This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
linux:network:ssh [2016/10/27 23:17] tkilla [SFTP] |
linux:network:ssh [2021/03/29 01:18] (current) tkilla [rrsync] |
||
---|---|---|---|
Line 6: | Line 6: | ||
Generate a (4096 bits long) private+public -key-pair on the local machine. To generate a key without password, just press enter: | Generate a (4096 bits long) private+public -key-pair on the local machine. To generate a key without password, just press enter: | ||
+ | |||
+ | Modern ssh supports elliptical curve keys (Ed25519 keys have a fixed length): | ||
+ | ssh-keygen -t ed25519 | ||
+ | |||
+ | Old rsa key: | ||
ssh-keygen -b 4096 | ssh-keygen -b 4096 | ||
+ | |||
Find the public key in **~/ | Find the public key in **~/ | ||
Line 171: | Line 177: | ||
inside the container and restart ssh. | inside the container and restart ssh. | ||
+ | ===== rrsync ===== | ||
+ | |||
+ | Restricted rsync Setup - rrsync will be the only allowed Command. | ||
+ | Run rsync as usual, but the Destination Path on remote Server will be prefixed with the Path defined in authorized_keys | ||
+ | |||
+ | mcedit / | ||
+ | # prefix key with something like: | ||
+ | from="< | ||
+ | |||
+ | |||
+ | cp / | ||
+ | chmod +x / | ||
+ | chown root:root / | ||
+ | |||
+ | |||
+ | OLD jessie: | ||
+ | gunzip / | ||
+ | chmod +x / | ||
+ | chown root:root / |