ssh-keygen -t dsa -b 1024 -f ssh_key
cd ~ if [ ! -d .ssh ]; then mkdir .ssh ; chmod 700 .ssh ; fi cd .ssh/ if [ ! -f authorized_keys ]; then touch authorized_keys ; chmod 600 authorized_keys ; fi
scp /root/.ssh/ssh_key.pub backup@remotehost:/home/backup/.ssh
cat ssh_key.pub >> authorized_keys
from="localhost IP",command="/home/backup/.ssh/validate-rsync.sh"
#!/bin/sh logfile="/home/backup/.ssh/validate-rsync.log" date >> $logfile echo $SSH_ORIGINAL_COMMAND >> $logfile case "$SSH_ORIGINAL_COMMAND" in *\&*) echo "Rejected" >> $logfile sudo -l >> $logfile ;; *\;*) echo "Rejected" >> $logfile sudo -l >> $logfile ;; sudo\ rsync*) $SSH_ORIGINAL_COMMAND ;; *) echo "Rejected" >> $logfile sudo -l >> $logfile ;; esac
chmod 600 * chmod +x validate-rsync.sh
backup ALL= NOPASSWD:/usr/bin/rsync
Host remotehost-backup Hostname remoteIPorDomain IdentityFile /root/.ssh/ssh_key
rsync --rsync-path="sudo rsync" -avz -e "ssh -i /root/.ssh/ssh_key" backup@remotehost:/root ./
© 2003-24 iNeta d.o.o. | Koroška cesta 31, SI-4000 Kranj | info@ineta.si | Pravno obvestilo
Powered by BravoCMS