| 1 |
>> I created the backup users and everything works as long as the backup |
| 2 |
>> users have shells on the backup server and are listed in AllowUsers in |
| 3 |
>> /etc/ssh/sshd_config on the backup server. Did I do something wrong |
| 4 |
>> or should the backup users need shells and to be listed in AllowUsers? |
| 5 |
> |
| 6 |
> I'm not too familiar with rsync backups. A shell might be required, but if you |
| 7 |
> set the command run on the server-side in the "authorized_keys" it should |
| 8 |
> prevent any other command from being run. |
| 9 |
|
| 10 |
I'm actually talking about rdiff-backup. I'm prompted for a password |
| 11 |
if the backup user doesn't have a shell. Are you able to rdiff-backup |
| 12 |
without a shell on the backup server? |
| 13 |
|
| 14 |
>> Should I set up any extra restrictions for them in sshd_config? |
| 15 |
> |
| 16 |
> I have disabled all password-logins and only allow shared-key logins. |
| 17 |
|
| 18 |
I want to be prompted for a password with my normal user but I want |
| 19 |
the backup users to be restricted. I tried |
| 20 |
'ChallengeResponseAuthentication no' within a Match block for a backup |
| 21 |
user but ChallengeResponseAuthentication isn't allowed in a Match |
| 22 |
block. Are my options to restrict all users or none? |
| 23 |
|
| 24 |
- Grant |
Archives