Restricting Rsync and SSH ![[WWW]](/wiki/rightsidebarsmaller/img/moin-www.png){kind=small}
http://www.jdmz.net/ssh/
validate-rsync
#!/bin/sh
case "$SSH_ORIGINAL_COMMAND" in
*\&*)
echo "Rejected"
;;
*\(*)
echo "Rejected"
;;
*\{*)
echo "Rejected"
;;
*\;*)
echo "Rejected"
;;
*\<*)
echo "Rejected"
;;
*\`*)
echo "Rejected"
;;
rsync\ --server\ -vlogDtpr*)
$SSH_ORIGINAL_COMMAND
;;
rsync\ --server\ -logDtpr*)
$SSH_ORIGINAL_COMMAND
;;
*)
echo "Rejected"
#echo $SSH_ORIGINAL_COMMAND > /tmp/ssh_log
;;
esac
.authorized_keys (example)
from="192.168.0.1",command="/root/bin/validate-rsync", no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-dss AAAAB3NzaC1kc3MAAACBANl6R8uJs03N+XAl5hRn+ELG5/zR0eNUV427BnSc1QXs root@example.com