Added first version

2021-03-09 21:21:44 +01:00 · 2021-03-09 21:21:44 +01:00 · da6cdadf6c
commit da6cdadf6c
parent 38b0fa8a52
2 changed files with 36 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -1 +1,12 @@
-# rsnapshothelper
+# rsnapshothelper
+combination of:
+- https://serverfault.com/questions/749474/ssh-authorized-keys-command-option-multiple-commands
+- https://www.virtono.com/community/tutorial-how-to/restrict-executable-ssh-commands-with-authorized-keys/
+
+add your public key on target server like: command="/root/rsnapshothelper.sh" ...........
+
+Can be used for more than just rsnapshot.
+
+Could be improved by reading a ini, yaml, use regex, etc. Feel free!
+
+Have fun
--- a/rsnapshothelper.sh
+++ b/rsnapshothelper.sh
@ -0,0 +1,24 @@
+#!/bin/sh
+if  [ -n "$SSH_ORIGINAL_COMMAND"  ]
+then
+        #echo  "$(/bin/date): $SSH_ORIGINAL_COMMAND" >> $HOME/rsnapshothelper.log
+        case "$SSH_ORIGINAL_COMMAND" in
+                "rsync --server --sender -vlogDtprRe.iLsfxC --numeric-ids . /opt")
+                echo  "$(/bin/date): OK: $SSH_ORIGINAL_COMMAND" >> $HOME/rsnapshothelper.log
+                exec $SSH_ORIGINAL_COMMAND
+                ;;
+        "rsync --server --sender -vlogDtprRe.iLsfxC --numeric-ids . /etc")
+                echo  "$(/bin/date): OK: $SSH_ORIGINAL_COMMAND" >> $HOME/rsnapshothelper.log
+                exec $SSH_ORIGINAL_COMMAND
+                ;;
+        "mysqldump --all-databases")
+                echo  "$(/bin/date): OK: $SSH_ORIGINAL_COMMAND" >> $HOME/rsnapshothelper.log
+                exec $SSH_ORIGINAL_COMMAND
+                ;;
+        *)
+                echo  "$(/bin/date): VIOLATION: $SSH_ORIGINAL_COMMAND" >> $HOME/rsnapshothelper.log
+                echo "Access denied"
+                exit 1
+                ;;
+        esac
+fi