only allow one or a few specific commands with predefined arguments,
and also disable most other ssh features that you don't need for only using rsync/scp to copy backups back and forth.

See e.g. http://serverfault.com/questions/83856/ ... -using-ssh
or http://www.guyrutenberg.com/2014/01/14/ ... -to-rsync/ for some pointers on alternatives.
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 18018
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany
Top

Re: [SOLVED] rssh - Shell restricted to scp, rsync

Postby hankivy » Oct 15th, '15, 08:51

Thank you. You response was on target, as usual. :D
hankivy
 
Posts: 128
Joined: May 19th, '14, 20:36
Top
Post a reply

Return to Advanced support

Who is online

Users browsing this forum: No registered users and 1 guest

Powered by phpBB® Forum Software © phpBB Group