File: zsnapd-rcmd.README.Debian

package info (click to toggle)
zsnapd 0.8.12-1
  • links: PTS
  • area: contrib
  • in suites: bullseye, sid
  • size: 328 kB
  • sloc: python: 1,657; sh: 19; makefile: 16
file content (36 lines) | stat: -rw-r--r-- 1,572 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
zsnapd-rcmd for Debian
----------------------

Remote sshd command checker for ZFS Snapshot Daemon

ZFS Snapshot Daemon is written in python, and it can remotely manage ZFS
snapshotting and backup from a central back up server.  This is the
security plugin command for sshd that implements ForceCommand functionality,
or the command functionality in the .ssh/authorized_keys file (See 
the sshd_config(8) and sshd(8) man pages respectively).

It executes commands from the SSH_ORIGINAL_COMMAND variable after checking
them against a list of configured regular expressions. 

Edit the zsnapd-rcmd.conf files in /etc/zsnapd, to set up the check regexps
for the remote preexec, postexec, and replicate_postexec commands.  Settings
are also available for 10 extra remote commands, labeled rcmd_aux0 - rcmd_aux9

Read the sshd(8) manpage on the ForceCommand setting, and the sshd(8) manpage
on the /root/.ssh/authorized_keys file, command entry for the remote pub key
for zsnapd access.

Example .ssh/authorized_keys entry (single line - unline wrap it):

no-pty,no-agent-forwarding,no-X11-forwarding,no-port-forwarding,
command="/usr/sbin/zsnapd-rcmd" ssh-rsa AAAABBBBBBBBCCCCCCCCCCCCC
DDDDDDDD== root@blah.org

Hint: command line arguments can be given, such as a different config file,
and debug level:

no-pty,no-agent-forwarding,no-X11-forwarding,no-port-forwarding,
command="/usr/sbin/zsnapd-rcmd -c /etc/zsnapd/my-rcmd.conf --debug 3" 
ssh-rsa AAAABBBBBBBBCCCCCCCCCCCCCDDDDDDDD== root@blah.org

 -- Matthew Grant <matt@mattgrant.net.nz>  Tue, 27 Jan 2019 14:13:00 +1300