Migrate the web sites over to the new server.

[myles]

I want to create a new user, deploy, to make it easier for people to deploy the web site. I want it to do that thing where it can only do one command (in this case rsync to the directory /srv/www) and people will just send us the SSH keys.

[myles]

Something like this in the ~/.ssh/authorized_keys would work: no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="/usr/bin/rsync ${SSH_ORIGINAL_COMMAND#* }" ssh-rsa AAAAB3NzA..Dxq= user@fromserver.example.com.

Found here: http://larstobi.blogspot.ca/2011/01/restrict-ssh-access-to-one-command-but.html

[cbbrowne]

That broadly sounds apropos. The second question is where we check in the authorized_keys data... That seems likely to be data that doesn't need to be kept super-private, so for ~/.ssh/authorized_keys to be populated into a git repo, whether authoritatively (e.g. - where changes to that get pushed into place on the web server), or just as a backup (e.g. - where a script copies ~/.ssh/authorized_keys and ~/ssh/config into $HOME/backup-various-stuff/ssh)

[myles]

See #34 for how the simplified deploy will work.