I successfully setup the script and wanted to secure the setup for production.
I reach my source via ssh and backup all of the system. Therefore I wanted to set a forced command in the authorized keys file on the source side to only allow the needed rsync-command.
This doesn't work, because the script tries to execute some other commands beforehand.
It would be nice if this use case could be covered by the script as well.
I helped myself for the time being by changing the script to not run other commands via ssh for the time being:
fn_run_cmd_src() {
if [ -n "$SSH_SRC_FOLDER_PREFIX" ]
then
# eval "$SSH_CMD '$1'"
true
else
eval $1
fi
}
If there should be no need for a script on the source side to put into command= to check the commands to be run, the only option I see is something like letting the user create a keypair for each operation that is needed.
These keys could be given on the command line like rsync_tmbackup.sh -i <rsync-key> --test-key <test command key> --df-key <key to run df command> ... or the script could just look for these keys at <rsync-key>.<command-name>.
Maybe there's no good way to solve this for the general usage of the script...
Thanks for the wonderful script!
I successfully setup the script and wanted to secure the setup for production.
I reach my source via ssh and backup all of the system. Therefore I wanted to set a forced command in the authorized keys file on the source side to only allow the needed rsync-command.
This doesn't work, because the script tries to execute some other commands beforehand.
It would be nice if this use case could be covered by the script as well.
I helped myself for the time being by changing the script to not run other commands via ssh for the time being:
If there should be no need for a script on the source side to put into
command=to check the commands to be run, the only option I see is something like letting the user create a keypair for each operation that is needed.These keys could be given on the command line like
rsync_tmbackup.sh -i <rsync-key> --test-key <test command key> --df-key <key to run df command> ...or the script could just look for these keys at<rsync-key>.<command-name>.Maybe there's no good way to solve this for the general usage of the script...