Breaking change in ssh_filter_btrbk.sh ?

[jph76]

Hi there,

I used btrbk to backup subvolumes from a Debian 11 amd64 client to a server running Raspberry Pi 4 running Rasbian = Raspberry Pi OS 11. Both had the same version 0.27.1 of btrbk and I used ssh_filter_btrbk.sh to sanitize ssh usage on the server.

This worked fine until I upgraded the client to Debian 12 and btrbk 0.32.5. Now, ssh_filter_btrbk.sh will refuse access.

btrbk configuration on the client is as follows:

volume /srv/backup
  target send-receive ssh://some.server.invalid:8022/srv/btrbk
  subvolume @borgbackup
  subvolume @duplicity

On the server side, authorized_keys looks like this:

command="/usr/share/btrbk/scripts/ssh_filter_btrbk.sh --target --delete --restrict-path /srv/btrbk" ssh-rsa AAA...

Now ssh_filter_btrbk.sh has started rejecting commands:

root@client:~# btrbk -c /etc/btrbk/btrbk.conf list
WARNING: Skipping target "some.server.invalid[8022]:/srv/btrbk": Failed to fetch subvolume detail
WARNING: ... Command execution failed (exitcode=1)
WARNING: ... sh: ssh -p 8022 -i '/root/.ssh/id_rsa' root@some.server.invalid 'btrfs subvolume list -a -c -u -q -R '\''/srv/btrbk'\'''
WARNING: ... ssh_filter_btrbk.sh: ssh command rejected: disallowed command (restrict-path: "/srv/btrbk"): btrfs subvolume list -a -c -u -q -R '/srv/btrbk'
WARNING: Skipping target "some.server.invalid[8022]:/srv/btrbk": Failed to fetch subvolume detail
WARNING: ... Command execution failed (exitcode=1)
WARNING: ... sh: ssh -p 8022 -i '/root/.ssh/id_rsa' root@some.server.invalid 'btrfs subvolume list -a -c -u -q -R '\''/srv/btrbk'\'''
WARNING: ... ssh_filter_btrbk.sh: ssh command rejected: disallowed command (restrict-path: "/srv/btrbk"): btrfs subvolume list -a -c -u -q -R '/srv/btrbk'
...

Is this assumed to happen? Is there some breaking change between 0.27.1 and 0.35.2?

[jph76]

Example above shows output from btrbk list; backup creation will fail, too:

user@client:~$ journalctl -u btrbk -S -1d
...
Jul 24 20:54:59 client systemd[1]: Starting btrbk.service - btrbk backup...
Jul 24 20:55:03 client btrbk[410269]: ERROR: Failed to send/receive subvolume: /srv/backup/_btrbk_snap/@borgbackup.20230724T2017 [/srv/backup/_btrbk_snap/@borgbackup.20230717_3] -> some.server.invalid[8022]:/srv/btrbk/@borgbackup.20230724T2017
Jul 24 20:55:03 client btrbk[410269]: ERROR: ... Command execution failed (exitcode=1)
Jul 24 20:55:03 client btrbk[410269]: ERROR: ... sh: btrfs send -p '/srv/backup/_btrbk_snap/@borgbackup.20230717_3' '/srv/backup/_btrbk_snap/@borgbackup.20230724T2017' | mbuffer -v 1 -q -m 256m | ssh -p 8022 -i '/root/.ssh/id_rsa' root@some.server.invalid 'btrfs receive '\''/srv/btrbk/'\'''
Jul 24 20:55:03 client btrbk[410269]: ERROR: ... ssh_filter_btrbk.sh: ssh command rejected: disallowed command (restrict-path: "/srv/btrbk"): btrfs receive '/srv/btrbk/'
Jul 24 20:55:03 client btrbk[410269]: ERROR: ... failed to read stream from kernel: Broken pipe
Jul 24 20:55:03 client btrbk[410269]: ERROR: ... failed to check target subvolume: some.server.invalid[8022]:/srv/btrbk/@borgbackup.20230724T2017
Jul 24 20:55:03 client btrbk[410269]: ERROR: ... Command execution failed (exitcode=1)
Jul 24 20:55:03 client btrbk[410269]: ERROR: ... sh: ssh -p 8022 -i '/root/.ssh/id_rsa' root@some.server.invalid 'btrfs subvolume show '\''/srv/btrbk/@borgbackup.20230724T2017'\'''
Jul 24 20:55:03 client btrbk[410269]: ERROR: ... ssh_filter_btrbk.sh: ssh command rejected: disallowed command (restrict-path: "/srv/btrbk"): btrfs subvolume show '/srv/btrbk/@borgbackup.20230724T2017'
Jul 24 20:55:03 client btrbk[410269]: ERROR: Error while resuming backups, aborting

[digint]

There certainly were some changes, see ChangeLog. Do you run ssh_filter_btrbk.sh from 0.27.1 or 0.32.5? Newer version should be backwards compatible (but sadly this is hard to test, can't say for sure, especially when changing from ancient version).

[jph76]

We Debian users don’t say “ancient”, we prefer the term “stable”. :wink:

I’m running ssh_filter_btrbk.sh on a box with btrbk 0.27.1 (Raspbian 11). The other box ssh’ing into there runs btrbk 0.32.5 (Debian 12).

It’s not much of an issue, I expect Raspbian 12 to be released soon.

[jph76]

Update: ssh_filter_btrbk.sh from 0.32.5 seems to work on the remote box with btrbk 0.27.1, so this is probably a non-issue.

Thank you for your assistance and have a nice weekend!