Command for Rsync over SSH
Common Syntax for Rsync:
# rsync [options] Source Destinations.
Set up a secure backup with rsync + SSH of one system to the other.
backup.example.com# rsync -avz --numeric-ids --delete root@myserver.example.com:/path/ /backup/myserver/
To do the backup, you have to be root on the remote server, because some files are only root readable.
Problem: you will allow backup.example.com to do anything on myserver.example.com, where just read only access on the directory is sufficient.
Then, use the command=""
directive in the authorized_keys
file to filter the command.
Find this command, start rsync adding the -e'ssh -v'
option:
rsync -avz -e'ssh -v' --numeric-ids --delete root@myserver.example.com:/path/ /backup/myserver/ 2>&1 | grep "Sending command"
Result like:
debug1: Sending command: rsync --server --sender -vlogDtprze.iLsf --numeric-ids . /path/
Now, just add the command before the key in /root/.ssh/authorized_keys
:
command="rsync --server --sender -vlogDtprze.iLsf --numeric-ids . /path/" ssh-rsa AAAAB3NzaC1in2EAAAABIwAAABio......
And for even more security, add an IP filter, and other options:
from="backup.example.com",command="rsync --server --sender -vlogDtprze.iLsf --numeric-ids . /path/",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-rsa AAAAB3NzaC1in2EAAAABIwAAABio......
Now try to open a ssh shell on the remote server.. and try some unauthorized rsync commands…
As the demand for virtual private servers (VPS) continues to grow, businesses and individuals are faced with a crucial decision:…
Web hosting is a large industry, as many other factors help any web hosting provider to form a company. The…
Welcome to the complete guide to WordPress security best practices in 2024. As technology evolves rapidly, implementing strong security measures…
Hey, wanted to learn about web hosting? Or do you want to start a new website and need hosting? Questions…
In today's digital world, the threat of DDoS attacks has become increasingly prevalent. These types of attacks have the power…