[CentOS] securing rsync over ssh

Kai Schaetzl maillists at conactive.com
Tue Jul 29 16:31:17 UTC 2008


I want to secure some remote rsyncs over ssh by using the command= option 
in .authorized_keys.
As I understand I can use only the full command there, as it is not a list 
of "allowed commands" but the command that will be executed when logging 
in with this key.
Now, I'm running several rsync commands on individual directories in the 
root, not just one command. I do that to pull different exclude lists in. 
I want to exclude nothing in some directories and a few different things 
in other directories. rsyncing per /rooted directory seems to be the 
cleanest and easiest way. All other combinations of complicated 
exclude/include lists may have unexpected results.
I thought about putting the remote command in a shell script. However, I 
think this won't work as each rsync on the remote side will be executed 
with the first rsync command in the script on the local side.
Is there a solution (besides using several keys or so)?

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com






More information about the CentOS mailing list