1 |
>> I created the backup users and everything works as long as the backup |
2 |
>> users have shells on the backup server and are listed in AllowUsers in |
3 |
>> /etc/ssh/sshd_config on the backup server. Did I do something wrong |
4 |
>> or should the backup users need shells and to be listed in AllowUsers? |
5 |
> |
6 |
> I'm not too familiar with rsync backups. A shell might be required, but if you |
7 |
> set the command run on the server-side in the "authorized_keys" it should |
8 |
> prevent any other command from being run. |
9 |
|
10 |
I'm actually talking about rdiff-backup. I'm prompted for a password |
11 |
if the backup user doesn't have a shell. Are you able to rdiff-backup |
12 |
without a shell on the backup server? |
13 |
|
14 |
>> Should I set up any extra restrictions for them in sshd_config? |
15 |
> |
16 |
> I have disabled all password-logins and only allow shared-key logins. |
17 |
|
18 |
I want to be prompted for a password with my normal user but I want |
19 |
the backup users to be restricted. I tried |
20 |
'ChallengeResponseAuthentication no' within a Match block for a backup |
21 |
user but ChallengeResponseAuthentication isn't allowed in a Match |
22 |
block. Are my options to restrict all users or none? |
23 |
|
24 |
- Grant |