- put "restrict_commands.sh" in /usr/local/bin and make it executable
- install ts, lzop and optionally mbuffer
useradd zfsbackup --create-home --system
mkdir /home/zfsbackup/.ssh
zfs allow -u zfsbackup send,hold tank/dataset
echo 'restrict,command="restrict_commands.sh" ssh-ed25519 ...' > /home/zfsbackup/.ssh/authorized_keys
chown zfsbackup:zfsbackup /home/zfsbackup/.ssh -R
run cronjob with:
syncoid --no-sync-snap --no-privilege-elevation --sendoptions=Rw zfsbackup@target:tank/dataset tank/dataset
Hi @danboid, you're right about the need to create the home directory. I added the switch to this gist.
About your use case:
I run it the same way you do, so the cronjob runs as root.
The zfsbackup user has to be created on the system that should be backed up. I clarified that in the README.md.
That also means that the "zfs allow" commands have to be issued on the machine that should be backed up.
I think your problem is the ssh connection itself, and has nothing to do with sanoid. Did you create the user on the remote system?
Also, if you add the "restrict" command script in zfsbackup's home dir, you have to make sure it is executable and on the PATH (or add the full path to the script in authorized_keys).