On Thu, May 28, 2015 at 04:02:19PM -0700, Rick Stevens wrote: > On 05/28/2015 03:38 PM, Suvayu Ali wrote: > >Hi Alan, > > > >Please do not top post (please read the mailing list guidelines at the > >bottom of each message). > > > >On Thu, May 28, 2015 at 02:14:16PM -0700, Alan Evans wrote: > >>On Thu, May 28, 2015 at 1:59 PM, Dustin Kempter <dustink@xxxxxxxxxxxxxxxxxxx > >>>wrote: > >> > >>>Hi all, Ive been looking into a way to run rsync from server1 to server2 > >>>using ssh-keys > >>>but not allowing the user from server 1 to login to server2 or to run any > >>>other commands > >>>only rsync. Ive seen a few postings of how to do it, where they add a > >>>command=“some command” line in the .ssh/authorized_keys file. But I can’t > >>>seem see the same result even when I copy and paste what they had. Any > >>>advice or help would > >>>be greatly appreciated. > >> > >>google "ssh-keygen". You will find things like: > >>http://www.linuxproblem.org/art_9.html and similar. > > > >I believe the OP already tried that. He mentions .ssh/authorized_keys > >in the email. > > > >Dustin, I have faced this problem too! For some reason the > >command='somecommand' trick does not work. I think some magic > >incantation is missing from the docs. I would also like to know the > >answer to this. > > It absolutely works. The trick is that the ~username/.ssh/authorized_keys > file entries should look like: > > command="ls -l /var" ssh-dss AAAAB3NzaC1kc3MAAACBAJKaULZpo3CiH2Nep14S1IZ6mhc4UkSAX0oWdYNvjH9gRzrFAXNT/Ha0xSTu6ZxPdn8zfpLZiJXxy28aP4XtzwiTIaTPG0VuUUJA1R8VJKqzBi2AMXf1sG3q+5UmCsfKaE3Eb3+7kotOsThaWNvcKuMI12kB0L6e2DT4PCZDtK7rAAAAFQCfGok/B1rqLMi3Tm4IiqMWVUXh/QAAAIBxUWgS0N3ez5ohA86V/atkG3yKoi10r0kGUE6uzLEEOH8A+ftyRrMfkUm2EAKLH29u8Eaq6h7wwmtzDQsYrn8nBN6J6DimpOMmB4FnYwELVh2Dl8xcaNiQJJxeWdlUJO6imwvZskZI1LKfNhs4l40hx1vSDkoRI8BNIncXoUbz7QAAAIAv79gtfuKrlx9Ygr+t/Tj7YGP8z6wKYdA/3Of6LdIQ3N9r4p39WIkBPuOyC+UO7cO9/odo+yu+mCeJ8M0ABBcIGQdjx9LRVtin5QrETRZ7dKeUhSTnCvB1iVl0tXxH7aX5VTe0lmGawC3NXfwcsNy6ceGqHLyL9BiV9BbxQtp4KQ== > root@xxxxxxxxxxxxxxxxxxxxxxx I think the magic incantation for me was command="somecommand" is actually the whole command, with all the arguments. From the man page, this wasn't clear to me. I was trying to setup passwordless root login with PermitRootLogin set to forced-commands-only for backups with rsnapshot. Btw, to allow multiple commands from the same host, I guess I should have multiple lines for the same public key? Also, any ideas what should be the command to allow rsnapshot backups? I guess I need to figure out what are the arguments passed onto rsync by rsnapshot, and in which order. Thanks a lot Rick! -- Suvayu Open source is the future. It sets us free. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
