[TriLUG] SSH root limitation
Mark Turner
markt at siteseers.net
Tue Oct 22 14:09:53 EDT 2002
Michael Thompson wrote:
> OR: How can I use sudo to allow a regular user to rsync directories from
> remote servers with root privileges? I need to backup files that are only
> readable by root. My rsync scripts run from the backup server, this way
> we can keep the admin down to one machine...
1. Set PermitRootLogin in /etc/ssh/sshd_config to "forced-commands-only"
2. Create a publickey for root with no passphrase.
3. Lock down what rsync command you want to be run by placing it in the
/root/.ssh/authorized_keys2, such as "command=/usr/bin/rsync -var /home /"
4. Lock down what hosts can use this publickey:
from="backup-server.host.com"
See these pages for a good, step-by-step tutorial:
http://www.scrounge.org/linux/rsync.html
http://linuxmafia.com/~rick/linux-info/ssh-publickey-process
--
Mark Turner, N4JMT Siteseers Inc.
www.markturner.net Open Source Solutions
www.siteseers.net
More information about the TriLUG
mailing list