Differences

This shows you the differences between two versions of the page.

--- linux:network:ssh [2016/10/27 23:16]
tkilla [setup a tunnel]
+++ linux:network:ssh [2021/03/29 01:18] (current)
tkilla [rrsync]
@@ Line 6: / Line 6: @@
 Generate a (4096 bits long) private+public -key-pair on the local machine. To generate a key without password, just press enter:
+Modern ssh supports elliptical curve keys (Ed25519 keys have a fixed length):
+  ssh-keygen -t ed25519
+Old rsa key:
   ssh-keygen -b 4096
 Find the public key in **~/.ssh/id_rsa.pub**
@@ Line 118: / Line 124: @@
   #...
   Match group sftp
-  ChrootDirectory /var/www/%u
+    ChrootDirectory /var/www/%u
-  X11Forwarding no
+    X11Forwarding no
-  AllowTcpForwarding no
+    ForceCommand internal-sftp
-  ForceCommand internal-sftp
+    # you can allow tunneling here, if you like:
+    AllowTcpForwarding yes
+    PermitOpen 192.168.10.10:3306
+    # or permit it:
+    AllowTcpForwarding no
 alternative setup - use the homedir from /etc/passwd as chroot-dir:
@@ Line 164: / Line 177: @@
 inside the container and restart ssh.
+===== rrsync =====
+Restricted rsync Setup - rrsync will be the only allowed Command.
+Run rsync as usual, but the Destination Path on remote Server will be prefixed with the Path defined in authorized_keys
+  mcedit /root/.ssh/authorized_keys
+  # prefix key with something like:
+  from="<IP>",command="$HOME/bin/rrsync /home/",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-ed25519
+  cp /usr/share/doc/rsync/scripts/rrsync /root/bin/
+  chmod +x /root/bin/rrsync
+  chown root:root /root/bin/rrsync
+OLD jessie:
+  gunzip /usr/share/doc/rsync/scripts/rrsync.gz -c > /root/bin/rrsync
+  chmod +x /root/bin/rrsync
+  chown root:root /root/bin/rrsync

fr33.info

User Tools

Site Tools

Differences

Page Tools