- put "restrict_commands.sh" in /usr/local/bin and make it executable
- install ts, lzop and optionally mbuffer
useradd zfsbackup --create-home --system
mkdir /home/zfsbackup/.ssh
zfs allow -u zfsbackup send,hold tank/dataset
echo 'restrict,command="restrict_commands.sh" ssh-ed25519 ...' > /home/zfsbackup/.ssh/authorized_keys
chown zfsbackup:zfsbackup /home/zfsbackup/.ssh -R
run cronjob with:
syncoid --no-sync-snap --no-privilege-elevation --sendoptions=Rw zfsbackup@target:tank/dataset tank/dataset
Sorry I'm kind of new to github, but I wanted to make a few suggestions
On the readme.md file
please add
mkdir /home/zfsbackup/.ssh
else the
echo 'restrict,command="restrict_commands.sh" ssh-ed25519 ...' > /home/zfsbackup/.ssh/authorized_keys
fails.On the restrict_commands.sh:
There is no mention where to place this file, I ended up creating a .local/bin folder in the zfsbackup user's home path
mkdir -p /home/zfsbackup/.local/bin
and adding that path in line 2 of the restrict_commands.sh so that it reads
export PATH=$PATH:$HOME/.local/bin:/usr/sbin
instead of
export PATH=/usr/sbin:$PATH
Finally, if the restrict_commands.sh file fails with unknown command on line 26 error, it is because it is likely missing the
ts
commandso in order to fix that I installed moreutils
apt-get install moreutils
NOTE: just to be on the safe side it may be useful to ensure the user zfsbackup has permission to the folders we created on his home folder,
so to be safe run
chown zfsbackup:zfsbackup /home/zfsbackup --recursive