Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Simple scriptlet for parsing incoming SSH commands to either reject if they don't match the desired value or else escalate (via SUDO) if they do match
#! /bin/bash
# Exits if command not rsync.
# Escalates to root via sudo if rsync.
case "$SSH_ORIGINAL_COMMAND" in
*\&*|*\|*|*\;*|*\>*|*\<*|*\!*)
exit 1
;;
/usr/bin/rsync\ --server\ --sender*)
sudo $SSH_ORIGINAL_COMMAND
;;
*)
exit 1
;;
esac
@miend

This comment has been minimized.

Copy link
Owner Author

commented Sep 17, 2012

"The intention is for bare-metal rsync backups by non-root user SSH in a secure fashion (i.e.; keypair + IP restriction + command restriction). So backup.company.com can run rsync@whateverhost and pull down everything thusly. (This is for rsnapshot in my home env.)"

~ Logos01

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.