During my migration (see previous post) I was faced with setting up backups again (I could have implemented it like the previous server, but I wanted to review the process and decided to change it). This time I wanted to use a program to restrict ssh-access, because I want automated copying with rsync, so I needed a passphrase-less ssh-key. This is what I did with the previous setup, but no further restrictions. I wanted to change this because I don’t have a seperate account for backups this time.
From before I remembered a program that could restrict commands, but I forgot the name, so fo r future reference I write this post. The program is called ‘authprogs’ and can be found here.
I like this program, because you can specify (with a config file) which hosts are able to do which commands, and it logs (and outputs to the user) commands that are rejected, so you can try your command and copy-paste it into the configuration.